[Senate Hearing 115-418] [From the U.S. Government Publishing Office] S. Hrg. 115-418 FOREIGN CYBER THREATS TO THE UNITED STATES ======================================================================= HEARING BEFORE THE COMMITTEE ON ARMED SERVICES UNITED STATES SENATE ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION __________ JANUARY 5, 2017 __________ Printed for the use of the Committee on Armed Services [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.Govinfo.gov/ __________ U.S. GOVERNMENT PUBLISHING OFFICE 33-940 PDF WASHINGTON : 2019 ----------------------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected]. COMMITTEE ON ARMED SERVICES JOHN McCAIN, Arizona, Chairman JAMES M. INHOFE, Oklahoma JACK REED, Rhode Island ROGER F. WICKER, Mississippi BILL NELSON, Florida DEB FISCHER, Nebraska CLAIRE McCASKILL, Missouri TOM COTTON, Arkansas JEANNE SHAHEEN, New Hampshire MIKE ROUNDS, South Dakota KIRSTEN E. GILLIBRAND, New York JONI ERNST, Iowa RICHARD BLUMENTHAL, Connecticut THOM TILLIS, North Carolina JOE DONNELLY, Indiana DAN SULLIVAN, Alaska MAZIE K. HIRONO, Hawaii DAVID PERDUE, Georgia TIM KAINE, Virginia TED CRUZ, Texas ANGUS S. KING, JR., Maine LINDSEY GRAHAM, South Carolina MARTIN HEINRICH, New Mexico BEN SASSE, Nebraska ELIZABETH WARREN, Massachusetts LUTHER STRANGE, Alabama GARY C. PETERS, Michigan Christian D. Brose, Staff Director Elizabeth L. King, Minority Staff Director (ii) C O N T E N T S _________________________________________________________________ January 5, 2017 Page Foreign Cyber Threats to the United States....................... 1 Lettre, Honorable Marcel J., II, Under Secretary of Defense for 5 Intelligence. Clapper, Honorable James R., Jr., Director of National 7 Intelligence. Rogers, Admiral Michael S., USN, Commander, United States Cyber 10 Command; Director, National Security Agency; Chief, Central Security Services. Questions for the Record......................................... 52 (iii) FOREIGN CYBER THREATS TO THE UNITED STATES ---------- THURSDAY, JANUARY 5, 2017 U.S. Senate, Committee on Armed Services, Washington, DC. The committee met, pursuant to notice, at 9:29 a.m. in Room SD-G50, Dirksen Senate Office Building, Senator John McCain (chairman) presiding. Committee members present: Senators McCain, Inhofe, Wicker, Fischer, Cotton, Rounds, Ernst, Tillis, Sullivan, Graham, Cruz, Reed, Nelson, McCaskill, Shaheen, Gillibrand, Blumenthal, Donnelly, Hirono, Kaine, King, and Heinrich. Other Senators Present: Senators Purdue, Warren, Peters, and Sasse. OPENING STATEMENT OF SENATOR JOHN McCAIN, CHAIRMAN Chairman McCain. Well, good morning, everyone. Before we begin, I want to welcome all our members back to the committee and extend a special welcome to the new members joining us. On the Republican side, we are joined by Senator Purdue and Senator Sasse. On the Democrat side, we are joined by Senator Warren and Senator Peters. It is a special privilege to serve on this committee, most of all because it affords us the opportunity to spend so much time in the company of heroes, the men and women who serve and sacrifice on our behalf every day. I hope you will come to cherish your service on this committee as much as I have over the years, and I look forward to working with each of you. The committee meets this morning for the first in a series of hearings on cybersecurity to receive the testimony on foreign cyber threats to the United States. I would like to welcome our witnesses this morning: James Clapper, Director of National Intelligence; Marcel Lettre, Under Secretary of Defense for Intelligence; and Admiral Mike Rogers, Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service. This hearing is about the range of cybersecurity challenges confronting our Nation, threats from countries like Russia, China, and North Korea and Iran, as well as non-state actors from terrorist groups to transnational criminal organizations. In recent years, we have seen a growing series of cyber attacks by multiple actors, attacks that have targeted our citizens, businesses, military, and government. But there is no escaping the fact that this committee meets today for the first time in this new Congress in the aftermath of an unprecedented attack on our democracy. At the President's direction, Director Clapper is leading a comprehensive review of Russian interference in our recent election with the goal of informing the American people as much as possible about what happened. I am confident that Director Clapper will conduct this review with the same integrity and professionalism that has characterized his nearly half a century of government and Military Service. I am equally confident in the dedicated members of our intelligence community. The goal of this review, as I understand it, is not to question the outcome of the presidential election. Nor should it be. As both President Obama and President-elect Trump have said, our Nation must move forward. But we must do so with full knowledge of the facts. I trust Director Clapper will brief the Congress on his review when it is completed. This is not the time or place to preview its findings. That said, we know a lot already. In October, our intelligence agencies concluded unanimously that, quote, the Russian Government directed compromises of emails from United States persons and institutions, including from United States political organizations. They also assessed that, quote, disclosures of alleged hacked emails were consistent with the methods and motivations of Russian-directed efforts and that these thefts and disclosures were intended to interfere with the United States election process. Since then, our intelligence community has released additional information concerning these Russian activities, including a joint analysis report that provided technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence services to attack the United States. Every American should be alarmed by Russia's attacks on our Nation. There is no national security interest more vital to the United States of America than the ability to hold free and fair elections without foreign interference. That is why Congress must set partisanship aside, follow the facts, and work together to devise comprehensive solutions to deter, defend against and, when necessary, respond to foreign cyber attacks. As we do, we must recognize that the recent Russian attacks are one part of a much bigger cyber problem. Russian cyber attacks have targeted the White House, the Joint Staff, the State Department, our critical infrastructure. Chinese cyber attacks have reportedly targeted NASA, the Departments of State and Commerce, congressional offices, military labs, the Naval War College, and United States businesses, including major defense contractors. Most recently, China compromised over 20 million background investigations at the Office of Personnel Management. Iran has used cyber tools in recent years to attack the United States Navy, United States partners in the Middle East, major financial institutions, and a dam just 25 miles north of New York City. Of course, North Korea was responsible for the massive cyber attack on Sony Pictures in 2014. What seems clear is that our adversaries have reached a common conclusion: that the reward for attacking America in cyberspace outweighs the risk. For years, cyber attacks on our Nation have been met with indecision and inaction. Our Nation has no policy and thus no strategy for cyber deterrence. This appearance of weakness has been provocative to our adversaries who have attacked us again and again with growing severity. Unless we demonstrate that the costs of attacking the United States outweigh the perceived benefits, these cyber attacks will only grow. This is also true beyond the cyber domain. It should not surprise us that Vladimir Putin would think he could launch increasingly severe cyber attacks against our Nation when he has paid little price for invading Ukraine, annexing Crimea, subverting democratic values and institutions across Europe, and of course, helping Bashar Assad slaughter civilians in Syria for more than a year with impunity. The same is true for China, Iran, North Korea, and any other adversary that has recently felt emboldened to challenge the world order. Put simply, we cannot achieve cyber deterrence without restoring the credibility of United States deterrence more broadly. To do so, we must first have a policy, which means finally resolving the long list of basic cyber questions that we as a Nation have yet to answer. What constitutes an act of war or aggression in cyberspace that would merit a military response, be it by cyber or other means? What is our theory of cyber deterrence, and what is our strategy to implement it? Is our Government organized appropriately to handle this threat, or are we so stove-piped that we cannot deal with it effectively? Who is accountable for this problem, and do they have sufficient authorities to deliver results? Are we in the Congress just as stove-piped on cyber as the executive branch such that our oversight actually reinforces problems rather than helping to resolve them? Do we need to change how we are organized? This committee intends to hold a series of hearings in the months ahead to explore these and other questions. We look forward to hearing the candid views of our distinguished witnesses today who have thought about and worked on these questions as much as anyone in our Nation. Senator Reed? STATEMENT OF SENATOR JACK REED Senator Reed. Well, thank you very much, Mr. Chairman. I want to commend you for your leadership in promptly scheduling this hearing on foreign cyber threats. I would also like to welcome our witnesses: Director Clapper, Under Secretary Lettre, and Admiral Rogers. Thank you, gentlemen, for your service and your dedication. While I understand that our witnesses will be discussing the cyber threats that many countries, including China and India, pose to our Nation, I would like to focus for a few minutes on the widely reported instances of Russian hacking and disinformation that raised concerns regarding the election of 2016. In addition to stealing information from the Democratic National Committee and the Clinton campaign and cherry-picking what information it leaked to the media, the Russian Government also created and spread fake news and conspiracies across the vast social media landscape. At the very least, the effect of Russia's actions was to erode the faith of the American people in our democratic institutions. These and other cyber tools remain highly active and engaged in misinforming our political dialogue even today. There is still much we do not know, but Russia's involvement in these intrusions does not appear to be in any doubt. Russia's best cyber operators are judged to be as elusive and hard to identify as any in the world. In this case, however, detection and attribution were not so difficult, the implication being that Putin may have wanted us to know what he had done, seeking only a level of plausible deniability to support an official rejection of culpability. These Russian cyber attacks should be judged within the larger context of Russia's rejection of the post-Cold War international order and aggressive actions against its neighbors. Russia's current leaders, and President Putin in particularly, perceive the democratic movements in the former Soviet states, the West's general support for human rights, press freedoms, the rule of law and democracy, as well as NATO and EU enlargement, as a threat to what they believe is Russia's sphere of influence. Putin's Russia makes no secret of the fact that it is determined to aggressively halt and counter what it characterizes as Western encroachment on its vital interests. The invasion of Georgia, the annexation of Crimea, the aggression against Ukraine featuring sophisticated hybrid warfare techniques, the continuing military buildup despite a declining economy, saber-rattling in the Baltics and Baltic Sea, the authoritarian onslaught against the press, NGOs, and what remains of the Russian democratic opposition, the unwavering campaign for national sovereignty over the Internet, and the creation of an ``iron information curtain'' like China's Great Firewall and its aggressive interference in Western political processes all are of one piece. Russia's efforts to undermine democracy at home and abroad and destabilize the countries on its border cannot be ignored or traded away in exchange for the appearance of comity. Furthermore, what Russia did to the United States in 2016, it has already done and continues to do in Europe. This challenge to the progress of democratic values since the end of the Cold War must not be tolerated. Despite the indifference of some to this matter, our Nation needs to know in detail what the intelligence community has concluded was an assault by senior officials of a foreign government on our electoral process. Our electoral process is the bedrock of our system of government. An effort to manipulate it, especially by a regime with values and interests so antithetical to our own, is a challenge to the Nation's security which much be met with bipartisan and universal condemnation, consequences, and correction. I believe the most appropriate means to conduct an inquiry is the creation of a special select committee in the Senate, since this issue and the solutions to the problems it has exposed spill across the jurisdictional divides of the standing committees on Armed Services, Intelligence, Foreign Relations, Homeland Security, and Judiciary. Failing that, our committee must take on as much of this task as we can, and I again commend the chairman for his commitment to do so. Therefore, I am pleased and grateful that his efforts will be extended, the energy will be invested on the matters that are so critical to the American people. I also want to applaud President Obama's initial steps publicized last week to respond to Russia's hostile actions. General Clapper, Under Secretary Lettre, Admiral Rogers, we appreciate your urgent efforts to discover what happened and why and to make these facts known to the President, the President-elect, Congress, and the American people. Although your investigation and report to President Obama is not yet public, we hope you will be able to convey and explain what has been accomplished so far, including the steps already announced by the President. In addition, I am sure we will have many questions about how we are organized in the cyber domain and what changes you have recommended going forward, subjects that President Obama referenced in his signing statement of the National Defense Authorization Act for Fiscal Year 2017. These are difficult issues, but they are of vital importance to our Nation, our security, and our democracy. Mr. Chairman, I look forward to working with you in a bipartisan manner to conduct a thorough and thoughtful inquiry and to do more to address the cyber threats our Nation faces more broadly by state and non-state actors. Thank you very much. Chairman McCain. Welcome to the witnesses, and Mr. Secretary, we will begin with you for any opening statements or comment you might have. STATEMENT OF HONORABLE MARCEL J. LETTRE II, UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE Mr. Lettre. Thank you, Chairman, Ranking Member Reed, members of the committee. I appreciate the opportunity to be here today. I will shortly turn the microphone over to Director Clapper for some comments, followed by Admiral Rogers. As this is my last appearance before this committee before stepping down from 8 years of Pentagon service in a few weeks, I want to---- Chairman McCain. I am sure you will regret not having that opportunity again. [Laughter.] Mr. Lettre. It will be nice to be skiing a little bit in February. That is for sure. But having said that, since I am just a few weeks from stepping down, I do want to thank this committee for its partnership and I want to thank Director Clapper and Admiral Rogers for the privilege of being able to serve together with them in the leadership of the U.S. intelligence community. To the men and women of the U.S. intelligence community, civilian and military, thousands of whom are deployed today around the world advancing U.S. interests and protecting America, I do admire your integrity. I admire your service. It has been an honor to serve with you over the last many years. In the interest of time, I will briefly note the Department of Defense's views on cyber in three core themes: first, the threats we must address; second, what we are doing to address them now; and third, the difficult but urgent work we know still lies ahead. First, the threats. As you know, the Department of Defense's leadership believes we confront no fewer than five immediate but also distinct and evolving challenges across all operating domains. We are countering the prospect of Russian aggression and coercion, especially in Europe, something we unfortunately we have had to energetically renew our focus on in the last several years. We are also managing historic change in perhaps the most consequential region for America's future, the Asia-Pacific, and watching for risks associated with China's destabilizing actions in the region. We are checking Iranian aggression and malign influence across the Middle East. We are strengthening our deterrent and defense forces in the face of North Korea's continued nuclear and missile provocations. We are countering terrorism with the aim of accelerating the lasting defeat of ISIL [Islamic State of Iraq and the Levant] and al Qaeda. These are what many in the Department of Defense have termed the Four Plus One, four state-based challenges and an ongoing condition of battling terrorism. As our joint written statement for the record has detailed, each of these security challenges, China, Russia, Iran, North Korea, and global terrorist groups such as ISIL, presents a significant cyber threat dimension to the United States military. Cyber is an operating domain that is real, complex, dynamic, contested, and must be addressed. Second, what we are doing about it. The Department of Defense has for several years pursued a comprehensive strategy for maintaining the necessary strategic dominance in this domain. Secretary of Defense Ash Carter has pressed for DOD [Department of Defense] to change, to adapt, and to innovate not only to meet today's challenges but also to ensure that we effectively defend against cyber threats well into an uncertain future. We have built and continue to build the means and methods that will strengthen our relative position against each of these dimensions of the cyber threat. The Government cyber policies, reflected in presidential policy directives and executive orders, provide guidance on the absolute necessity of a whole-of-government approach critical to protecting our Nation. The Department has developed, refined, and published its cyber strategy which clearly lays out three key DOD cyber missions: defending DOD networks, providing cyber options for our military commanders, and when called upon by our Nation's leaders, defending the Nation against cyber attacks of significant consequence. As the Director and Admiral Rogers will note, since 2009, the Department has matured Cyber Command to ensure clear command responsibility and authority and growing capabilities essential to our unity of effort for cyber operations. We also continue to mature our cyber mission forces which this fall achieved initial operating capability, or IOC, status. This force is providing military capability to execute our three missions in cyberspace. We are building new capabilities and new tools for the cyber mission force to use. Third, what remains to be done. As much as we have done, we recognize there is much more to do. Let me mention just a couple of those most important tasks here. First, we need to continue to develop and refine our national cyber policy framework, which includes the evolution of all dimensions of our deterrence posture: the ability to deny the adversary's objectives, to impose costs, and to ensure that we have a resilient infrastructure to execute a multi- domain mission. This refinement in evolution in our deterrent thinking and capability will further empower decision-making at net speed. Second, within the Department, Cyber Command has matured and is doing more to protect the Nation and support global operations than ever before, and we need to continue, in fact, accelerate this maturation. Accordingly, the Secretary of Defense supports the elevation of Cyber Command to a unified combatant command and supports ending the dual hat arrangement for the leadership of NSA [National Security Administration] and Cyber Command and doing so through a deliberate conditions- based approach while continuing to leverage the shared capabilities and synergies. Finally, we must redouble our efforts to deepen partnerships between government and the private sector and between the U.S. Government and our allies. We must continue to seek help from American industry, the source of much of the world's greatest technology talent, in innovating to find cyber defense solutions, build resiliency into our critical infrastructure systems, and strengthen our deterrence. With our international allies and partners, we must work together to promote stability in cyberspace, universal recognition that existing international law applies in cyberspace, and the adoption of voluntary peacetime norms of responsible state behavior. Mr. Chairman, thanks. I look forward to your questions. I will now pass the baton to Director Clapper. Thank you. Chairman McCain. General Clapper? STATEMENT OF HONORABLE JAMES R. CLAPPER, JR., DIRECTOR OF NATIONAL INTELLIGENCE Director Clapper. Chairman McCain, Ranking Member Reed, and distinguished members of the committee, first thanks very much for your opening statements. Obviously, we are here today to talk about cyber threats that face our Nation, and I will offer some brief valedictory recommendations and a few parting observations. I certainly want to take note of and thank the members of the committee who are engaged on this issue and have spoken to it publicly. I know there is a great interest in the issue of Russian interference in our electoral process based on the many classified briefings the intelligence community has already provided on this topic to the Congress. Secretary of Homeland Security Jeh Johnson and I have issued statements about it. The joint analysis report that you alluded to publicly issued by the Department of Homeland Security and the Federal Bureau of Investigation provided details on the tools and infrastructure used by the Russian intelligence services to compromise infrastructure associated with the election, as well as a range of United States Government political and private sector entities, as you described. As you also noted, the President tasked the intelligence community to prepare a comprehensive report on Russian interference in our election. We plan to brief the Congress and release an unclassified version of this report to the public early next week with due deference to the protection of highly sensitive and fragile sources and methods. But until then, we are really not prepared to discuss this beyond standing by our earlier statements. We are prepared to talk about other aspects of the Russian cyber threat. We also see cyber threats challenging public trust and confidence in information services and institutions. Russia has clearly assumed an even more aggressive cyber posture by increasing cyber espionage operations, leaking data stolen from these operations, and targeting critical infrastructure systems. China continues to succeed in conducting cyber espionage against the United States Government, our allies, and United States companies. The intelligence community and the security experts, however, have observed some reduction in cyber activities from China against United States companies since the bilateral September 2015 commitment to refrain from espionage for commercial gain. Iran and North Korea continue to improve their capabilities to launch disruptive or destructive cyber attacks to support their political objectives. Non-state actors, notably terrorist groups most especially including ISIL, also continue to use the Internet to organize, recruit, spread propaganda, raise funds, collect intelligence, inspire action by disciples, and coordinate operations. In this regard, I want to foot stomp a few points that I have made here before. Rapidly advancing commercial encryption capabilities have had profound effects on our ability to detect terrorists and their activities. We need to strengthen the partnership between government and industry and find the right balance to enable the intelligence community and law enforcement both to operate, as well as to continue to respect the rights to privacy. Cyber operations can also be a means to change, manipulate, or falsify electronic data or information to compromise its integrity. Cyberspace can be an echo chamber in which information, ideas, or beliefs, true or false, get amplified or reinforced through constant repetition. All these types of cyber operations have the power to chip away at public trust and confidence in our information, services, and institutions. By way of some observations and recommendations, both the Government and the private sector have done a lot to improve cybersecurity, and our collective security is better but it is still not good enough. Our Federal partners are stepping up their efforts with the private sector but sharing what they have remains uneven. I think the private sector needs to up its game on cybersecurity and not just wait for the Government to provide perfect warning or a magic solution. We need to influence international behavior in cyberspace. This means pursuing more global diplomatic efforts to promulgate norms of behavior in peacetime and to explore setting limits on cyber operations against certain targets. When something major happens in cyberspace, our automatic default policy position should not be exclusively to counter cyber with cyber. We should consider all instruments of national power. In most cases to date, non-cyber tools have been more effective at changing our adversaries' cyber behavior. When we do choose to act, we need to model the rules we want others to follow since our actions set precedents. We also need to be prepared for adversary retaliation, which may not be as surgical, either due to our adversary's skill or the inherent difficulty in calibrating effect and impact of cyber tools. That is why using cyber to counter cyber attacks risks unintended consequences. We currently cannot put a lot of stock, at least in my mind, in cyber deterrence. Unlike nuclear weapons, cyber capabilities are difficult to see and evaluate and are ephemeral. It is accordingly very hard to create the substance and psychology of deterrence in my view. We also have to take some steps now to invest in the future. We need to rebuild trusted working relationships with industry and the private sector on specific issues like encryption and the roles and responsibilities for government, users, and industry. I believe we need to separate NSA and CYBERCOM [Cyber Command]. We should discontinue the temporary dual hat arrangement, which I helped design when I was Under Secretary of Defense for Intelligence 7 years ago. This is not purely a military issue. I do not believe it is in the NSA's or the IC's [intelligence community] long-term best interest to continue the dual hat setup. Third, we must hire, train, and retain enough cyber talent and appropriately fuse cyber as a whole-of-IC workforce. Clearly cyber will be a challenge for the U.S., the intelligence community, and our national security for the foreseeable future, and we need to be prepared for that. Adversaries are pushing the envelope since this is a tool that does not cost much and sometimes is hard to attribute. I certainly appreciate, as we all do, the committee's interest in this difficult and important challenge. I will wrap up by saying after 53 years in the intelligence business in one capacity or another, happily I have just got 15 days left. [Laughter.] Director Clapper. I will miss being involved in the intelligence mission, and I will certainly miss the talented and dedicated patriots who are in the United States intelligence community. I am very proud of the community of professionals I have represented here for the last 6-\1/2\ years who do not get much public recognition and who like it that way. They have always supported me and I am confident they will do no less for my successor, whoever that turns out to be. With that, let me stop and pass to Admiral Rogers. Chairman McCain. Thank you, General. Admiral Rogers? STATEMENT OF ADMIRAL MICHAEL S. ROGERS, USN, COMMANDER, UNITED STATES CYBER COMMAND; DIRECTOR, NATIONAL SECURITY AGENCY; CHIEF, CENTRAL SECURITY SERVICES Admiral Rogers. Chairman McCain, Ranking Member Reed, members of the committee, good morning and thank you for the opportunity to appear before the committee today on behalf of the United States Cyber Command and the National Security Agency. I am honored to appear beside Director Clapper and Under Secretary Lettre and I applaud them both for their many years of public service. It has been a true honor, gentlemen. When we last met in September, I discussed the changing cyber threat environment, and today I look forward to further discussing this complex issue. Of course, some aspects of what we do must remain classified to protect our Nation's security. Today I will limit my discussion to those in the public domain. We have seen over the course of the last year how this cyber threat environment is constantly evolving. We have all come to take for granted the interconnectivity that is being built into every facet of our lives. It creates opportunities and vulnerabilities. Those who would seek to harm our fellow Americans and our Nation utilize the same Internet, the same communications devices, and the same social media platforms that we, our families and our friends here and around the world use. We must keep pace with such changes in order to provide policymakers and our operational commanders the intelligence and cyber capabilities they need to keep us safe. That means understanding our adversaries to the best of our ability and understanding what they mean to do and why. We are watching sophisticated adversaries involved in criminal behavior, terrorism planning, malicious cyber activities, and even outright cyber attacks. While this is a global problem, we have also recently witnessed the use of these tactics here at home. The statement for the record that we have provided jointly to this committee covers the threat picture worldwide, but I know this hearing today will inevitably focus on reports of interference in our recent elections. I echo Director Clapper in saying that we will await the findings of the just-completed intelligence review ordered by the President and defer our comments on its specifics until after that review is shared with our leaders and congressional overseers. I do want to add, however, that over this last year, NSA and Cyber Command have worked extensively with our broader government partners to detect and monitor Russian cyber activity. The hacking of organizations and systems belonging to our election process is of great concern, and we will continue to focus strongly on this activity. For NSA's part, we focus on the foreign threat actor in foreign spaces, but we share our information as readily as possible with the rest of our partners in the Department of Defense, the intelligence community, and Federal law enforcement, as well as others within the U.S. Government and the private sector. As you know, Russian cyber groups have a history of aggressively hacking into other countries' government infrastructure and even election systems. As I have indicated, this will remain a top priority for NSA and U.S. Cyber Command. In this changing threat environment, I would like to take this opportunity to emphasize the importance of improving cybersecurity and working related issues across public and private sectors. We continue to engage with our partners around the world on what is acceptable and unacceptable behavior in cyberspace, and we clearly are not where we want to be, nor where we need to be in this regard. We continue to make investments in technologies and capabilities to improve detection of malicious cyber activities and make it more difficult for malicious cyber actors intending to do us harm. Combating cyber threats take more than technology. It takes talented, motivated people, and we are investing more than ever in the recruitment and retention of a skilled workforce that is knowledgeable, passionate, and dedicated to protecting the Nation for the safety of our citizens and of our friends and allies around the world. Innovation is one of the key tenets of NSA and Cyber Command and we need to invigorate the cyber workforce that think creatively about challenges that do not ascribe to traditional understandings of borders and boundaries. This remains a key driver and a key challenge as we look to the future. Cyber Command is well along in building our cyber mission force, deploying teams to defend the vital networks that support DOD operations, to support combatant commanders in their missions worldwide, and to bolster DOD's capacity and capabilities to defend the Nation against cyber attacks of significant consequence. The organizations I lead, the U.S. Cyber Command and the National Security Agency, have provided intelligence, expert advice, and tailored options to the Nation's decision-makers in response to recent events. Much of their activity can only be discussed in classified channels, but I must say I am proud of what both organizations have accomplished and will accomplish, even as we acknowledge we have to do more. I look forward to your questions. Finally, on one personal note, I apologize to all of you. I have an ongoing back issue, and if I have to stand up in the course of this time period, please do not take that as a sign of disrespect in any way. I guess I am just getting older. That is all I have for you, sir. Chairman McCain. I know how you feel. [Laughter.] [The joint prepared statement of Director Clapper, Mr. Lettre, and Admiral Rogers follows:] Joint Prepared Statement by The Honorable James R. Clapper, The Honorable Marcel Lettre and Admiral Michael S. Rogers introduction Chairman McCain, Vice Chairman Reed, and Members of the Committee thank you for the invitation to offer the testimony of the Department of Defense and the Intelligence Community on cyber threats to U.S. national security. Our statement reflects the collective insights of the Intelligence Community's extraordinary men and women whom we are privileged to lead. We in the Intelligence Community are committed every day to provide the nuanced, multidisciplinary intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America's interests anywhere in the world. The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community. Information available as of 1 January 2017 was used in the preparation of this assessment. joint statement for the record Information and communication technologies play an increasing role in the security of the United States. Cyberspace is both a resource on which our continued security and prosperity depends, and a globally contested medium within which threats manifest themselves. As their cyber capabilities grow, our adversaries are demonstrating a willingness to use cyberspace as a platform for espionage, attack, and influence. Foreign Intelligence Entities continue to quietly exploit our nation's public and private sectors in the pursuit of policy and military insights sensitive research, intellectual property, trade secrets, and personally identifiable information. Cyber threats have already challenged public trust and confidence in global institutions, governance, and norms, while imposing costs on the global economy. These threats pose an increasing risk to public safety, as cyber technologies are integrated with critical infrastructure in key sectors. Adversaries also continue to use cyber operations to undermine U.S. military and commercial advantage by hacking into U.S. defense industry and commercial enterprises. The breadth of cyber threats posed to U.S. national and economic security has become increasingly diverse, sophisticated, and serious, leading to physical, security, economic, and psychological consequences. Despite ever-improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years to come from remote hacking to establish persistent covert access, supply chain operations that insert compromised hardware or software, malicious actions by trusted insiders, and mistakes by system users. In short, the cyber threat cannot be eliminated. Rather, cyber risk must be managed in the context of overall business and operational risk. At present, however, the risk calculus some private and public sector entities employ does not adequately account for foreign cyber threats or systemic interdependencies between different critical infrastructure sectors. We assess that some countries might be willing to explore limits on cyber operations against certain targets, although few are likely to support total bans on the development of offensive capabilities. Many countries view cyber capabilities as a useful foreign policy tool that also is integral to their domestic security, and will continue developing these capabilities. Some also remain undeterred from conducting reconnaissance, espionage, and even preparation for attacks in cyberspace. physical consequences Our adversaries have capabilities to hold at risk U.S. critical infrastructure as well as the broader ecosystem of connected consumer and industrial devices known as the ``Internet of Things.'' Security researchers continue to discover vulnerabilities in consumer products including automobiles and medical devices. Examples of cyber incidents with real world consequences include a cyber attack on a Ukrainian power network in 2015 that caused power outages for several hours and a ``ransomware''--software designed to block a user's access to data sometimes by encrypting it--infection that forced a hospital in the United Kingdom in late 2016 to cancel scheduled medical procedures, divert trauma patients to other hospitals, and impact access to essential services such as blood transfusions. If adversaries achieve the ability to create significant physical effects inside the United States via cyber means, this would provide them new avenues for coercion and deterrence. commercial and security consequences Our adversaries continue to use cyber operations to undermine U.S. military and commercial advantage by hacking into U.S. defense industry and commercial enterprises in the pursuit of scientific, technical, and business information. Examples include theft of data on the F-35 Joint Strike Fighter, the F-22 Raptor fighter jet, and the MV-22 Osprey. This espionage reduces our adversaries' costs and accelerates their weapon systems development programs, enables reverse-engineering and countermeasures development, and undermines U.S. military, technological, and commercial advantage. In addition, adversaries often target personal accounts of government and industry officials as well as their close associates to enable cyber operations. psychological consequences The impact of cyber threats extends beyond the physical, security and commercial realms. Online information operations and manipulation from both states and non-state actors can distort the perceptions of the targeted victim and other audiences through the anonymous delivery of manipulative content that seeks to gain influence or foment confusion and distrust. Information taken through cyber espionage can be leaked intact or selectively altered in content. For example, Russian actors have seeded falsified information into social media and news feeds and websites in order to sow doubt and confusion, erode faith in democratic institutions, and attempt to weaken Western governments by portraying them as inherently corrupt and dysfunctional. cyber policy, diplomacy, and warfare Foreign Cyber Policies. National and domestic security interests are an important component of global Internet policy, as is a robust and stable global digital economy and the free flow of information online. As foreign countries seek to balance security, economic growth, and interoperability objectives, many are implementing new laws and technical changes to monitor and control access to information within and across their borders and to control user access through means such as restrictions on encryption and steps to reduce anonymity online. However, these states will probably not significantly erode the overall global connectivity of the Internet. Furthermore, some state information control efforts will almost certainly be challenged by a broad coalition of states and non-state cyber stakeholders, including innovative technologists, industry leaders, privacy advocates, hackers, and others with an interest in opposing censorship or government control of cyberspace. Diplomacy. In 2015, following a China-United States bilateral joint statement on this issue, G-20 leaders affirmed that that no country should conduct or support cyber-enabled theft of intellectual property with the intent of providing competitive advantages to companies or commercial sectors. U.S. diplomatic efforts continue to focus on the promotion of a strategic framework of international cyber stability during peacetime and during armed conflict that is built on three pillars: global affirmation of the applicability of existing international law to State activity in cyberspace; the development of international consensus on certain additional voluntary, nonbinding norms of responsible State behavior in cyberspace during peacetime; and the development and implementation of practical confidence-building measures to facilitate inter-State cooperation on cyber-related matters. The promotion of this framework is complicated by efforts to build and enhance international cooperation to address shared threats. These efforts also are hampered by the lack of consensus over key concepts such as what constitutes an armed attack, act of aggression, or the use of force in cyberspace. Furthermore, countries do not widely agree on how such principles of international law as proportionality of response or even the application of sovereignty apply in cyberspace. Cyber Warfare. As of late 2016 more than 30 nations are developing offensive cyber attack capabilities. The proliferation of cyber capabilities coupled with new war-fighting technologies will increase the incidence of standoff and remote operations, especially in the initial phases of conflict. Cyber attacks against critical infrastructure and information networks also will give actors a means of bypassing traditional defense measures and minimizing the advantage of geography to impose costs directly on their targets from a distance. Russian officials, for example, have noted publicly that initial attacks in future wars might be made through information networks in order to destroy critically important infrastructure, undermine an enemy's political will, and disrupt military command and control. Adversaries equipped with similar offensive cyber capabilities could be prone to preemptive attack and rapid escalation in a future crisis, because both sides would have an incentive to strike first. Cyber attacks against private sector networks and infrastructure could provoke a cyber-response by the intended target, raising the possibility of corporate and other non-state actor involvement in future cyber conflict and blurring the distinction between state and non-state action. Protecting critical infrastructure, such as crucial energy, financial, manufacturing, transportation, communication, and health systems, will become an increasingly complex national security challenge. cyber threat actors Russia. Russia is a full-scope cyber actor that poses a major threat to U.S. Government, military, diplomatic, commercial, and critical infrastructure and key resource networks because of its highly advanced offensive cyber program and sophisticated tactics, techniques, and procedures. In recent years, we have observed the Kremlin assume a more aggressive cyber posture. Russian cyber operations targeted government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations often using spearphishing campaigns. In foreign countries, Russian actors conducted damaging and/or disruptive cyberattacks, including attacks on critical infrastructure networks. In some cases Russian intelligence actors have masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. We assess that only Russia's senior-most officials could have authorized the recent election-focused data thefts and disclosures, based on the scope and sensitivity of the targets. Russia also has used cyber tactics and techniques to seek to influence public opinion across Europe and Eurasia. Looking forward, Russian cyber operations will likely target the United States to gather intelligence, support Russian decisionmaking, conduct influence operations to support Russian military and political objectives, and prepare the cyber environment for future contingencies. China. Beijing continues to conduct cyber espionage against the United States Government, our allies and U.S. companies. Since the China-United States cyber commitments in September 2015, private-sector security experts continue to detect cyber activity from China, although at reduced levels and without confirmation that stolen data was used for commercial gain. Beijing has also selectively used cyber attacks against foreign targets that it probably believes threaten Chinese domestic stability or regime legitimacy. China continues to integrate and streamline its cyber operations and capabilities into a dedicated cyber element that will be increasingly difficult to detect or counter. Iran. Tehran continues to leverage cyber espionage, propaganda, and attacks to support its security priorities, influence events and perceptions, and counter threats--including against United States allies in the Middle East. Iran has also used its cyber capabilities directly against the United States, as in distributed denial of service attacks in targeting the United States financial sector in 2012-13. North Korea. Pyongyang remains capable of launching disruptive or destructive cyber attacks to support its political objectives, as demonstrated by its destructive attack against Sony Pictures Entertainment in 2014. South Korean officials have also concluded that North Korea was probably responsible for the 2014 compromise, exfiltration, and disclosure of data from a South Korean nuclear plant, and for numerous denial of service and data deletion attacks. Terrorists. Terrorists groups--to include al Qaeda, Hizballah, HAMAS, and the Islamic State of Iraq and the Levant (ISIL)--continue to use the Internet to collect intelligence, coordinate operations, raise funds, spread propaganda, and incite action. Groups such as the Taliban also use Internet-based technology for similar purposes. While not as sophisticated as some state actors, Hizballah and HAMAS will continue to build on their cyber successes inside and outside the Middle East. ISIL personnel will continue to seek opportunities to target and release sensitive information about United States citizens in an effort to spur ``lone-wolf' attacks as demonstrated in their 2015 operations that disclosed potential targeting information about U.S. military personnel. Criminals. Cybercrime remains a persistent and prevalent malicious activity in cyberspace. Criminals develop and use sophisticated cyber tools for a variety of purposes including theft, extortion, and facilitation of other criminal activity. ``Ransomware has become a particularly popular and effective tool for extortion, one for which few options for recovery or remediation are available if the victim has not previously backed up the affected data. In 2016, criminals employing ransomware targeted the medical sector, disrupting patient care and undermining public confidence in medical institutions. Some criminals use markets conducted on the so-called dark web to sell or lease malware to anyone willing to pay, including state and non-state actors. responses Perhaps the most significant counterintelligence threat to our nation, both currently and in the future, involves the rapid development and proliferation of disruptive, advanced technologies that provide adversaries with capabilities that even just a few years ago were not considered plausible. Sophisticated technical collection through a variety of means is available to more adversaries than ever before and can occur virtually anywhere and involve telephones, computers, Internet, cell phones, wired and wireless networks, as well as conversations and activities in offices, homes, vehicles, and public spaces. Disruptive technology is being built and fielded at an unprecedented rate, and we are already dealing with the consequences of a hyperconnected world. The complexity of technological advances, both in the tools themselves and the methods used to compromise them, necessitates a much greater technical and cyber literacy than what was required of us even five years ago. As we face this ever-changing cyber threat environment, the Intelligence Community and U.S. Cyber Command have been hardening internal U.S. Government systems, increasing knowledge and awareness among industry and the community, and engaging more closely with a host of partners to share best practices and threat information. The National Security Agency, in particular, has taken aggressive measures to hire and retain the cybersecurity talent needed to operate in this challenging environment. In addition, Cyber Command leverages the capacity and capabilities of 133 Cyber Mission Force teams that are responsible for synchronizing and executing cyber operations to support combatant command operations, and for the defense and security of service component and Department of Defense Information Networks. Cyber Command has established close working relationships with both international and interagency partners and stands ready to support a whole of nation response. The National Counterintelligence and Security Center's (NCSC) innovative public awareness campaign has resulted in placing numerous short informative videos on its public-facing website concerning cyber and associated threats, which are of immediate, practical use to federal, industry and community partners alike. NCSC also established a National Counterintelligence Task Force for Critical Infrastructure to coordinate counterintelligence efforts to mitigate this threat. While many government organizations can make a unique contribution to securing our networks and the nation, no one agency has the capability to do so alone. The security of systems and networks is not the responsibility of one person or one agency or one industry, but rather requires a whole of nation response and a culture of cybersecurity among all users of the information space across private and public sectors. The Intelligence Community and U.S. Cyber Command have been working to provide the Secretary of Defense and DOD policymakers with effective options for operational cyber responses to threats to U.S. interests. This remains a work in progress, and we welcome the assistance of this Committee in ensuring that we have the resources and authorities to succeed in this mission. conclusion In summary, the breadth of cyber threats to U.S. national and economic security has become increasingly diverse, sophisticated, and dangerous. Over the next five years, technological change will only accelerate the intersection of cyber and physical devices, creating new risks. Adversaries are likely to further explore cyber-enabled psychological operations and may look to steal or manipulate data to gain strategic advantage or undermine confidence. The Intelligence Community has been vigilant in the detecting and sharing of cyber threat information with partners such as U.S. Cyber Command, as well as our nation's network protection organizations such as the Department of Homeland Security, and will continue to do so for the safety of our nation. Chairman McCain. Director, I just have to--General Clapper, I just have to mention the name, Mr. Assange, has popped up, and I believe that he is the one who is responsible for publishing names of individuals that work for us that put their lives in direct danger. Is that correct? Director Clapper. Yes, he has. Chairman McCain. Do you think that there is any credibility we should attach to this individual given his record of---- Director Clapper. Not in my view. Chairman McCain. Not in your view. Admiral Rogers? Admiral Rogers. I second those comments. Chairman McCain. Thank you. For the record, on October 7th, the Homeland Security and Office of the Director of National Intelligence--their assessment was that the United States intelligence community is confident that the Russian Government directed the recent compromise of emails from United States persons and institutions, including from United States political organizations. It goes on to say these thefts and disclosures are intended to interfere with the United States election process. Quote, such activity is not new to Moscow. Russians have used similar tactics and techniques across Europe and Eurasia. Quote, based on the scope and sensitivity of these efforts, only Russia's senior most officials could have authorized these activities. General Clapper, those are still operable and correct statements? Director Clapper. Yes, Chairman McCain, they are. As I indicated in my statement, we stand actually more resolutely on the strength of that statement that we made on the 7th of October. Chairman McCain. I thank you. Really what we are talking about is if they succeeded in changing the results of an election, which none of us believe they were, that would have to constitute an attack on the United States of America because of the effects if they had succeeded. Would you agree with that? Director Clapper. First, we cannot say--they did not change any vote tallies or anything of that sort. We had no way of gauging the impact that--certainly the intelligence community cannot gauge the impact it had on choices the electorate made. There is no way for us to gauge that. Whether or not that constitutes an act of war I think is a very heavy policy call that I do not believe the intelligence community should make. But it certainly would carry in my view great gravity. Chairman McCain. Thank you. Admiral Rogers, have you seen this problem in your position getting worse or better? In other words, it is my information that their techniques have improved, their capabilities improved. The degree of success has improved. Is that your assessment? Admiral Rogers. I have publicly said before that the Russians are a peer competitor in cyber. If you look broadly beyond the Russians to cyber at large, the level of capability of nation states and actors around the world continues to increase. I cannot think of a single significant actor out there who is either decreasing their level of investment, getting worse in their tradecraft or capability, or in any way backing away from significant investments in cyber. Chairman McCain. With all due respect to you, Mr. Secretary, I have not seen a policy. In other words, I do not think any of our intelligence people know what to do if there is an attack besides report it. I do not think that any of our people know, if they see an attack coming, what specific actions should be taken. Maybe I am missing something, but I have asked time after time, what do you do in the case of an attack? There has not been an answer. There has not been an answer. I believe that unless we have specific instructions to these wonderful men and women who are doing all this work, then we are going to be bystanders and observers. I am glad to hear you respond to that. Mr. Lettre. Mr. Chairman, you are right that we have a lot more work to do to put the right deterrence and response framework in place on cyber. This is somewhat of a new domain of operations and in some cases warfare. In my personal opinion, the next administration would be well served to focus very early on those questions of continuing to develop our overarching policy, a comprehensive approach, and an increasingly robust and refined deterrence framework. Chairman McCain. I thank you. Finally, Director and Admiral, would it make your job easier if you did not have to report to seven different committees? Director Clapper. Chairman McCain, my hands have been slapped before when I ventured into the delicate area of congressional jurisdiction. In the remaining 15 days that I am in office, I do not think I am going to speak to that. Afterwards that might be different. Chairman McCain. Well, we will look forward to calling you back. [Laughter.] Chairman McCain. Admiral Rogers? Admiral Rogers. Can I second the comments of the Director of National Intelligence? Chairman McCain. But it does make it difficult, does it not? It is not exactly stove-piping, but overlapping jurisdictions I think makes your job a little harder, does it not, I mean in all candor, Admiral? Admiral Rogers. The way I would phrase is I think clearly an integrated approach is a key component of our ability to move ahead here. I would say that in the Government, in the private sector, there is no particular one slice where that is not applicable. Chairman McCain. Thank you. Senator Reed? Senator Reed. Well, thank you very much, Mr. Chairman. General Clapper, you responded to the chairman that in October you and the Director of Homeland Security concluded that the Russian Government intervened in the election. Admiral Rogers also seconded that view. That is also today the view, for the record, of the FBI [Federal Bureau of Investigations] and the Central Intelligence Agency [CIA], in fact, all the intelligence community. Is that correct? Director Clapper. Yes. The forthcoming report is done essentially by those three agencies, CIA, FBI, and NSA. Senator Reed. The same conclusion with respect to the involvement of high-level Russian authorities is shared by all these agencies? Director Clapper. Yes. Senator Reed. The chairman just noticed the legislative compartmentalization. Is that reflected also in terms of operations, in terms of, for example, Admiral Rogers, if you through NSA or through your sources detect something that is obviously a disruption, something that is patently wrong, you can communicate to the FBI or law enforcement, but there is no mechanism to make things happen administratively. Is that fair? Admiral Rogers. There is certainly a process, and in fact, there have been several instances that I can think of in the last 18 months where we have run through that exact same scenario. Intelligence, as it does in many other areas, other domains, will detect incoming activity of concern. We, NSA, will partner with FBI, the Department of Homeland Security, U.S. Cyber Command to ensure the broader government, the Department of Defense and FBI in its relationship with the private sector. But the biggest frustration to me is speed, speed, speed. We have got to get faster. We have got to be more agile. For me at least within my span of control, I am constantly asking the team what can we do to be faster and more agile. How do we organize ourselves? What is the construct that makes the most sense? We cannot be bound by history and tradition here, so to speak. We have to be willing to look at alternatives. Senator Reed. Thank you. General Clapper, one of the aspects of this Russian hacking was not just disseminating information that they had exploited from computers, but also the allegations of fake news sites, fake news stories that were propagated. Is that accurate, or is that one aspect of this problem? Director Clapper. Yes. Without getting too far in front of the headlights of our rollout next week to the Congress, this was a multifaceted campaign. The hacking was only one part of it, and it also entailed classical propaganda, disinformation, fake news. Senator Reed. Does that continue? Director Clapper. Yes. Senator Reed. The Russians particularly are very astute at covering up their tracks. It appears that they were not quite as diligent or--let me ask a question. Do you believe that they made little attempts to cover up what they were doing as a way to make a point politically? Director Clapper. Well, again, without preempting the report, that is classical tradecraft that the Russians have long used. Particularly when they are promulgating so-called disinformation, they will often try to hide the source of that or mask it to deliberately mask the source. Senator Reed. Let me just ask one more time. In this situation, though, were there attempts to mask their involvement, very elaborate and very, very sophisticated, or was it just enough to have plausible deniability? Director Clapper. Sir, I would rather not get into that. That kind of edges into the sources and methods and I would rather not speak to that publicly. Senator Reed. Fair enough. These activities are ongoing now in Europe as Europe prepares for elections. Is that a fair assumption? Director Clapper. It is. Senator Reed. Thank you. Yesterday, the ``Wall Street Journal'' indicated that the President-elect is considering changes to the intelligence community. Have you at all, as the experts in this field, been engaged in any of these discussions, deliberations, advice? Director Clapper. No, we have not. Senator Reed. Thank you, Mr. Chairman. Chairman McCain. Senator Inhofe? Senator Inhofe. Thank you, Mr. Chairman. I heard this morning that a lot of the news media was characterizing this as a hearing on Russian hacking, and actually it is on foreign cyber threats to the United States. I am trying to cover a couple of the other ones. First of all, I received something this morning, Director Clapper, that I was very glad to read. I have often said that the threats we are facing today are greater. I look wistfully back at the days of the Cold War. Your statement that was in print this morning said sometimes all of this makes me long for the Cold War when the world essentially had two large mutually exclusive--and so forth. I think it is important that we talk about this because the general public is not aware of the nature of the threats that are out there that have not been out there before. Admiral--no. Director Clapper, we have had a lot of most damaging cyber attacks perpetrated against the American people. When the chairman gave his opening statement, he singled out three or four of them. One of them was the OPM [Office of Personnel Management] incident. That was 2014 and 2015, Office of Personnel Management. It was a breach and threat to personal information, birthdates, home addresses, Social Security numbers of over 22 million individuals. I would like to ask you what action was taken after that and what kind of effect that might have had on the behavior of the Chinese. Director Clapper. Well, the major action that we took, of course, was remediation in terms of advising people of what the potential risks were. And, of course, there was a lot of work done. NSA was deeply involved in this in enhancing or improving the cybersecurity posture of OPM, and Admiral Rogers might speak to that. I would say that this was espionage. It was not an attack per se. And, of course, I am always a bit reticent about people who live in glass houses should not throw publicly too many rocks. There is I think a difference between an act of espionage, which we conduct as well and other nations do, versus an attack. Mike, do you want to comment? Admiral Rogers. Just as a broader point, I think the OPM issue highlights that massive data concentrations increasingly have value all of their own. What do I mean by that? I can remember 10 years ago earlier in my time in cyber thinking to myself large databases like OPM are so large. The ability of an intruder, an external actor to actually access, fully extract, and bore their way through millions upon millions of records would be difficult. But with the power of big data analytics, large data concentrations now become increasingly attractive targets because the ability to mine that data for insights, which is what we think drove this action in the first place, becomes more and more easily done. Senator Inhofe. Okay. I appreciate that very much. In your joint statement--by the way, I like the idea of joint statements. It makes our questioning a lot easier. You talk about the--you end up stating through one of your paragraphs, in short, cyber threat cannot be eliminated. Rather, cyber threat must be managed. It is interesting that in the Edison Electric Institute--it is a publication. I think it just came in this morning--they say exactly the same thing. This seems to be one of the rare cases where we have government and industry working together. Their statement was the electric power industry recognizes it cannot protect all assets from all threats and instead must manage risk. Now, they go on to describe working together with government, and they say the industry's security strategy is constantly evolved and are closely coordinated with the Federal Government through a partnership called the Electricity Subsector Coordinating Council, ESCC. Can you comment? Are we looking at getting some success out of that? Director Clapper. I think it is emblematic of a lot of work that the intelligence community has done, the Department of Homeland Security in engaging with each of the, I think, 16 key infrastructure sectors in this country and providing--what we have embarked on is providing them, tailored to each one of those sectors, intelligence estimates of what the threats and vulnerabilities are in order to help them take measures to enhance their cybersecurity. I think the major point here is that if there is any connection whatsoever with the Internet, there is an inherent security vulnerability, and we have to manage the risk that is generated accordingly with full knowledge of that fact. If there is an Internet connection, there is always going to be a vulnerability. Mike? Admiral Rogers. I would echo that. I think part of our challenge is our defensive strategy must be two-pronged. We have to spend time making it difficult for people to gain access, but we must acknowledge that despite our best efforts, there is a probability that they are still going to get in. What do you do? As a guy who defends networks on the Cyber Command side, I would tell you it is a whole different process, methodology, prioritization, and risk approach in dealing with someone who is already in your network versus trying to keep them out in the first place. We have to do both. Senator Inhofe. I appreciate that. My time has expired. I have one last question just for the record. You cannot answer it at this time. But a year ago--it is a year and 2 months ago I think it was, Admiral Rogers--you made the statement before this committee that, quote, we have peer competitors in cyberspace and some of them have already hinted that they hold the power to cripple our infrastructure and set back our standard of living if they choose. I would like for the record if you could just kind of outline which of our peer competitors might be the closest to choosing to use their power. Admiral Rogers. As I have publicly said before, the Russians are the peer competitor to us. But I look at other nations. You look at China, for example, and the level of capability and investment they are making. I am watching their abilities rise significantly. Iran, North Korea, currently at a moderate level. But clearly the level of investment, the capability we are seeing, and their willingness to employ cyber in some very aggressive ways that would be way beyond our normal risk calculus is of concern. Senator Inhofe. Thank you, Mr. Chairman. Chairman McCain. Senator Nelson? Senator Nelson. I think it is the general assumption that you all have said that our systems can be invaded that has the American people, we as policymakers concerned, but the average American concerned that there is no privacy anymore. General, do you think in the report next week that you all will ascribe a motivation to Putin for the election attempt? Director Clapper. Yes, we will ascribe a motivation. I would rather not, again, preempt the report. Senator Nelson. Understood. Well, then will you discuss after the report what is sufficient in the future to impose enough cost to make them stop this kind of activity? Director Clapper. No. If we are going to speak to that, that would be separate from the report. What the report will include, per the President's tasking, was a section contributed by the Department of Homeland Security and NIST [National Institute of Standards and Technology], I believe, on best practices for defending, but it does not speak to that, which is really out of our lane. That is a policy call. Senator Nelson. We are now talking about deterrence, and as one of you said in your testimony, it is not like the nuclear standoff of mutually assured destruction because we do not have a particular deterrence now. Would you discuss that? Director Clapper. The point I was trying to make is that in the case of nuclear deterrence, there are instruments you can see, feel, touch, measure, weaponry. We have had a demonstration a long time ago of the impact of nuclear weaponry. That is what creates both the physical substance of deterrence, as well as the psychology. The problem with the cyber domain--it does not have those physical dimensions that you can measure, see, feel, and touch as we do with nuclear deterrence. Senator Nelson. Let me give you an example. Help us understand had the supposed invasion into the Vermont utility been in fact an invasion by a foreign power and ascribed to that was shutting it down, if that had been the case, what would be some of the options we would do. Director Clapper. Well, again, this would be a--as I understand it, by the way, it was not. But had it been from the malware planted by a foreign power, I think that is something that would be very situational dependent as to what to do about it. As I indicated in my remarks, perhaps a cyber reaction to a cyber act may not be the best course of action. Some other form of national power. Sanctions is what we have traditionally used. As I also indicated, the problem, at least for me, is-- and I will ask others to speak if they want to--if you do retaliate in a cyber context, not knowing exactly what counter- retaliation you will get back. We go through all kinds of exquisite thought processes on deciding how to react. We try to be very surgical, very precise. We try to gauge what the second order or unintended consequences might be. I do not think others are similarly disposed to consider such precision and such exactness when they respond. There is always that issue of counter-retaliation, ergo my brief mention that it is in my view best to consider all instruments of national power. Senator Nelson. I think that is what is concerning us. Could we, the United States--do we have the ability that we could make it so tough on North Korea with a cyber attack that it would deter them from some of their strange behavior? Director Clapper. Not necessarily via a direct cyber reaction, given the difficulty of gaining access to their cyber networks. Chairman McCain. Senator Wicker? Senator Wicker. Thank you. Director Clapper, you are pretty far along on the report that will be released next week, obviously. How far along are you? What do you lack and how will this be released? Will it be in a classified format? Will you be willing to testify in an opening hearing like this, or will we need to go down the SCIF to hear this? Director Clapper. What is planned is a series of briefings in the Congress. I think I have four more hearings to do, first with our oversight committees, which will be closed hearings I believe. Then there will be all-House, all-Senate hearings I believe next week as we roll out a version of the report---- Senator Wicker. Those will be classified. Director Clapper.--followed by an unclassified version. Senator Wicker. I see. The public will not hear sources and methods, but you think it will be fairly convincing without going beyond what---- Director Clapper. I assure you that I intend to push the envelope as much as I can particularly on the unclassified version because I think the public should know as much about this as possible. This is why I felt very strongly about the statement we made in October. We will be as forthcoming as we can, but there are some sensitive and fragile sources and methods here, which is one reason why we are reticent to talk about it in this setting. Senator Wicker. You have said that, and I expect you will be challenged with some very talented questioners up and down the dais here today on that. I would have to support what Senator Nelson has said. As regrettable and reprehensible as the hacking of political parties is, I do think Senator Nelson has touched on really the larger issue which really is the subject matter of this hearing and that is what the real threats are. It concerns me that we really do not know what the deterrence ought to be. I wonder at what level are conversations taking place within the administration or within the intelligence community about what is appropriate in terms of a response. You mentioned countering cyber with cyber is not necessarily the number one solution. Secretary Lettre mentioned that we should impose costs, and perhaps after you answer, I can ask him to expound on that also. Director Clapper. Well, we have had many discussions in the White House situation room at Deputies Committee, Principals Committee, and NSC [National Security Council] meetings about what to do when we have these attacks. I think the Sony attack by the North Koreans is a case in point. There you get into the complexities of if you launch a counter cyber attack--I want to be careful here, but you have to use some other nation's infrastructure in order to mount that attack. That gets into, as I have learned, complex legal issues involving international law. The judgment was to impose some other costs other than a direct cyber retaliation. Senator Wicker. Did you recommend the President's sanctions? Were his actions in response to the Russian hacking part of your recommendation, or did that come from someone else? Director Clapper. Well, without going into internal decision-making, I think that was a consensus interagency view. Senator Wicker. Secretary Lettre, what about imposing costs? What did you mean by that? Mr. Lettre. Well, as part of an approach to deterrence that takes each case as it comes up case by case, we need to look at ways to respond--first deter and then respond to attacks at a time and a place of our choosing that favors advantages that we have as we use all of the instruments available. We look to deny objectives and then impose costs, as you indicated, Senator. Imposing costs really can come from things like were announced last week with the sanctions that were applied in the case of the Russian hacking situation, but they can go more broadly than that. From the military's perspective, we are concerned not just about Russia's cyber hacking, but also about a range of aggressive actions by Russia across multiple regions of the globe. We look to impose costs on Russia by a range of measures across multiple regions in partnership with our allies through NATO [North Atlantic Treaty Organization], where we can, to push back on Russian actions and deter future aggressive actions. That is a bit of what we mean by imposing costs here. Senator Wicker. Thank you. Chairman McCain. It seems that every attack is handled on a case-by-case basis, and that is not a strategy. Senator McCaskill? Senator McCaskill. Thank you. I know this will probably confuse you a little bit, General Clapper, but review again how long you have been working in intelligence. Director Clapper. I started in 1963. Senator McCaskill. You enlisted in 1963. Correct? Director Clapper. No. I enlisted in the Marine Corps in 1961. Senator McCaskill. Then transferred to the Air Force? Director Clapper. Right. Senator McCaskill. You flew support for combat missions in Vietnam? Director Clapper. I did two tours in Southeast Asia, one in Vietnam in 1965 and 1966, and then I was stationed in Thailand flying the reconnaissance missions over Laos and Cambodia in 1970 and 1971. Senator McCaskill. Would you say that your experience in the military and especially your service for the Government has always been for either political party and apolitical in terms of your mission and your job? Director Clapper. Absolutely. I have served--I toiled in the trenches in intelligence for every President since President Kennedy. I have served as a political appointee in both Republican and Democratic administrations. I am apolitical. Senator McCaskill. By the way, without getting into classified information, there are thousands of men and women who are working in the intelligence community right now, General Clapper. Correct? Director Clapper. Absolutely. Senator McCaskill. Would you say that their experience in many instances mirrors yours, in terms of military experience, many of them being either Active military or retired military? Director Clapper. Yes. A large part of the intelligence community workforce are military, and of course, there are many former military, either those who completed full careers or those who served enlistments briefly and then came to the intelligence community as civilians. Senator McCaskill. Would you think it any less important that we maintain the intelligence community as a foundational, apolitical bloc of our country in terms of its protection? Director Clapper. I could not feel stronger about exactly that. I think it is hugely important that the intelligence community conduct itself and be seen as independent, providing unvarnished, untainted, objective, accurate, and timely and relevant intelligence support to all policymakers, commanders, diplomats, et cetera. Senator McCaskill. Do, in fact, members of the intelligence community engage in life-threatening and very dangerous missions every day, particularly as it relates to the war on terror? Director Clapper. You only need to walk into the lobby of CIA and look at the stars on the wall or the front lobby of NSA, and the number of intelligence people that have paid the ultimate price in the service of their country. Senator McCaskill. Let us talk about who benefits from a President-elect trashing the intelligence community. Who benefits from that, Director Clapper? The American people, them losing confidence in the intelligence community and the work of the intelligence community? Who actually is the benefactor of someone who is about to become commander-in-chief trashing the intelligence community? Director Clapper. I think there is an important distinction here between healthy skepticism, which policymakers, to include policymaker number one, should always have for intelligence, but I think there is a difference between skepticism and disparagement. Senator McCaskill. I assume the biggest benefactors of the American people having less confidence in the intelligence community are in fact the actors you have named today, Iran, North Korea, China, Russia, and ISIS. Director Clapper. The intelligence community is not perfect. We are an organization of human beings, and we are prone sometimes to make errors. I do not think the intelligence community gets the credit it is due for what it does day in and day out to keep this Nation safe and secure in the number of plots, just one example, terrorist plots that have been thwarted, both those focused on this country and other countries. Senator McCaskill. I want to thank the chairman and I want to thank Senator Graham and others. There have been others I can count on maybe a little bit more than one hand who have stood up in a nonpolitical way to defend the intelligence community over the last few weeks. The notion that the soon- elected leader of this country would put Julian Assange on a pedestal compared to the men and women of the intelligence community and the military that is so deeply embedded in the intelligence community--I think it should bring about a hue and cry no matter whether you are a Republican or a Democrat. There should be howls. Mark my word. If the roles were reversed, there would be howls from the Republican side of the aisle. Thank you, Mr. Chairman. Chairman McCain. Thank you for that nonpartisan comment. [Laughter.] Chairman McCain. Director Clapper, how would you describe Mr. Assange? Director Clapper. How would I describe? Chairman McCain. Mr. Assange. Director Clapper. Well, he is holed up in the Ecuadorian embassy in London because he is under indictment I believe by the Swedish Government for a sexual crime. He has, in the interests of ostensibly openness and transparency exposed in his prior exposures, put people at risk by his doing that. I do not think those of us in the intelligence community have a whole lot of respect for him. Chairman McCain. Admiral? Admiral Rogers. I would echo those comments. Chairman McCain. Thank you. Senator Fischer? Senator Fischer. Thank you, Mr. Chairman. Thank you, gentlemen, for being here today and I do thank you for your service. Gentlemen, as you all know, about a year ago, Congress passed the Cybersecurity Information Sharing Act. Director Clapper, could you comment on what steps have been taken to implement the act in particular to provide cyber threat information in the possession of the Federal Government to non- government entities? Director Clapper. There has been a lot of work done--and this is principally through both the FBI and Department of Homeland Security--to share more broadly with the private sector. Prior to the enactment of this act, I think this has been a theme that we have all worked hard. Certainly one of the reasons for the creation of the Office of Director of National Intelligence was to assume a domestic role as well and to promote sharing as much as we can. I think a lot of improvement has been made, as I look back over the last 15 years, but there is more work to do. We have done a lot of work with, for example, fusion centers, the 76 or so fusion centers that exist throughout the country, to convey more information to them. I have a network of 12 domestic DNI [Director of National Intelligence] reps, Director of National Intelligence representatives, which are FBI special agents in charge. We work through them, those instrumentalities, on a regional basis to convey more information particularly on cyber threats to State and local officials, as well as the private sector. Senator Fischer. Thank you, sir. Admiral Rogers, what is your assessment of the current state of information sharing between the Government and the private sector, especially regarding cybersecurity threats? More importantly, what is the appropriate level of expectation to have with respect to that information sharing? Admiral Rogers. In some ways I would characterize it as uneven. Some sector relationships, as you heard General Clapper talk about, the 16 sectors within the critical infrastructure of our Nation--in some sectors, the relationship is very mature. Information tends to flow very regularly. Other sectors, it is not quite as mature. I think the positive side is, with the legislation, we have now developed a framework for how we do it. I still am concerned on the Government side. I will only speak for NSA and Cyber Command. On the Government side, I am not entirely comfortable that the products that I am generating are optimized to achieve outcomes for our private counterparts. I am always trying to remind our team our success needs to be defined by the customer, not what we think is the right format or the right things to share. Senator Fischer. Do you think there is any additional legislation that is going to be required? I guess I am asking, what do you need? Do you think there are proper authorities that are currently in place, or do we need new legislation? Or do you guys just need to improve on your execution of it? Admiral Rogers. Probably all of the above, to be very honest. I look at what are the changes that we are going to need collectively to create the workforce of the future. I work within the DOD in an intel framework. But I would argue this is kind of universal. It does not matter where you are working. Where does the structure--what is the recruitment and the benefit process that we need to retain and attract a workforce? I am curious with the new administration coming in their broad view of roles and responsibilities--are they comfortable with the current structure? Will their view be that we need to fundamentally relook at something different? I would be the first to acknowledge, as I previously said this morning, we have got to get faster. We have got to get faster. Senator Fischer. You know, you have talked about case by case and the ad hoc nature of our policies when it comes to cyberspace before this committee many, many times, and that has been an issue that this committee and the ETC [Emerging Threats and Capabilities] Subcommittee in particular has tried to address by requiring strategies so that we can deter these hostile actors and delegations of authority, a definition of what an act of war in cyberspace is. You know, we can go on and on. The chairman just mentioned we do not have a strategy. Some of us just do not feel there is a strategy that is laid out there. When you talk about speed and dealing with cyber attacks, I assume you are just referring to our agencies in responding to attack that is directly upon us. Do you think there needs to be any kind of consensus-building on the international stage with our allies in order to increase speed, or would that delay it even more trying to run this through channels in trying to respond quickly? Do we reach out to allies, or do we perform our first duty in protecting this country? Admiral Rogers. We routinely do that now. You clearly have highlighted it is a bit of a double-edged sword. But it goes to the point from my perspective, cyber just does not recognize many of these boundaries. When you are trying to deal with an incident, is this something that is really truly totally domestic, or has it originated from somewhere external to our Nation? What kind of infrastructure did it pass through? There is a whole lot of complexity to this. I apologize. It is not a simple binary choice there, even as I acknowledge there are tradeoffs. Senator Fischer. Thank you. Thank you, Mr. Chair. Chairman McCain. Senator Blumenthal? Senator Blumenthal. Thanks, Mr. Chairman. I want to join Senator McCaskill in expressing my appreciation for the service of our intelligence community and to you, Mr. Chairman, for your very strong and courageous statements in support of the work of this committee to give credit and credibility to that intelligence community and to your statements also about the importance of cyber warfare. It is not the first time we have been here on this topic, and you have been resolute and steadfast in seeking to elevate public awareness and public consciousness about the importance of cyber attacks on this country and the threat of cyber warfare. I want to explore a little bit why these very demeaning and dismissive comments about our intelligence community are so dangerous to our Nation. Is it not true, Mr. Clapper, that public support for robust responses to cyber attacks on our Nation depends on the credibility of our intelligence community and dismissing the conclusions, very credible and significant conclusions, about the Russian attack undermines public support for actions that the President must take to deter and punish these kinds of actions? Director Clapper. I do think that public trust and confidence in the intelligence community is crucial, both in this country and I think the dependence that other countries, other nations, have on the U.S. intelligence community. I have received many expressions of concern from foreign counterparts about the disparagement of the U.S. intelligence community or, I should say, what has been interpreted as disparagement of the intelligence community. Senator Blumenthal. Well, there is no question about the disparagement. There is no question about the dismissing and demeaning of the intelligence community, entirely unmerited. Would you agree, in light of your saying that you are even more resolute now in your conclusion about Russian involvement in this hacking, that comparing it to the judgment made about weapons of mass destruction in the Iraq situation is totally a red herring, totally wrong? Director Clapper. Yes, I agree with that. My fingerprints were on that national intelligence estimate. I was in the community then. That was 13 years ago. We have done many, many things to improve our processes, particularly with respect to national intelligence estimates, in order to prevent that from happening again. Whatever else you want to say about the intelligence community, it is a learning organization, and we do try to learn lessons. It is a very difficult business and getting harder all the time. There will be mistakes. But what we do try to do, as we did after the NIE [National Intelligence Estimate] from October 2002 on weapons of mass destruction in Iraq, was to learn from that, profit, and make change. Our posture, particularly with respect to a very important document, the apex of our product line, national intelligence estimates, it is the difference of night and day. Senator Blumenthal. I appreciate the extraordinary humility of that statement, especially in light of the excellence and expertise that your organization and you personally have brought to this very, very difficult endeavor to provide--and I am quoting you I think--unvarnished, untainted, timely, accurate information to the most critical national security decisions that this Nation makes. I want to express my appreciation for it and say that I think some of the disparagement has been a terrible disservice to our Nation and to the very brave and courageous men and women who put their lives at risk so that this Nation can be better informed in using our military and other force. I hope that we will see a change. I also join the chairman in saying that we need better policies on what constitutes a cyber attack on this Nation and provide a more robust response, for example, against the Russians not necessarily in cyber but to impose stronger sanctions on their oil exports, on their use of foreign exchange. The response to cyber attacks need not be one in the cyber domain and in fact might be even more effective if it hits their economy and their pocketbook and their livelihoods. Mr. Under Secretary, I appreciate your comments in that regard. I do not know whether you want to comment in response to what I have said. I am out of time. Maybe we can get that in writing. Director Clapper. Senator Blumenthal, I do want to thank you--on behalf all the women and men of the intelligence community, I want to thank you for that. Senator Blumenthal. Thank you. Chairman McCain. Senator Cotton? Senator Cotton. Thank you all for appearing before us. Mr. Secretary, Director Clapper, since this is your final appearance, I know you hope, thank you very much for your many years of service, Director Clapper, particularly you. I will add my voice to Senators Blumenthal and McCaskill in my admiration for the men and women in our intelligence agencies. I have had a chance as a member of the Intelligence Committee to meet them here at hearings and at their headquarters around the world. They do not get the credit they often deserve. The troops that we help provide for in this committee usually do because they wear uniforms and they are known in public, but intelligence officers do not wear uniforms and they are frequently undercover. I want to express my admiration and deepest respect and gratitude for what they do. We have heard a lot of imprecise language here today--and it has been in the media as well--phrases like ``hacked the election,'' ``undermine democracy,'' ``intervened in election.'' I want to be more precise here. Director Clapper, let us go to the October 7th statement. That says, quote, the recent compromises of emails from United States persons and institutions, including from United States political organizations, were instructed by the Russian Government. Are we talking there specifically about the hack of the DNC [Democratic National Committee] and the hack of John Podesta's emails? Director Clapper. Yes. Senator Cotton. Are we talking about anything else? Director Clapper. That was essentially at the time what we were talking about. Senator Cotton. At the time then--it says that the recent disclosures through websites like DCLeaks and WikiLeaks are consistent with the methods and motivations of Russian-directed efforts. DNC emails were leaked first, I believe, in July. Is that what the statement is talking about there? Director Clapper. I believe so. Senator Cotton. Mr. Podesta's emails I believe were not leaked until that very day on October 7th. Was the statement referring to that yet, or was that not intended to be included? Director Clapper. I would have to research the exact chronology of when John Podesta's emails were compromised. But I think, though, that bears on my statement that our assessment now is that is even more resolute than it was with that statement on the 7th of October. Senator Cotton. Thank you. Admiral Rogers, in November at the Wall Street Journal Forum, you stated, quote, this was a conscious effort by a nation state to attempt to achieve a specific effect. End quote. By that, did you also refer to the hack of the DNC, the hack of John Podesta's email and the leaks of those emails? Admiral Rogers. Yes. Senator Cotton. Did you refer to anything else besides those two things? Admiral Rogers. To be honest, I do not remember the specifics of that one particular 30-minute engagement, but clearly what you outlined was part of my thought process. Senator Cotton. Okay. Then further on in that statement, Director Clapper, the intelligence community says, quote, it would be extremely difficult for someone, including a nation state actor, to alter actual ballot counts or election results by cyber attack or intrusion. End quote. You stated that earlier today as well, that we have no evidence that vote tallies were altered or manipulated in any way. Director Clapper. That is correct. Senator Cotton. That is what happened. Let us discuss why. Director Clapper, in response to Senator Nelson, you stated that the report soon to be released will discuss the motive. Would you care to give any kind of preview today? Director Clapper. I would rather not. Senator Cotton. I did not think so. Director Clapper. There is actually more than one motive. That will be described in the report. Senator Cotton. In your 53 years of intelligence, is ascertaining the motives, plans, and intentions of foreign leaders among the hardest tasks that we ask our intelligence services to perform? Director Clapper. It always has been. Senator Cotton. There is a widespread assumption--this has been expressed by Secretary Clinton herself since the election--that Vladimir Putin favored Donald Trump in this election. Donald Trump has proposed to increase our defense budget to accelerate nuclear modernization and to accelerate ballistic missile defenses and to expand and accelerate oil and gas production which would obviously harm Russia's economy. Hillary Clinton opposed or at least was not as enthusiastic about all those measures. Would each of those put the United States in a strong strategic position against Russia? Director Clapper. Well, certainly anything we do to enhance our military capabilities, absolutely. Senator Cotton. There is some contrary evidence, despite what the media speculates, that perhaps Donald Trump is not the best candidate for Russia. Okay. That is what happened. That is why it happened, or at least a preview that we are going to know why it happened. Let us move on to the impact. Director Clapper, you said to Senator McCain earlier, quote, the intelligence community cannot gauge the impact, end quote, on the election. Is that because that kind of electoral analysis is not a task that is within the traditional responsibility and skill sets of intelligence services? Director Clapper. That is correct. Senator Cotton. That is something that is more suited for someone Shawn Hannity or Michael Barone or Nate Silver, election analysts that have written extensively on the election. Director Clapper. Well, it certainly is not the purview of the U.S. intelligence community. Senator Cotton. Thank you. Chairman McCain. Senator Heinrich? Senator Heinrich. Thank you, Chairman. Since this will likely be the last hearing that some of you will attend in front of this committee, I just want to thank you all for your service and thank all the men and women who work for you. I want to say a special note of gratitude to Director Clapper for 50 years of incredible service to this country. I think what makes America great has been our ability to elect leaders through a fair, through a peaceful and a transparent process without fear of rigging or interference in elections. Unfortunately, in this past election, we know that interference occurred. When I say ``interference,'' I want to be specific. It is not about someone physically stuffing ballot boxes or someone hacking our electronic voting machines to give one candidate more votes than the other. It is about selectively and deliberately releasing damaging information in hopes of furthering one's strategic objectives, in this case, Russia's strategic objectives. I believe this is going to happen again unless there is a price to be paid. This interference impacts the foundation of our democracy, our elections, which is why I welcomed the sanctions against Russia announced by the President and why I believe we need to be evaluating additional Russian sanctions. It is simply too important for both parties and for the future of our country. Secretary Lettre, given the need for deterrence in this atmosphere which, as you said, is not always achieved by a cyber response, how important are tools like sanctions to imposing the kind of clear costs that you articulated? Mr. Lettre. Sanctions are a very useful tool in that toolkit. I think in the case of the current situation that we find ourselves in, it would be prudent to continue to look at other options to impose more sanctions on Russian actors as the facts continue to develop. Senator Heinrich. I would agree with that estimate and I hope that folks on both sides of the aisle will be looking at those additional tools. For any of you who want to answer this, I would like to know how has the President-elect's at least inferred dismissive attitude towards the intelligence community broadly impacted morale in your agencies? Director Clapper. Well, I have not done a climate survey, but I hardly think it helps it. Senator Heinrich. Does anyone want to add to that? Admiral Rogers. I do not want to lose good, motivated people who want to help serve this Nation because they feel they are not generating value to help that Nation. I am the first to acknowledge there is room for a wide range of opinions of the results we generate. We do not question that for one minute, and every intelligence professional knows that. I have had plenty of times in my career when I have presented my intelligence analysis to commanders and policymakers, and they have just looked at me and said, hey, Mike, thanks but that is not the way I see it or you are going to have to sell me on this. That does not bother any of us. What we do I think is relevant, and we realize that what we do is in no small part driven in part by the confidence of our leaders in what we do. Without that confidence, I just do not want a situation where our workforce decides to walk because I think that really is not a good place for us to be. Senator Heinrich. I think many of us could not agree more. If the underlying facts that the intelligence community brings us are incorrect, we should call that out. I just have not seen any evidence indicating that in this case. Oftentimes we come to different strategic or policy points of view based on that information, but that is an entirely different thing. Director Clapper, I want to go to a little bit more of not just the classified information, but the relevance of publicly available information of the whole picture of Russia's activities within the context of this election. Can you talk a little bit about the activities of the Russian Government's English language propaganda outlets, RT [Russian International Television], Sputnik, as well as the fake news activity we saw, as well as the social media and how those paint a complete picture that is supplemental to what we saw with the hacking in this case? Director Clapper. I appreciate your raising that because while there has been a lot of focus on the hacking, this was actually part of a multi-faceted campaign that the Russians mounted. And, of course, RT, which is heavily supported, funded by the Russian Government, was very, very active in promoting a particular point of view, disparaging our system, our alleged hypocrisy about human rights, et cetera, et cetera. Whatever crack, fissure they could find in our tapestry, if you will, they would exploit it. All of these other modes, whether it was RT, use of social media, fake news--they exercised all of those capabilities in addition to the hacking. And, of course, the totality of that I think, regardless of what the impact was which we cannot gauge, just the totality of that effort not only as DNI but as a citizen I think is of grave concern. Senator Heinrich. Thank you, Mr. Chair. Chairman McCain. Senator Ernst? Senator Ernst. Thank you, Mr. Chair. Gentlemen, thank you very much. I also want to thank you and the men and women that work diligently in the intelligence community for the work that they do for the United States of America. Admiral Rogers, you have stated twice now--you have really stressed this point--that you must be faster and more agile in your responses. Our discussion this morning will go back to a discussion that we had in September of this last year in front of this body because I believe it is important that you understand the capabilities that exist out there and are readily available to the United States Cyber Command. This past September, I asked you about a Government Accountability Office report that stated the Department of Defense does not have visibility of all National Guard units' cyber capabilities because the Department has not maintained a database that identifies the National Guard units' cyber- related emergency response capabilities, as required by law. I was a bit alarmed when you stated that you have not seen the report. It was a report that took about a year to compile and was presented to both this committee and the House Armed Services Committee. Four months later, I still have not received an answer from you, my questions for the record. All of this morning, all of the GAO [Government Accountability Office] recommendations are still open from this report. It has been 4 months and I would just like an update on that, if you have been able to read the report and where is the Department at in regards to tracking National Guard cyber capabilities? Admiral Rogers. Yes, ma'am. First, we did not get your question until December, but I acknowledge that you have formally asked us this. First, as U.S. Cyber Command, I am the operational commander. Manning, training, and equipping is a function of services and the Department. For me in my role, I track the operational readiness levels of all National Guard and Reserve units that are allocated to the mission force. I bore into them in the exact same way I do the active side. In terms of more broadly, how is the Department tracking the set of skills that are available both in the Reserve component, I would argue it is the same challenges that are in the Active component. How do you take advantage of the breadth of capability that is broader than just a particular military occupational specialty, for example? I am the first to acknowledge, after talking to my teammates at OSD and the services, I do not think we have a good answer for you. I will have something in writing for you within the next week or so because I do acknowledge that we need to do that. Senator Ernst. I do appreciate that because how long has the United States been experiencing attacks from entities outside of the United States. Admiral Rogers. You could argue we have been in this cyber dynamic for over a decade. It has gotten worse. Senator Ernst. A decade. We have taken the steps of developing Cyber Command and the capabilities that exist both in our Reserves, National Guard, and the Active component units. To become faster and more agile, we need to know what those capabilities are. If you have a solution to that on how we can track those capabilities, we need to figure that out. Many of these units have the capability of defending networks and yet we are not utilizing those capabilities. We do not know where they exist, to be honest. Admiral Rogers. Please do not take from my comment that we do not believe that the role of the Guard and Reserve is not important. If you look in the last 12 months, we have got two cyber protection teams from the Guard that have been mobilized. We have brought online in the Guard and the Reserve national mission teams for the first time within the last year. I mean, it is great to see how the Guard and Reserve are developing more and more capability. That is a real strength for us. Senator Ernst. Absolutely, and I think we will continue to see those develop even more in the future, but we need to be able to utilize those capabilities that exist out there. You know that many of our best soldiers in the National Guard and Reserve come from the private sector. I know this from some of my own guardsmen that work full-time in computer technology and cyber technology. You stated in September, you were trying to figure out how better to leverage the National Guard. Do you have a response for that? Have you thought of ways that we might be able to use those Guard units more readily? Admiral Rogers. This is a topic that in fact I just was talking to General Lengyel, the Director of the Guard Bureau, a few weeks ago to say, hey, look, this is something in 2017 I want us to sit down. I think there is a couple of specific mission areas where the capabilities of the Guard and Reserve are really well optimized because I would be the first to admit the answer cannot be every time we will just throw the Active component at this. I do not think that is an optimal approach for us to do in business. You will see this play out for us in 2017. We got to work through the title 32 versus title 10 issue, what role, what is the right way to do this. Senator Ernst. Absolutely. Admiral Rogers. Do we put it within the defense support to civil authority construct? I would like that because it is a framework that we already have. I am a big fan of let us not reinvent the wheel when it comes to cyber, how do we take advantage of processes and the structures and authorities that are already in place. That is one thing you will see some specific changes on within the Department. We are working through that right now on the policy side. Senator Ernst. Very good. Well, I appreciate it. I know my time is expiring. I look forward to working with you on that, Admiral Rogers. Chairman McCain. Senator Donnelly? Senator Donnelly. Thank you, Mr. Chairman. I want to thank all of you for all your efforts today, for the amazing careers you have had. Mr. Chairman, thank you for holding this hearing. I think it is critically important to our Nation. I want to be clear that the purpose of today's hearing is not to debate the validity of the election, but to discuss foreign attempts to use cyber attacks to attack our country, including the recent Russian actions intended to influence our elections. I appreciate the bipartisan effort to get our people the answers they deserve. I am grateful for the amazing efforts that our intelligence agencies put forth every single day, that every day lives are on the line to make sure that we are safe and to make sure that all Americans have a chance to take care of their families and go to sleep at night and not have to worry while your people are on the front lines all around the world. I can tell you on behalf all Hoosiers that when it comes down to a choice between your people, our intelligence agencies, and Julian Assange, we are on your team every time. I actually find it stunning that there is even a discussion in our country about the credibility of our intelligence agencies versus Mr. Assange. It is astounding to me that we would even make that comparison when you see the stars in the CIA headquarters of all the people who have lost their lives and all who have lost their lives in our agencies to keep us safe. Director Clapper, how would you describe your confidence in attributing these attacks to the Russian Government as opposed to someone in their basement? Director Clapper. It is very high. Senator Donnelly. The Government has named those responsible for the DNC hacks as APT-28 and APT-29, part of the Russian intelligence services, the GRU and the FSB [Federal Security Service]. Are all these actors targeted by these two entities known to the public, sir? Director Clapper. I am sorry, sir. The question again? Were all what? Senator Donnelly. All the actors targeted by these two entities, the GRU, the FSB, APT-28, 29--do we know everybody? Have you told us who is involved, or are there more that you cannot discuss at this time? Director Clapper. Right. I do not think I can discuss that in this forum. Senator Donnelly. Okay. How far up the chain, in what you can tell us, does this go in regards to the Russians? At what level were the instructions to take these actions given? Director Clapper. Again, sir, I cannot speak to that in this setting. Senator Donnelly. Thank you. Do you think we are communicating clearly to our adversaries in a language that they will understand that the costs will outweigh any gains they get if they try this again? Not only you, Director, but the others, and how do we best send that message, do you think? Director Clapper. Well, certainly the sanctions that have been imposed, the expulsion of the 35 intelligence operatives, the closure of the two facilities which were used for intelligence purposes, and the other sanctions that were levied, I think does convey a message. It is open to debate whether more should be done. I am a big fan of sanctions against the Russians, but that is just me. Senator Donnelly. Admiral, what would you say, sir? Admiral Rogers. I would agree. I mean, the challenge here is, look, I do not think it is in the best interest of any of our nations to be in this confrontational approach to doing business, and we have got to figure out how do we articulate what is acceptable, what is no acceptable in a way that enables us to move forward in a productive relationship. That is not unique to the Russians. I would argue that that is a challenge for us with a whole host of actors out there. This has just, in some ways, been the poster child for this challenge of late. Director Clapper. I would add to that, if I may, that it certainly would be a good thing if we could find areas where our interests converge. I am speaking of ours and the Russians. We have done that in the past. Just to foot stomp Admiral Rogers' point. But I think there is a threshold of behavior that is just unacceptable, and somehow that has to be conveyed. Senator Donnelly. Well, I am out of time, but on behalf of all the American people, we want to thank you. You have dedicated your lives to keeping us safe, and we are incredibly grateful for it. Thank you, Mr. Chairman. Chairman McCain. Senator Sullivan? Senator Sullivan. Thank you, Mr. Chairman. Thank you and the ranking member for holding this hearing. I also want to thank you, General Clapper, Mr. Secretary, for your service, as this might be your last hearing, and the men and women you lead. You described in your testimony the increasing attacks we are seeing not just from Russia but China and other actors, Iran, North Korea, their increasing capabilities. The chairman's opening statement pretty much stated that it is his view--and I certainly share the view--that we are being hit repeatedly because the benefits outweigh the costs for those who are taking these actions against us. Do you agree with that? Director Clapper. I do and I think we all do. For adversaries like--I will just name--North Korea and Iran, it is relatively low-cost acts that can cause havoc. What I think we have seen over time is that they keep pushing the envelope because as their capabilities improve and they are willing to exercise those capabilities. Senator Sullivan. If that is the case--I was glad that I think there is some consensus here. You are talking about retaliating, upping the costs with all instruments of power, Mr. Secretary, you mentioned at the time of our choosing, in the realm of our choosing. But it does not seem to be happening. It does not seem to be happening because the attacks continue. Let me just give an example. Let us say Iran conducted--and you mentioned that they are being more aggressive more risky than North Korea--some kind of cyber attack. If we did something maybe without announcing it, like the President announced the Russian counteraction, but let us say we did not announce it and let us say we did something where we essentially collapsed their financial system or something pretty dramatic. We let them know we did it, but we do not have to publicize it. Do you think that is the kind of action that would say, hey, do not do this or we are going to come back and retaliate at our time, our choosing, and crush you? How come we have not done that yet, and do you think if we did something like that with the Iranians or the North Koreans, would that deter them in the future, Mr. Secretary? Mr. Lettre. Senator, I think you are getting right at the question of what do we mean by a proportional response in some instances. Senator Sullivan. Or asymmetric. You are talking about asymmetric responses, which I fully agree with. Mr. Lettre. That is right. Or in instances that are significantly serious and grave, whether a more than a proportional response is required to really set that deterrence framework in place. Senator Sullivan. But is the key question not right now--it came from the chairman's opening statement, which I think you agreed with--is that nobody seems to be intimidated by us right now. Let me give another example. Senator Inhofe asked a question early on about China. China hacked allegedly--maybe you can confirm that--government-led--22 million files, a lot of the SF-86 files that you use for background clearances. They have mine I was informed by the Government. Very sensitive information, as you know, that they could use against intelligence operatives and military members. Senator Inhofe asked the question, what did we do? The answer that I heard from all of you was, well, we try to protect people like me and, I am sure, others whose sensitive intel information and background information was compromised. But I did not hear any claim of a retaliation on a huge hack--huge. 22 million American Federal, military, intel workers got hacked by the Chinese. The President signed this statement with President Xi Jinping, the United States-China Security Agreement, but obviously, General Clapper, from your testimony the Chinese have not abided by that. Have they? Director Clapper. They have. Senator Sullivan. I am sorry. I thought you said in your testimony today that they continue to conduct cyber attacks. Director Clapper. They continue to conduct cyber espionage. They have curtailed--as best we can tell, there has been a reduction, and I think the private sector would agree with this. There has been some reduction in their cyber activity. The agreement simply called for stopping such exfiltration for commercial gain. Senator Sullivan. Let me just ask a final question. Did we retaliate and up the costs against China after an enormous cyber attack against our Nation? Director Clapper. We did not retaliate against an act of espionage any more than other countries necessarily have retaliated against us for when we conduct espionage. Senator Sullivan. But is that answer not part of the problem that we are showing that we are not going to make it costly for them to come in and steal the files of 22 million Americans, including many intel officers? Director Clapper. Well, as I say, people who live in glass houses need to think about throwing rocks because this was an act of espionage. We and other nations conduct similar acts of espionage. If we are going to punish each other for acts of espionage, that is a different policy issue. Chairman McCain. Senator King? Senator King. Thank you, Mr. Chairman. Your opening statements are always erudite and thoughtful, but I thought today's was particularly so. You touched on all the important points that have really formed the basis for this hearing. I want to thank you for that. Director Clapper, I think it is important to put some context around some of these discussions. One of the most important things to me is that your public statement in October, along with Jeh Johnson, was prior to the election, and you were simply telling facts that you had observed. In my experience of reading intelligence community communications, it is one of the more unequivocal that I have seen. You have stated here you have high confidence in those conclusions that the Russians were behind it, that it was intended to interfere with our elections, and that approval went to the highest levels of the Russian Government. Have you learned anything subsequently that you can tell us here today to contradict those findings that you publicly stated last October? Director Clapper. No. In fact, if anything, what we have since learned just reinforces that statement of the 7th of October. Senator King. There was no political intention. You were simply reporting facts as you saw them. I presume that is correct. Your history is one of being nonpolitical. Director Clapper. Absolutely. I felt particularly strongly, as did Secretary Johnson, that we owed it to the American electorate to let them know what we knew. Senator King. Now, people in Maine are skeptical and they want to have evidence and proof. I am hearing from people, prove it. The problem, as I understand it, is the desire to provide evidence that is convincing that your conclusions are correct versus the danger of compromising national security on sources and methods. Can you sort of articulate that? Because I think that is an important point. Director Clapper. We have invested billions, and we put people's lives at risk to glean such information. If we were to fulsomely expose it in such a way that would be completely persuasive to everyone, then we can just kiss that off because we will lose it, and then that will endanger our--imperil our ability to provide such intelligence in the future. That is the dilemma that we have in intelligence. We want to be as forthcoming and transparent as possible, but we feel very, very strongly, as we do in this case, about protecting very fragile and sensitive sources and methods. Senator King. Let us again turn to a question of context. What we saw in this country this fall and going back actually almost a year was an example of a Russian strategy that has been playing out in Europe for some time that includes not just hacking, as you said, but disinformation, propaganda. I heard just from a senior commander--I took a break here from the hearing--in Europe that Russia is actually buying commercial TV stations in western Europe at this point. This is a comprehensive strategy that we have seen playing out in eastern Europe, and also there was a report this morning that they are funding one of the candidates for the presidency of France in the election this May. Director Clapper. Well, the Russians have a long history of interfering in elections, theirs and other people's. There is a long history in this country of disinformation. This goes back to the 1960s, you know, the heyday of the Cold War--funding that they would share or provide to candidates they supported, the use of disinformation. But I do not think that we have ever encountered a more aggressive or direct campaign to interfere in our election process than we have seen in this case. Senator King. There are so many more channels of disinformation today than there were in the past. One final point. Director Clapper. That is exactly right, and that is a very key point about the--of course, the cyber dimension and social media and all these other modes of communication that did not exist in the Cold War. Senator King. One final point. We had a meeting with the committee with a group of representatives from the Baltic States, and I know the chairman was just in the Baltic States. They are just deluged with this. I mean, they have been warning us about this for years, about the messing around with elections. I said, so what do you do? How do you defend yourself? They said, well, we are trying to defend ourselves in various ways, but the best defense is for our public to know what is going on so they can take it with a grain of salt. I thought that was a very interesting observation because their people now say, oh, yeah, that is just the Russians. That is why I think public hearings like this and the public discussion of this issue is so important because we are not going to be able to prevent this altogether. But we need to have our people understand when they are being manipulated. Would you agree with that conclusion? Director Clapper. Absolutely. That is why I felt so strongly about the statement in October. Senator King. Thank you. Thank you, Mr. Chairman. Chairman McCain. Just to follow up, General Clapper. During the Cold War we had a strategy and we had Radio Free Europe. We had Voice of America. Senator Graham, who will be speaking next, will attest that in our recent trip they do not have a strategy. They do not have a counter-propaganda--the United States of America I am talking about. We have got to develop that strategy even if it encompasses the Internet and social media. But they are doing pretty significant stuff particularly in the Baltics and Eastern Europe. Would you agree, Senator Graham? Senator Graham. Yes. I appreciate being before the committee. Thank you. [Laughter.] Senator Graham. Yes, I would. Would you agree with me that Radio Free Europe is outdated? Director Clapper. I am frankly not up on---- Senator Graham. Well, it says ``radio,'' and a lot of people do not listen to the radio like they used to. Director Clapper. Well, actually radio is a very popular mode in many parts of the world. Senator Graham. Radio is big in your world? Director Clapper. In my world? Senator Graham. Yes. Director Clapper. Not so much. Senator Graham. Yes. I do not listen to the radio much either. The bottom line is you are going to be challenged tomorrow by the President-elect. Are you okay with being challenged? Director Clapper. Absolutely. Senator Graham. Do you both welcome it? Director Clapper. We do. Senator Graham. Do you think it is appropriate? Director Clapper. We do. Senator Graham. Are you ready for the task? Director Clapper. I think so. Senator Graham. Good. Is there a difference between espionage and interfering in an election? Director Clapper. Yes. Espionage implies, to me at least, a passive collection, and this was much more activist. Senator Graham. When it comes to espionage, we better be careful about throwing rocks. When it comes to interfering in our election, we better be ready to throw rocks. Do you agree with that? Director Clapper. That is a good metaphor. Senator Graham. I think what Obama did was throw a pebble. I am ready to throw a rock. Would I be justified as a United States Senator taking your information about Russia's involvement in our election and what they are doing throughout the world and be more aggressive than President Obama if I chose to? Director Clapper. That is your choice, Senator. Senator Graham. Do you think he was justified in imposing new sanctions based on what Russia did? Director Clapper. I do. Senator Graham. To those of you who want to throw rocks, you are going to get a chance here soon, and if we do not throw rocks, we are going to make a huge mistake. Admiral Rogers, is this going to stop until we make the cost higher? Admiral Rogers. We have got to change the dynamic here because we are on the wrong end of the cost equation. Senator Graham. Yes. You got that right. Could it be Republicans' next election? Admiral Rogers. This is not about parties per se. Senator Graham. Yes. It is not like we are so much better at cybersecurity than Democrats. Admiral Rogers. Right. Senator Graham. Now, I do not know what Putin was up to, but I do not remember anything about Trump in the election. Now, if Trump goes after the Iranians, which I hope he will, are they capable of doing this? Admiral Rogers. They clearly have a range of cyber capability and they have been willing to go offensively. We have seen in the United States in the one dam. Senator Graham. If Trump takes on China, which I hope he will, are they capable of doing this? Admiral Rogers. Yes. Senator Graham. We got a chance as a Nation to lay down a marker for all would-be adversaries. Do you agree with that? Admiral Rogers. Yes, and I would be the first to acknowledge we need to think about this broadly. Senator Graham. We should take that opportunity before it is too late. Admiral Rogers. Yes, sir. Senator Graham. Do you agree with me that the foundation of democracy is political parties, and when one political party is compromised, all of us are compromised? Admiral Rogers. Yes, sir. Senator Graham. All right. Now, as to what to do, you say you think this was approved at the highest level of government in Russia, generally speaking. Is that right? Director Clapper. That is what we said. Senator Graham. Who is the highest level of government? Director Clapper. Well, the highest is President Putin. Senator Graham. Do you think a lot happens in Russia big that he does not know about? Director Clapper. Not very many. Senator Graham. Yes. I do not think so. Director Clapper. Certainly none that are politically sensitive in another country. Senator Graham. Okay. Now, as we go forward and try to deter this behavior, we are going to need your support now and in the future. I want to let the President-elect know that it is okay to challenge the intel. You are absolutely right to want to do so. But what I do not want you to do is undermine those who are serving our Nation in this arena until you are absolutely sure they need to be undermined. I think they need to be uplifted, not undermined. North Korea. Let me give you an example of real world stuff that he is going to have to deal with Trump. Do you believe that North Korea is trying to develop an ICBM [Intercontinental Ballistic Missile] to hit the United States or that could be used to hit the United States? Director Clapper. That could be, yes. Senator Graham. Do you agree with that, Admiral Rogers? Admiral Rogers. Yes. Senator Graham. When the North Korean leader says that they are close to getting an ICBM, he is probably in the realm of truth? Admiral Rogers. He is certainly working aggressively to do that. Senator Graham. If the President of the United States says it will not happen, he is going to have to come to you all to figure out how far along they are because you would be his source for how far along they are. Is that right? Director Clapper. I hope we would be the source. Senator Graham. Yes. I hope he would talk to you too. Here is what I hope he realizes, that if he has to take action against North Korea, which he may have to do, I intend to support him, but he needs to explain to the American people why. One of the explanations he will give is based on what I was told by the people who are in the fight. Let me tell you this. You do not wear uniforms, but you are in the fight. We are in a fight for our lives. I just got back from the Baltics, Ukraine, and Georgia. If you think it is bad here, you ought to go there. Ladies and gentlemen, it is time now not to throw pebbles but to throw rocks. I wish we were not here. If it were up to me, we would all live in peace, but Putin is up to no good and he better be stopped. Mr. President-elect, when you listen to these people, you can be skeptical but understand they are the best among us and they are trying to protect us. Thank you all. Chairman McCain. Would you have any response to that diatribe? [Laughter.] Director Clapper. Senator Graham and I have had our innings before, but I find myself in complete agreement with what he just said and I appreciate it. Chairman McCain. Thank you. Director Clapper. Chairman McCain, if I might just pick up on a comment of yours and that has to do with the information fight, if you will. This is strictly personal opinion, not company policy. But I do think that we could do with having a USIA [United States Information Agency] on steroids, United States Information Agency, to fight this information war a lot more aggressively than I think we are doing right now. Chairman McCain. You know, I agree, General, and I think one of the areas where we are lacking and lagging more than any other area is social media. We know these young people in the Baltics are the same as young people here. They get their information off the Internet, and we have really lagged behind there. Senator Gillibrand? Senator Gillibrand. Thank you, Mr. Chairman and Mr. Ranking Member, for hosting this very important hearing. I want to follow on some of the questioning that Senator Ernst started concerning the National Guard and cyber. I have been pushing DOD to use the Guard for years and appreciate that this is beginning to happen. Members of the Guard bring unique skills and capabilities, and we should be leveraging them. Admiral Rogers, I look forward to working with you on how best to do this. Can you tell me whether there has been movement on the Army National Guard cyber protection teams being included in the cyber mission forces? Admiral Rogers. Yes. We brought two online that have been activated in the last year, two additional that are coming online in 2017, the first of which just came online. Yes, ma'am. Senator Gillibrand. How much more is left to be done? Admiral Rogers. The Guard and Reserve are bringing on an additional 21 teams. Those will not be directly affiliated with the mission force. But one of the things I think we are going to find over time, the only way to generate more capacity in a resource-constrained world is to view this as an entire pie, not just, well, here is one sliced off area, the mission force, and here is a separate area, the Guard and Reserve. I think what we are going to be driven to is we are going to have to look at this as much more integrated whole. Senator Gillibrand. I do too because at the end of the day, our Guard and Reserve--they have day jobs and they may be working at Google and Microsoft and Facebook and all these technology companies and have extraordinary skills. As a way to tap into the best of the best, I think we should look at people who already have these skills who are already committed to serving our Nation as best we can. I appreciate your work. Admiral Rogers. If I could, one area that I would be interested in your help in--for many employers in the Guard and Reserve--and I say this as the son of guardsman when I was a kid growing up--they often--sometimes--tend to view that service as something that you do overseas. Hey, I am willing to let you go because you are going to Afghanistan, you are going to Iraq. In the world of cyber, we are operating globally from a garrison, pick the location---- Senator Gillibrand. From any location in the world. Admiral Rogers. Anywhere. This just came up. General Lengyel and I were just talking about this yesterday, as a matter of fact. I said one of the things we need to do is educate employers about what is the nature of this dynamic, and it is every bit as relevant as we are sending somebody to Afghanistan or Iraq. Senator Gillibrand. I think that is right. On a separate topic but related, I have long been advocating for aggressive development of the manpower that we need to support our cybersecurity mission. In particular, I continue to believe that we have to not only develop the capability in our military and the interest in cyber among young Americans, but that the military must be creative when thinking about recruitment and retention of cyber warriors. How would you assess our current recruitment and retention of cyber warriors? What challenges do you foresee in the future, and what recommendations do you have to address them? Because, obviously, we are competing with some of the most dynamic, innovative companies in the world, but we need them to be our cyber defense and our cyber warriors. Admiral Rogers. Knock on wood. In the military aspect, we are exceeding both our recruiting and retention expectations. I worry about how long can we sustain that over time in the current model. My immediate concern is a little less on the uniform side in part because if money was a primary driver for them, they would not have come to us in the first place. On the civilian side, however, that is probably my more immediate concern. I am finding it more challenging. We are able to recruit well. Retaining them over time--I am really running into this on the NSA side right now. How do you retain high-end, very exquisite civilian talent for extended periods of time? Senator Gillibrand. Well, I would be delighted to work with you over the next year on that. Director Clapper, I was very interested in your opening remarks and the initial conversation you were having about the Russian hack onto the DNC and to various personnels' emails and the question of whether it was a declaration of war. Given that that is such a serious statement, I want to ask you, do you think we should take things like the Democratic or Republican Party infrastructure and consider them to be critical infrastructure? Should we actually be looking at our infrastructure differently because of this recent event? Director Clapper. That has been a subject of discussion about whether, you know, our political infrastructure should be considered critical infrastructure. I know Secretary Johnson has had a discussion with State officials about that, and there is some pushback on doing that. It is a policy call. Whatever additional protections that such a declaration would afford, I think that would be a good thing. But whether or not we should do that is really not a call for the intelligence community to make. Senator Gillibrand. Well, I hope it is one that the members here on this committee will discuss because if it does result in such a grave intrusion, maybe it should be critical infrastructure. Certainly politics and political parties are not set up that way, and so it would be quite a significant change. Thank you. Chairman McCain. Director Clapper has to leave in about 20 minutes. We will enforce the time. Senator Tillis? Senator Tillis. Thank you, Mr. Chair. Gentlemen, thank you all for your service. I for one have high confidence in the community that you represent, and I hope that they recognize that I speak for most of the Senators here that share the same view. Director Clapper, I am going to spend most my time probably reflecting on some of the comments that you have made. The glass house comment is something I think is very important. There has been research done by a professor up at Carnegie- Mellon that has estimated that the United States has been involved in one way or another in 81 different elections since World War II. That does not include coups or regime changes. Tangible evidence where we have tried to effect an outcome to our purpose. Russia has done it some 36 times. In fact, when Russia apparently was trying to influence our election, we had the Israelis accusing us of trying to influence their election. I am not here to talk about that, but I am here to say that we live in a big glass house and there are a lot of rocks to throw. I think that is consistent with what you said on other matters. I want to get back to the purpose of the meeting, the foreign cyber threats. I think, Admiral Rogers and Director Clapper, you all have this very difficult thing to communicate to policy people who many not have subject-matter expertise in this space. For example, Director Clapper, you were saying that one of the problems with the counterattack--I think it was you. It could have been Admiral Rogers--is that you may have to use an asset that is actually a presence on some other nation where that nation may or may not know that we have a presence there. In fact, we have presences across cyberspace that are not known that as a part of a counterattack, the counterattack could be nothing more than exposing our presences because we know a lot of our adversaries may or may not be aware of presences that we have out there in appropriate locations. Is that correct? Director Clapper. Yes, and I think you have succinctly illustrated the complexities that you run into here. Senator Tillis. That is why as thrilling as somebody who has written the precursors to phishing code before and stolen passwords as a part of ethical hack testings--I was paid to do this. That underscores the need for us to really be educated about the nature of this battle space and how more often than not, it is probably more prudent to seek a response that is not a cyber response given the fluid nature. We are in an environment now where we see a threat and we build a weapon system. It is on the water. It is on the air. It is on the ground. Then we kind of counter that threat and we come up with war plans to use that capability. In cyberspace, major weapon systems get created in 24-hour cycles. You have no earthly idea whether or not you have a defensive capability against them. If you all of a sudden think let us go declare war in cyberspace, be careful what you ask for because collectively there are 30 nations right now that have some level of cyber capability. There are four or five of them that are near peer to the United States. There are two or three that I think are very threatening and in some cases probably have superior capabilities to us in terms of presences, maybe not as sophisticated but potentially in a cyber context more lethal. I think there are a lot of questions. One of the beauties of being a freshman--I guess now I am not a freshman--being at the end of the dais, all the good questions have been asked. But one of the things that I would suggest that we do is we as members really get educated on the nature of this threat and the manner in which we go about fighting it and understanding that the iterative nature of weapons creations on the Internet are unlike anything we have seen in record human history for warfare, and we need to understand that. We also need to understand what the rules of engagement are going to be and how future AUMFs actually include a specific treatment for behaviors that are considered acts of war and then a whole litany of things that we should do for appropriate responses so that we can begin to make more tangible the consequences of inappropriate behavior in cyberspace. That is not so much a diatribe, but it probably is a speech, Mr. Chair. The last thing I will leave you with is, Admiral Rogers, I would like for my office to get with you and continue to talk about how we get these bright people, retained and recruited, to stay up to speed with developing these threats. We need to understand that they are secret to creating these weapon systems to counter the malicious acts like Russia, China, Iran, and a number of other nations are trying to develop against us. Thank you. Chairman McCain. Senator Hirono? Senator Hirono. Thank you, Mr. Chairman. Thank you, gentlemen, for your service. I think it is clear that we have tremendous concerns about the Russian hacking in our elections, and I think it is more than ironic that we have a President-elect who kept talking about our elections being rigged, which I would consider trying to interfere with our elections to be a part of a rigged kind of an election. At the same time, he denied Russia's activities in this regard. Some of this was already touched on regarding the President-elect's attitudes toward the intelligence community, the impact on morale. Going forward, as we are challenged by the need to have more cyber-aware or skilled cyber workforce, if this attitude toward the intelligence community does not change on the part of decision-makers, including the President, would you agree that it would make it that much harder, Director Clapper and Admiral Rogers, to attract the kind of cyber-experienced workforce that we need to protect our country? Director Clapper. Well, it could. I do not know that we could say some of these statements have had any impact on recruiting. It could. Senator Hirono. Or retention. Director Clapper. I think it could. On retention, I think just maybe to embellish what Admiral Rogers was saying, I do think that consideration needs to be given to having more flexibility and more latitude on compensation for our high-end cyber specialists who are lured away by industry that are paying huge salaries. That is not why you are in the Government, not why you serve in the intelligence community, not obviously for money. But I do think in those highly technical, high-end skill sets that we badly need in the Government in the intelligence community, that it would be helpful to have more latitude on compensation. Admiral Rogers. I would agree, Senator. Senator Hirono. Very briefly. Admiral Rogers. Both of these individuals know within the last 24 hours, which I said using my authority as the Director of NSA, I am going to authorize the following increased compensations for the high-end cyber part of our workforce because I am just watching the loss. Senator Hirono. Yes, of course. It is not just compensation that attracts people to what we are doing in our intelligence community because service to the country is a very important motivation. And, of course, I would think that morale would be very much attendant to that. There was some discussion about what would constitute, in the cyber arena, an act of war. Director Clapper, I note in your testimony that I think this is one of the reasons that we want to develop international norms in this arena. Who should be the key players in developing agreeing to these international norms in the cyber arena? If the big players are United States, China, Russia, if we do not have those players at the table to come up with these international norms, how realistic is it to develop and---- Director Clapper. Well, that is exactly the challenge. Those are the key nation states that we would need to engage. There has been work done under the auspices of the United Nations to attempt to come up with cyber norms, but I think we are a ways away from those having impact. Senator Hirono. Would you agree, Admiral Rogers? Admiral Rogers. Yes, ma'am. Senator Hirono. Turning to the awareness of the public as to the extent of the threat, a 2016 opinion piece by two members of the 9/11 Commission--basically they said that the most important thing government and leaders in the private sector can do is to clearly explain how severe this threat is and what the stakes are for the country. Director Clapper, do you think that the general public understands the severity of the cyber threat and the stakes for the country? What should Americans keep in mind with regard to this threat? What can ordinary Americans do to contend with this threat? Director Clapper. I think there is always room for more education, and certainly we have a role to play in the intelligence community in sharing as much information as we can on threats posed by both nation states, as well as non-nation states. I think there are simple things that Americans can do to protect themselves. You know, be aware of the threat posed by spear phishing, for example, which is a very common tactic that is used yet today. We have a challenge in the Government getting our people to respond appropriately to cyber threats. This is one case where communicate, communicate, communicate is the watchword. Chairman McCain. Senator Cruz? Senator Cruz. Thank you, Mr. Chairman. Gentlemen, thank you for being here. Thank you for your service to our Nation. The topic of this hearing, cybersecurity, cyber attack, is a growing threat to this country and one that I think will only become greater in the years ahead. We have seen in recent years serious attacks from, among others, Russia, China, North Korea. Indeed, it is with some irony--I spent a number of years in the private sector, and to the best of my knowledge never had my information hacked. Then all I had to do was get elected to the United States Senate and the Office of Personnel Management was promptly hacked and everyone on this bench had our information stolen by a foreign assault. My question, Admiral Rogers, starting with you is what do you see as the greatest cybersecurity threats facing our country, and what specifically should we be doing about it to protect ourselves? Admiral Rogers. A small question. When I look at the challenges and the threats, it is, in no particular order, significant extraction of information and insight that is generating economic advantage for others, that is eroding operational advantage at times for us as a Nation. That is, as you have seen in this Russian piece, where not just the extraction but then the use of this information adds a whole other dimension. What concerns me beyond all that is what happens as we start to move in an environment in which not only is information being--I have heard some people use the phrase ``weaponized.'' What happens when now we see people suddenly manipulating our networks so we cannot believe the data that we are looking at. That would be a real fundamental game-changer to me, and to me it is only a question of the ``when'' not the ``if'' this is going to happen. What happens when the non-state actor decides that cyber offers an asymmetric advantage to them? Because their sense of risk and their willingness to destroy the status quo is significantly different and greater than your typical nation state. Those are the kinds of long- term things. As we talked about more broadly today, we have got to get better on the defensive side because part of deterrence is making it harder for them to succeed. I acknowledge that. But a defensive strategy alone is not going to work. It is a resource-intensive approach to doing business, and it puts us on the wrong end of the cost equation. That is a losing strategy for us, but it is a component of a strategy. We have got to ask ourselves how do we change this broader dynamic. To go the point you have heard repeatedly today, how do we convince nations and other actors out there that there is a price to pay for this behavior, that in fact it is not in your best interest. Senator Cruz. What should that price be? Admiral Rogers. It is a wide range of things. There is no one silver bullet, which is another point I would make. If we are looking for the perfect solution, there is not one. This will be a variety of incremental solutions and efforts that are going to play out over time. There is no one single approach here. Senator Cruz. Well, and your point about manipulating data, about a month ago I chaired in a different committee a hearing on artificial intelligence and our economy's growing reliance on artificial intelligence. One of the things that the witnesses testified there was concern on the cybersecurity side of a hack that would modify the big data that is being relied on for artificial intelligence to change the decision-making in a way nobody is even aware it has been changed. I think that is a threat I hope that you all are examining closely, and it is the sort of threat that could have significant repercussions without anyone even being aware it is happening. Let me shift to a different topic. Director Clapper, you have testified before this committee that Cuba is an intelligence threat on par with Iran and listed below only Russia and China. There are reports that Lourdes, the Russian- operated signal intelligence base in Cuba, will be reopened. Additionally, this past summer Russia and Nicaragua struck a deal to increase military and intelligence cooperation, resulting in an influx of Russian tanks into Managua and an agreement to build an electronic intelligence base, which may be disguised as a satellite navigation tracking station. To the best of your knowledge, what is Russia's strategy in the western hemisphere, and how concerned are you about the Russians expanding their influence in Cuba and Nicaragua? Director Clapper. Well, the Russians are bent on establishing both a presence in the western hemisphere and they are looking for opportunities to expand military cooperation, sell equipment, airbases, as well as intelligence gathering facilities. It is just another extension of their aggressiveness in pursuing these interests. With respect to Cuba, Cuba has always had long-standing, very capable intelligence capabilities, and I do not see a reduction of those capabilities. Senator Cruz. Thank you. Chairman McCain. Senator Kaine? Senator Kaine. Thank you, Mr. Chair. Thanks to the witnesses for today and for your service. Mr. Chair, I appreciate you calling this hearing. I think this hearing is a test of this body, the Article 1 branch of Congress, this hearing and others to follow. I was chairman of the Democratic National Committee for a couple years, and we had a file cabinet in the basement that had a plaque over it. It was a file cabinet that was rifled by burglars in an invasion of the Democratic National Committee in 1972. It was a bungled effort to take some files and plant some listening devices. That small event led to one of the most searching and momentous congressional inquiries in the history of this country. It was not partisan. One of the leaders of the congressional investigation was a great Virginian called Will Butler, who was my father-in-law's law partner in Roanoke, Virginia before he went to Congress, played a major role. It was not an investigation driven because something affected the election. The 1972 presidential election was the most one-sided in the modern era. But it was a high moment for Congress because Congress in a bipartisan way stood for the principle that you could not undertake efforts to influence an American presidential election and have there be no consequence. The item that we will discuss and we will discuss more when the hearing comes out is different. That was a burglary of a party headquarters that was directed to some degree from the Office of the President. But this is very serious. The combined intelligence of this country has concluded that efforts were undertaken to influence an election by an adversary, an adversary that General Joe Dunford, the head of the Joint Chiefs of Staff, said in testimony before this hearing, was in his view the principal adversary of the United States at this point. In addition, the attack was not just on a party headquarters. The October 7 letter that you have referred to talked about attacks on individuals, current and former public officials with significant positions, and also attacks on State boards of elections. The letter of October 7 traced those attacks to Russian entities, Russian companies, and did not ascribe, at least in that letter, to that directed by the Russian Government, but I am curious about what the full report will show. It is my hope that this Congress is willing to stand in a bipartisan way for the integrity of the American electoral process and will show the same backbone and determination to get all the facts and get them on the table, as the Congress did in 1974. There was another congressional inquiry that was directed after the attacks on 9/11, and there was a powerful phrase in that report that I just want to read. The commission concluded, quote, the most important failure was one of imagination. We do not believe leaders understood the gravity of the threat. That is something I think we will have to grapple with. Did we have sufficient warning signs? I think we did. Having had sufficient warning signs, why did we not take it more seriously? That question is every bit as important as a question about what a foreign government, an adversary, did and how we can stop it from happening. Three quick points. One, is the report next week that is going to be issued not solely going to be confined to issues of hacking but also get into the dimension of this dissemination of fake news? Will that be one of the subject matters covered? Director Clapper. Without preempting the report, we will describe the full range of activities that the Russians undertook. Senator Kaine. I think that is incredibly important. I had a little role in this election. I was along for he ride for 105 days and was the subject of a couple of fake news stories. It was interesting. There were at least three that the mainstream media did not cover because they were so incredible that like why would they. But I looked at one of the stories that had been shared 800,000 times. When I see an administration who has put in place as the proposed national security advisor someone who traffics in these fake news stories and retweets them and shares them, who betrays a sense of either gullibility or malice that would kind of be--these are stories that most fourth graders would find incredible. That a national security advisor would find them believable enough to share them causes me great concern. Second, go back to Joe Dunford. He talked about Russia as a potential adversary because they have capacity and they have intent. With respect to our cyber, I think we have capacity, but I think what we have shown is we have not yet developed an intent about how, when, why, whether we are going to use the capacity we have. If we are going to shore up our cyber defense, in one word do you think what we really need to shore up is our capacity, or do we need to shore up our intent? Director Clapper. As we look at foreign adversaries, that is always the issue is capability and intent. Certainly in the case of the Russians, they do pose an existential threat to the United States. I agree with Chairman Dunford on that. It is probably not our place, at least my place, in the intelligence community to do an assessment of our intent. That is someone else's place. It is not mine. Chairman McCain. Senator Shaheen? Senator Shaheen. Thank you, Mr. Chairman and Senator Reed, for holding this hearing. Thank you all very much for testifying this morning and for your service to the country. Dr. Robert Kagan testified before this committee last December with respect to Russia. At that time, there was less information known to the public about what had happened in their interference in the elections. But one of the things he pointed out was that Russia is looking at interference in elections, whether that be cyber or otherwise, the whole messaging piece that you discussed with Senator Heinrich, as another strategy along with their military action and economic and other diplomatic methods to undermine Western values, our Euro-Atlantic alliance, and he very democracies that make up that alliance. Is that something that you agree with, Director Clapper? Director Clapper. Yes. That is clearly a theme. It is certainly something that the Russians are pushing in messaging in Europe. They would very much like to drive wedges between us and Western Europe, the alliances there, and between and among the countries in Europe. Senator Shaheen. I assume that there is agreement on the panel. Does anybody disagree with that? One of the things that I think has emerged, as I have listened to this discussion, is that we do not have a strategy to respond to that kind of an effort. We do not have a strategy, it has been testified, with respect to cyber, but a broader strategy around messaging around how to respond to that kind of activity. Do you agree with that? Director Clapper. I am speaking personally. Senator Shaheen. Sure. Director Clapper. This is not an institutional response. As I commented earlier to Senator McCain, I do think we need a U.S. Information Agency on steroids that deals with the totality of the information realm and to mount in all forums and to include the social media. Senator Shaheen. I am sorry to interrupt, but can I just ask why do you believe that has not happened. Director Clapper, Admiral Rogers? Director Clapper. For my part, I do not know why it has not. I cannot answer that. Senator Shaheen. Admiral Rogers? Admiral Rogers. From my perspective, in part because I do not think we have come yet to a full recognition of the idea that we are going to have to try to do something fundamentally different. I think we still continue to try to do some of the same traditional things we have done and expecting to do the same thing over and over again, yet achieve a different result. Senator Shaheen. No. That is the definition of ``crazy.'' I think we have determined that. Secretary Lettre? Mr. Lettre. I would just add that in this area, the capability and intent framework is useful to think about. I think it is only in the last few years that we have seen adversaries with true intent to use propaganda and the ability to reach out as terrorists are doing and try to incite and match that up with the tremendous power that social media tools allow to make that easy and simple and effective and broadly applicable. Senator Shaheen. Given that this is a strategy and given that it is aimed not just at the United States particularly with respect to interference in our elections but at Western Europe and Eastern Europe for that matter, is there an effort underway to work with our allies through NATO or otherwise? I have been to the cybersecurity center in Estonia, but there did not seem to be a NATO agreement that this was something that we should be working on together to respond to. Is this an effort that is underway? Mr. Lettre. Just speaking from my lens on things, there is a lot of interest in doing that and doing it more effectively and more comprehensively, but we have not cracked the code on doing it effectively yet. We need to keep the pressure on ourselves and our NATO allies who are likeminded in this regard to keep improving our approach. Admiral Rogers. It has also got to be much broader than just cyber. Senator Shaheen. Thank you. Director Clapper, my time is almost up, but before you go since this is the last opportunity we will have to hear from you, can I just ask you, do you think the DNI needs reform? Director Clapper. Well, there is always room for improvement. I would never say that this is the ultimate. I do think it would be useful, though, if we are going to reform or change the DNI or change CIA, that some attention be given to, in our case, the legislative underpinnings that established the DNI in the first place and then have added additional functions and responsibilities over the years, that the Congress has added, to our kit bag of duties. But to say that there is not room for improvement, I would never suggest that. Senator Shaheen. I appreciate that. I certainly agree with you. I think that if there is going to be this kind of major reform, hopefully both legislators and others who have been engaged in the intelligence community will be part of that effort. Director Clapper. I certainly agree the Congress, no pun intended, gets a vote here I think. Senator Shaheen. Thank you. Chairman McCain. I know that our time has expired, and I apologize to our new members that you will not have time because you have to go. But maybe, Director Clapper, since this may be, hopefully, your last appearance, do you have any reflections that you would like to provide us with, particularly the role of Congress or the lack of the role of Congress in your years of experience? Director Clapper. I am going to have to be careful here. Chairman McCain. I do not think you have to be. [Laughter.] Director Clapper. I was around in the intelligence community when the oversight committees were first established and have watched them and experienced them ever since. Congress does have clearly an extremely important role to play when it comes to oversight of intelligence activities, and unlike many other endeavors of the Government, much of what we do, virtually all of what we do is done in secrecy. The Congress has a very important, a crucial responsibility on behalf of the American people for overseeing what we do particularly in terms of legality and protection of facilities and privacy. At risk of delving into a sensitive area, though, I do think there is a difference between oversight and micromanagement. Chairman McCain. Well, we thank you. We thank the witnesses. This has been very helpful. Director Clapper, we will be calling you again. Director Clapper. Really? [Laughter.] Chairman McCain. This meeting is adjourned. [Whereupon, at 12:09 p.m., the committee was adjourned.] [Questions for the record with answers supplied follow:] Questions Submitted by Senator James Inhofe cyber deterrence 1. Senator Inhofe. Director Clapper, is it possible to deter adversaries from attacking America in an environment where the strategic capability and weapon system is available to anyone with broadband internet access? Director Clapper. [Deleted.] 2. Senator Inhofe. Director Clapper, do you believe that sanctions like the ones levied against Russia in response to its election-related cyber activities are the proper tool to discourage future such behavior? What other tools would you recommend? Director Clapper. [Deleted.] 3. Senator Inhofe. Director Clapper, do you believe that Obama Administration's response to Russia's recent activities represents a blueprint for effectively dealing with state-orchestrated malicious cyber activity? Director Clapper. [Deleted.] china 4. Senator Inhofe. Director Clapper, do you believe China is abiding by its commitment not to support cyber enabled theft of intellectual property including trade secrets or other confidential business information for commercial advantage? Are they still conducting cyberattacks on the United States? Director Clapper. [Deleted.] telecom companies with ties to foreign governments 5. Senator Inhofe. Director Clapper, in 2012, the House Intelligence Committee determined that China-based telecommunications companies Huawei and ZTE posed potential dangers to national security due to their entanglements with the Chinese Government. The same year, Australia denied a $41-billion national broadband contract to Huawei over similar concerns. However, Huawei is again trying to making inroads in Australia, and is working in the state of Victoria on data analysis and key utility systems. Do you believe significant involvement by our close allies with companies like Huawei poses a significant threat? Director Clapper. [Deleted.] __________ Questions Submitted by Senator David Perdue threats to u.s. infrastructure and how to respond 6. Senator Perdue. Admiral Rogers, you have stated several times that other nation states, such as Russia, China, Iran, and North Korea, have the power to cripple our critical infrastructure. Could these actors take down the U.S. power grid with their current capabilities today? Admiral Rogers. [Deleted.] 7. Senator Perdue. Admiral Rogers, do such actors have the power to take down our banking and/or transportation infrastructure grids today? Admiral Rogers. [Deleted.] 8. Senator Perdue. Admiral Rogers, if a state actor, or state- sponsored actor, were to take down any of our critical infrastructure (specifically, one of the 17 infrastructure subsecors designated as ``critical infrastructure subsectors'' by the Department of Homeland Security), would you consider this an act of war? Admiral Rogers. I defer to the Office of the Secretary of Defense, as the determination of what constitutes an ``act of war'' is a policy and legal decision. U.S. Cyber Command could respond to a Defense Support to Civil Authorities (DSCA) request if the request is routed through the Department of Homeland Security to the Secretary of Defense, and subsequently approved by the Secretary of Defense. 9. Senator Perdue. Admiral Rogers, how would you recommend the U.S. respond to such an attack? Admiral Rogers. As commander of U.S. Cyber Command, I would present our Nation's leaders with suitable options for the employment of cyberspace capabilities in response to the incident, and to deter or prevent further hostile acts. However, it is important to recognize that a cyber attack does not necessarily require a cyber response. Cyber is only one element of national power our leaders can consider when developing a U.S. Government response to any type of attack on our Nation. 10. Senator Perdue. Admiral Rogers, what are we prepared to do in response to such an attack? Admiral Rogers. Cyberspace response options, which vary by adversary and must be addressed on a case-by-case basis, should include whole-of-government considerations/response, and are subject to policy considerations. It is important to recognize that a cyber attack does not necessarily require a cyber response. Cyber is only one element of national power our leaders can consider when developing a U.S. Government response to any type of attack on our nation. U.S. Cyber Command's efforts to develop a rapidly maturing Cyber Mission Force (including those in the National Guard), coupled with strong relationships with intelligence organizations, foreign partners, allies, industry, academia, and joint partners, provide a resilient foundation from which we are developing cyberspace options to defend our networks, deter adversaries, and help defend the nation. U.S. Cyber Command is actively developing additional capabilities and capacities, aligned against our adversaries, so that when called upon by our nation's leaders, we are ready to support with full-spectrum cyberspace options. definition of cyber ``act of war'' and international consensus 11. Senator Perdue. Director Clapper and Admiral Rogers, you raised in your joint testimony that the key problem in dealing with cyber issues with our adversaries is that there is not an international consensus over key concpets regarding what constitutes an act of aggression or use of force in cyberspace and what international laws should govern this debate. What efforts are being undertaken to advance a sense of consensus on how we define cyberattacks on the world stage? Director Clapper. [Deleted.] Admiral Rogers. [Deleted.] 12. Senator Perdue. Director Clapper and Admiral Rogers, how can we better define the rules of the road for cyber internationally so we can appropriately defend our NATO allies when necessary, and so that any actions that we deem as appropriate countermeasures don't get blown out of proportion and elicit unforeseen consequences? Director Clapper. [Deleted.] Admiral Rogers. [Deleted.] 13. Senator Perdue. Director Clapper, you said in your February 2016 threat assessment that you would continue to monitor compliance with China's September 2015 commitment to refrain from conducting or knowingly supporting cyber-enabled theft of intellectual property for providing a completive advantage. Could you provide us with an update on China's compliance with the September 2015 agreement? Director Clapper. [Deleted.] 14. Senator Perdue. Director Clapper, does China continue to sponsor hacking and cyber espionage for commercial gain? Director Clapper. [Deleted.] ``dual hat'' issue 15. Senator Perdue. Admiral Rogers, in the president's signing statement of the 2017 NDAA, President Obama expressed his displeasure with the new limitations preventing the premature separation of Cyber Command and NSA. Is it still your professional military advice that maintaining the ``dual hat'' is in our best national security interest? Admiral Rogers. My professional military advice is that separation is the right step in the future, but it will take dedicated effort and resources to ensure the long-term success of both organizations following separation. Therefore, upon elevation of U.S. Cyber Command, the Commander, USCYBERCOM, should provide the Secretary of Defense and Chairman of the Joint Chiefs of Staff a vision and plan for potential future separation. This vision and plan would define the required resources and associated time table for separation. 16. Senator Perdue. Secretary Lettre and Admiral Rogers, the President's statement suggests that the Department of Defense and the Office of the Director of National Intelligence are taking steps to begin the separation. Have you been asked to take any irreversible steps that may undermine the law the President signed a few weeks ago prohibiting the separation until a number of specific conditions have been met? Secretary Lettre. [Deleted.] Admiral Rogers. No. 17. Senator Perdue. Admiral Rogers, how would you advise the next administration to consider the ``dual hat'' issue? Admiral Rogers. I would advise the administration that elevation and the dual-hat issue are separate and distinct. My professional military advice is that separation is the right step in the future, but it will take dedicated effort and resources to ensure the long-term success of both organizations following separation. Additionally, I recommend the elevation of U.S. Cyber Command to a combatant command occur now. Upon the elevation of U.S. Cyber Command, the Commander, U.S Cyber Command, should provide the Secretary of Defense and Chairman of the Joint Chiefs of Staff a vision and plan for potential future separation. This vision and plan would define the required resources and associated time table for separation. isis--disrupt v. destroy 18. Senator Perdue. Secretary Lettre and Admiral Rogers, according to Secretary Carter, we are ``using cyber tools to disrupt ISIS's ability to operate and communicate over the virtual battlefield.'' Why are we only trying to ``disrupt'' ISIS's ability to operate and communicate in cyberspace? Shouldn't we aspire to destroy ISIS's ability to leverage cyberspace to its advantage? Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 19. Senator Perdue. Admiral Rogers, to what extent are overly restrictive limitations or the lack of clear policy guidance from the Obama Administration impeding your ability to utilize cyber on the battlefield? Admiral Rogers. Cyber has been successfully used on the battlefield in support of and in executing primary military objectives; we are getting better at delivering cyber effects to support our National objectives every day. That said, it is a complex domain that requires a better coordinated whole-of-government approach and allocation of commensurate resources so that the speed at which cyber effects can be delivered meet the timing and tempo required on the battlefield. Currently, outside of existing authorities granted under the Countering Adversary Use of the Internet (CAUI) EXORD, operations that will create a cyber effect must be approved by the President (PPD-20). 20. Senator Perdue. Admiral Rogers, how could the military better use the cyber tools at our disposal to target ISIL's ability to operate and communicate over the virtual battlefield? Admiral Rogers. [Deleted.] cyber as a part of russian hybrid attacks and how to better aid european allies 21. Senator Perdue. Director Clapper and Secretary Lettre, we're seeing an intensification of so-called hybrid warfare by Russia not only in the United States, but also against targets in Eastern Europe, such as the use of a combination of cyberattacks, propaganda, and little green men to destabilize and otherwise subvert Ukraine. Given the fact that many of these actions can't be immediately confirmed as attributed to Russia, what's the appropriate response of nation-states to these types of actions? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] 22. Senator Perdue. Director Clapper and Secretary Lettre, how do you think Russia might further use cyber warfare going forward to destabilize Ukraine or the Baltics, especially as a part of a broader hybrid warfare effort? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] 23. Senator Perdue. Secretary Lettre and Admiral Rogers, what are we doing to assist states who may be vulnerable to future Russian cyberattacks to help them build up their capabilities? Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 24. Senator Perdue. Director Clapper, Secretary Lettre and Admiral Rogers, how concerned should we be in the United States about the Russian capacity and capability in cyberspace? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 25. Senator Perdue. Director Clapper and Secretary Lettre, are we prepared and postured to counter this threat? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] cyber policy deficiencies 26. Senator Perdue. Secretary Lettre and Admiral Rogers, some have expressed concern that the dysfunction of the White House policy process has greatly restricted the Department of Defense's ability to provide capabilities that could address urgent warfighter needs. From a warfighting standpoint, would you characterize the authorities delegated to you as being expansive or limited? Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 27. Senator Perdue. Admiral Rogers, how does the delegation of authority for Cyber Command compare to the authorities you are delegated as NSA director in emergency situations? Admiral Rogers. [Deleted.] 28. Senator Perdue. Admiral Rogers, how has the uncertainty hampered your ability to meet the needs of the geographic combatant commands? Admiral Rogers. Uncertainty in the emerging cyberspace domain is a challenge; however, close interagency coordination, information sharing, and planning has delivered positive mission outcomes in support of combatant commander objectives around the globe. As we do so, our greatest challenge is our combatant commanders want more and more as we bring forces online. I believe that is a testament to what our men and women bring to the fight. What I hear from my fellow operational commanders is ``could you do even more and could you do it faster''? iranian cyber threats 29. Senator Perdue. Director Clapper, Secretary Lettre and Admiral Rogers, it now appears that Iran has ramped up its use of cyberattacks (including on U.S. financial institutions) as well as cyber reconnaissance efforts on diplomats and critical infrastructure. Do you believe that the Iranian regime has control over the majority of cyber operations that emanate from Iran? Are most cyberattacks coming from Iran state-directed? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 30. Senator Perdue. Director Clapper, Secretary Lettre and Admiral Rogers, could you discuss Iran's cyber capabilities and how they impact our national security? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] north korea cyber threats 31. Senator Perdue. Director Clapper, Secretary Lettre and Admiral Rogers, last year, South Korean officials uncovered a North Korean plot for a massive cyberattack where North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies. Have you found proof of any similar threats or attacks on United States companies and government agencies from North Korea? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 32. Senator Perdue. Director Clapper, Secretary Lettre and Admiral Rogers, what could be done to deter North Korean cyberattacks against the United States? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] adequate cyber force 33. Senator Perdue. Admiral Rogers, the Services are largely on track to meet the September 2018 goal for the training of a 6,200- person cyber force. However, the same cannot be said concerning the development and procurement of basic tools and capabilities required for both defensive and offensive cyber operations. Unless the services begin to prioritize the development of these capabilities, we could be heading down the path to a hollow cyber force. Do you agree that we are currently on the path of creating a hollow cyber force? Admiral Rogers. [Deleted.] 34. Senator Perdue. Admiral Rogers, are you aware that some services failed to fund even the most basic tools like those necessary for the cyber protection teams to assess and triage compromised networks? Admiral Rogers. No. Each of the Services has funded its Deployable Mission Support System (DMSS) solution to support the Cyber Protection Teams. I signed the DMSS System Requirements Document (SRD) on August 16, 2016. The Services participated in the year-long drafting of the DMSS SRD and either had or were in the development of their material solution for the DMSS during SRD development. All have procured and provided--to some level--their DMSS. U.S. Cyber Command has funded and is in the process of conducting a formal assessment of each Service DMSS solution to ensure the CPTs have the minimum capability to execute their mission. Additionally, U.S. Cyber Command is drafting a TASKORD to each of the Service Cyber Components directing specific software solutions to ensure standardization to meet basic CPT requirements. 35. Senator Perdue. Admiral Rogers, are the services committed to requesting the resources needed to make our cyber forces effective? If not, what do we need to do to ensure that we are resourcing appropriately? Admiral Rogers. Yes. From our perspective, each Service recognizes the needs of our cyber forces and is committed to force readiness. Each has brought capabilities to the fight for both offensive and defensive purposes. That said, because each Service uses a unique model for recruiting, organizing, manning, training, and equipping the Cyber Mission Force, we have disparate models that do not facilitate a uniform or holistic approach to force management across the DOD cyber enterprise. Additionally, the Services continue to support most U.S. Cyber Command requests for joint capability development (manpower, tools, and infrastructure) through appropriate DOD processes. 36. Senator Perdue. Admiral Rogers, do you have the hiring authorities needed to compete for talent with the private sector and retain them once trained? Admiral Rogers. [Deleted.] __________ Questions Submitted by Senator Ted Cruz iran-north korea cooperation 37. Senator Cruz. Director Clapper, thank you for the response to the October 19th, 2016 letter I sent you expressing concern over the possible nuclear cooperation between Iran and North Korea. To follow up on your response, it would be helpful if you could provide input to the below questions in an unclassified format. Director Clapper. [Deleted.] 38. Senator Cruz. Director Clapper, does the Intelligence Community need any additional tools or policies to track Iranian and North Korean illicit activity? Director Clapper. [Deleted.] 39. Senator Cruz. Director Clapper, does the Intelligence Community assess that there has been a change in the level of their collaboration following Implementation Day of the JCPOA? Director Clapper. [Deleted.] 40. Senator Cruz. Director Clapper, does the Intelligence Community assess that China has increased their economic ties to North Korea, freeing the latter from some of the effects of sanctions? Director Clapper. [Deleted.] china 41. Senator Cruz. Admiral Rogers, I am concerned about the increased global reach of Chinese telecom companies that have established infrastructure in Iran, North Korea, Sudan, Syria, and now Cuba. United States intelligence agencies have linked these nominally private entities to China's military and internal Pentagon reports found that Chinese-manufactured electronics had been loaded with malware. It is my understanding the NSA, along with the FBI, has begun a formal review to assess the national security implications of a potential U.S. partnership with such a company. Can you confirm this? Admiral Rogers. [Deleted.] 42. Senator Cruz. Admiral Rogers, what is your assessment of the national security risk that would result from United States firms entering joint enterprises with such Chinese telecom companies? Admiral Rogers. [Deleted.] 43. Senator Cruz. Director Clapper, when China's compliance with the September 2015 cyber agreement came up in last week's hearing, you testified that China continues ``to conduct cyber-espionage. They have curtailed, as best we can tell. There has been a reduction and I think the private sector would agree with this. There has been some reduction in their cyber activity. The agreement simply called for stopping such exfiltration for commercial gain.'' However, this reduction does not remove concern that China still seeks to appropriate United States intellectual property via cyber intrusions. According to a 2016 Department of State Overseas Security Advisory Council report, cyberattacks from Chinese hackers have continued and outpaced other nation-state actors in consistency, volume, and severity. Moreover, private firm Crowdstrike found that China continued cyberattacks on United States technology and pharmaceutical firms--suggesting a motivation to appropriate U.S. intellectual property. Despite the Intelligence Community's assessed curtailment of cyber-espionage by China, do you share the report's opinion that China remains the most active nation-state with respect to cyberattacks against American business enterprises? Director Clapper. [Deleted.] 44. Senator Cruz. Director Clapper, what level of confidence does the Intelligence Community provide their assessment that the September 2015 agreement successfully curtailed Chinese hacking and by how much has it been curtailed? Director Clapper. [Deleted.] 45. Senator Cruz. Director Clapper, does the Intelligence Community believe that the People's Republic of China has taken action against any independent cyber attackers within China? Director Clapper. [Deleted.] north korea 46. Senator Cruz. Director Clapper, North Korea demonstrated its cyber capabilities in the 2014 hack on Sony Pictures. In reviewing the statutory criteria of international terrorism--`violent acts or acts dangerous to human life that . . . [that] appear to be intended to intimidate or coerce a civilian population'', it is my estimation that the Sony hack clearly rose to the level of coercion. In threatening Sony executives, North Korea effectively committed cyber terrorism against the United States. In your professional opinion, is the Sony hack justification for re-designating North Korea as a state sponsor of terrorism? Director Clapper. [Deleted.] __________ Questions Submitted by Senator Richard Blumenthal north korea 47. Senator Blumenthal. Director Clapper, Secretary Lettre and Admiral Rogers, a recent report by the South Korean Defense Agency for Technology and Quality claims that North Korea possesses the capability to take down PACOM's network and inflict damage upon the United States power grid. What is your assessment of this report and North Korea's progress in development of its cyber capabilities and do you believe that they have the capacity to disrupt PACOM or the United States power system? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] cybercom 48. Senator Blumenthal. Admiral Rogers, what is the timeline for elevating CYBERCOM to a fully operational combatant command? Admiral Rogers. I have recommended to the Secretary of Defense and the Chairman of the Joint Chiefs that Elevation of U.S. Cyber Command can occur immediately upon the decision of the President. __________ Questions Submitted by Senator Elizabeth Warren u.s. tools for cyber response and strategic calculus 49. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, in public remarks at a conference on November 15, 2016, Admiral Rogers described Russian-directed hacking to interfere with our election as ``a conscious effort by a nation state to attempt to achieve a specific effect.'' The Intelligence Community's January 6, 2017 declassified report, ``Assessing Russian Activities and Intentions in Recent United States Elections,'' [hereinafter Intelligence Community Assessment, or ICA] concluded with ``high confidence'' that ``Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the United States presidential election[,]'' that ``Russia's goals were to undermine public faith in the United States democratic process,'' and that the Russian Government's ``influence campaign [ . . . ] blends covert intelligence operations--such as cyber activity--with overt efforts by Russian Government agencies, state- funded media, third-party intermediaries, and paid social media users or `trolls.' '' We have a diverse array of tools in our toolbox for responding to a state-sponsored cyber-attack. The Administration exercised some of these options on December 29, 2016--expelling spies and sanctioning certain individuals and groups. When we respond to cyberattacks with our own cyber-based countermeasures, what kind of response do you generally believe is more effective: ``loud'' offensive actions that plainly demonstrate the strength of our capabilities to the enemy, or covert actions that might be incorrectly attributed or otherwise misinterpreted but might have a greater effect over a longer time? Please explain. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] qualification of a cyber-attack and protection of data integrity 50. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, during the Committee's hearing, Director Clapper suggested a distinction between a cyber-attack and an act of cyber-espionage. Appearing before the House Intelligence Committee on September 10, 2015, Director Clapper said the July 2015 data breach of the Office of Personnel Management [hereinafter OPM] ``really wasn't [an attack] since it was entirely passive and didn't result in [ . . . ] destruction of data or manipulation of data. It was simply stolen.'' If OPM employee information--or voter registration rosters in the recent election--had been manipulated or corrupted in any way, would this have constituted a cyber-attack, and what would be the threshold of intent or harm to constitute a cyber-attack? Please explain and cite any applicable legal authority or policy. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. Whether a particular cyber activity rises to the level of an armed attack or a use of force under international law, or otherwise constitutes an unlawful intervention, is determined on a case-by-case basis by our Nation's leaders. I defer to the Office of the Secretary of Defense response submitted below for what the threshold of intent or harm is for an action to constitute a cyber attack. Yes. Generally, what constitutes a cyber attack is any malicious cyber activity that disrupts, denies, degrades, manipulates, or destroys computers, computer networks, the data stored on them, or the virtual or physical services and infrastructure that they support. However, in this scenario, after a determination is made that malicious cyber activity constituted a''cyber attack'' on the United States, there are a number of other factors that must be determined including attribution, the severity and impact of what is being done with the exfiltrated employee information, degree of information manipulation or corruption, and intent. Each malicious cyber activity will then be examined on a case-by-case basis and against a variety of the aforementioned factors to determine the most appropriate response. (whether the cyber activity constitutes an ``armed attack'' under the law of armed conflict is a slightly different question, but would similarly require a case-by-case determination in light of the scale and effects) 51. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, the potential for data manipulation is a serious concern--both for defense and civilian networks. The witnesses have previously alluded to this point in public statements. For example, in public remarks at a conference on November 19, 2015, Admiral Rogers shared concerns about data manipulation stating ``what happens if what I'm looking at does not reflect reality [ . . . and] leads me to make decisions that exacerbate the problem I'm trying to deal with.'' Our daily lives rely on confidence in the integrity of the data that is used to keep our nation safe and our economy operating. In addition to active cyber defense measures, such as firewalls, and offensive deterrence measures, do we routinely create and monitor redundancies for all critical data infrastructure such that, in the event of a breach and manipulation, we are able to positively detect and correct any distorted data? Please explain. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] norms of behavior in countering malicious cyber activity 52. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, would both state-sponsored and non-state actor-sponsored malicious cyber-attacks on the United States constitute acts of war? Please explain and cite any applicable authority. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 53. Senator Warren. Director Clapper and Admiral Rogers, during the Committee's hearing, USDI Lettre made a passing reference to ``what do we mean by a proportional response.'' When the United States decides to execute countermeasures in response to malicious cyber activity that we can confidently attribute to a particular state, what are the primary considerations associated with a proportional response--the malicious nature of the cyber-attack, the unique vulnerabilities of our adversary, or other factors? Please explain and cite any applicable authority. Director Clapper. [Deleted.] Admiral Rogers. [Deleted.] 54. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, what are the factors that determine whether malicious cyber activity--state-sponsored or committed by a non-state actor--against the United States requires a response? Please explain and cite any applicable authority. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 55. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, how do you determine when and whether it is appropriate for the United States Government to publicly attribute malicious cyber activity directed against the United States? Please explain and cite any applicable authority. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 56. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, how do you determine when and whether it is appropriate for the United States Government to declassify information related to a malicious cyber activity directed against the United States? Please explain and cite any applicable authority. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. I concur with the response from Office of Secretary of Defense and defer this question to the Director of National Intelligence who is responsible for coordinating declassification determinations in accordance with Executive Order 13526. managing escalation in countering malicious cyber activity 57. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, how do we respond to a state-sponsored malicious cyber-attack while maintaining escalation dominance--in other words, the ability of the United States to limit the risk of unintended and prolonged escalation and end a cyber-based conflict on our terms? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. The decision of how our Nation responds to a state- sponsored malicious cyberattack is one made by our Nation's leaders. They have all instruments of national power on the table, including other military capabilities and a whole-of-government approach as well. As a matter of long-standing policy, we don't define how we would respond to an adversary in any domain. My duty is to provide the Secretary and President with credible options in cyberspace that, along with options in other domains, offer our leadership multiple courses of action to control escalation. From my perspective, that is best done with policies and authorities that enable our cyber mission forces to conduct their missions when directed. enhancing cyber security in our democracy 58. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, the United States has a highly-digitized, interconnected economy that is more vulnerable to cyber intrusions because the Government does not exercise authoritarian control over the Internet. How do we fortify our own critical cyber-infrastructure against attacks while maintaining the openness and transparency of our networks? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 59. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, private businesses and other companies are increasingly the targets of state-sponsored cyber-attacks, and protecting the information held by these companies and their customers is important to our citizens' privacy, our economic security, and our national security. Cybersecurity presents many challenges, including the potential friction between information sharing among government agencies and private companies to pre-empt cyber threats, and the desire to secure communications and devices through encryption. Given the greater vulnerability of our open and interconnected networks, are you concerned that the sharing of cyber threat data among the Government and the private sector could make our country more vulnerable to theft and other malicious cyber activity--in addition to endangering the privacy of our citizens' data? Please explain, including relevant concerns under both voluntary and mandatory sharing scenarios. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] 60. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, would universal encryption--without any mandated backdoors--on servers and devices help address the unintended consequences of well- intentioned cyber threat information sharing? Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] russian malicious cyber activity against other nations' elections 61. Senator Warren. Director Clapper, Secretary Lettre and Admiral Rogers, the Intelligence Community Assessment observed that Russia ``will apply lessons learned from its campaign aimed at the United States presidential election to future influence efforts in the United States and worldwide, including against U.S. allies and their election processes.'' With elections scheduled this year in the Netherlands, France, Germany, and elsewhere, what steps are your agencies currently taking to help strengthen these and other allies' cyber defense capabilities against Russian and other election-related state-sponsored malicious cyber activity? Please explain. Director Clapper. [Deleted.] Secretary Lettre. [Deleted.] Admiral Rogers. [Deleted.] [all]