Skip to main content

tv   At This Hour With Berman and Bolduan  CNN  January 5, 2017 8:00am-9:01am PST

8:00 am
>> does anyone want to add to that? >> i don't want to lose good motivated people who want to help serve this nation because they feel they're not generating value to help that nation. i'm the first to acknowledge, there is room for a wide range of opinions on the results we generate. we don't question that for one minute. every intelligence professional knows that. i've had plenty of times in my career when i have presented by intelligence analysis to commanders and policymakers and they've just looked at me and said, mike, thanks, but that's not the way i see it or you're going to have to sell me on this. that doesn't bother any of us. what we do i think is relevant. we realize that what we do is in no small part driven in part by the confidence of our leaders in what we do. and without that confidence, i just don't want a situation where our workforce decides to walk. i think that really is not a good place for us to be.
8:01 am
>> i think many of us could not agree more. and if the underlying facts that the intelligence community brings us are incorrect, we should call that out. i just have not seen any evidence indicating that in this case. oftentimes we come to different strategic or policy points of view based on that information. but that's an entirely different thing. director clapper, i want to go to a little bit more of not just the classified information, but the relevance of publicly available information, of the whole picture of russia's activities within the context of this election. can you talk a little bit about the activities of the russian government's english language propaganda outlets, rt, sputnik, as well as the fake news activity we saw, as well as the social media, and how those paint a complete picture that is
8:02 am
supplemental to what we saw with the hacking in this case? >> i appreciate your asking, raising that, because while there has been a lot of focus on the hacking, this was actually part of a multifaceted campaign that the russians mounted. and of course rt, which is heavily supported by -- funded by the russian government, was very, very active in promoting a particular line, point of view, disparaging our system, our alleged hypocrisy about human rights, et cetera, et cetera. whatever crack they could fissure, they could find in our tapestry, if you will, they would exploit it. so all of these other modes,
8:03 am
whether as rt, use of social media, fake news, they exercised all of those capabilities in addition to the hacking. and of course i think the totality of that, i think, regardless of what the impact was, which we can't gauge, just the totality of that effort, not only as dni but as a citizen, i think is a grave concern. >> thank you, mr. chair. >> thank you, mr. chair, gentlemen, thank you very much. i also want to thank you and the men and women that work diligently in the intelligence community for the work that they do for the united states of america. admiral rogers, you have stated twice now, you've really stressed this point, that you must be faster and more agile in your responses. and so our discussion this morning will go back to a
8:04 am
discussion that we had in september of this last year, in front of this body, because i believe it is important that you understand the capabilities that exist out there, and are readily available to the united states cyber command. this past september i asked you about a government accountability office report that stated the department of defense does not have visibility of all national guard units' cyber capabilities because the department has not maintained a database that identifies the national guard units cyber related emergency response capabilities as required by law. and i was a bit alarmed when you stated that you haven't seen the report. it was a report that took about a year to compile and was presented to both this committee and the house armed services committee. and four months later i still have not received an answer from
8:05 am
you. my question is for the record. as of this morning all the gao recommendations are still open from this report. so it's been four months. and i would just like an update on that, if you have been able to read the report, and where is the department at in regards to tracking national guard cyber capabilities. >> yes, ma'am. so first, we didn't get your question until december. but i acknowledge that you have formally asked us this. first, as u.s. cyber command, i'm the operational commander. manning, training, and eequipping is a function of services and the department. for me in my role, i track the operational readiness. i bore into that the same way i do into the operational side. how is the department tracking skills available in the reserve opponent, i would argue it's the same challenge as in the active component. how do you take advantage of the breath of capability that's
8:06 am
broader than a military occupational specialty, for example? i'm the first to acknowledge, after talking to my teammates at osd and the services, i don't think we have a good answer. i'll have something in writing for you within the next week or so because i do acknowledge that we need to do that. >> i do appreciate that. because how long has the united states been experiencing attacks from entities outside the united states? >> you can argue we've been in this cyber dynamic for over a decade. >> a decade. so we have taken the steps of developing cyber command and the capabilities that exist both in our reserves, national guard, and active component units. and to become more faster or faster and more agile, we need to know what those capabilities are. so if you have a solution to how we can track those capabilities, we need to figure that out. many of these units have the capability of defending networks, yet we're not utilizing those capabilities,
8:07 am
and we don't know where they exist, to be honest. >> please don't take from my comment that we don't believe the role of the guard and reserve isn't important. if you look at the last 12 months, we've got two cyber protection teams from the guard that have been mobilized. we've brought online in the guard and reserve national mission teams for the first time within the last year. it's great to see how the guard and reserve are developing more and more capability. that's a real strength for us. >> absolutely. and i think we'll continue to see those develop, even more in the future. but we need to be able to utilize those capabilities that exist out there. so you know that many of our best soldiers in the national guard and reserves come from the private sector. i know this from some of my own guardsmen that worked full-time in computer technology and cyber technology. and you stated in september, you were trying to figure out how better to leverage the national guard. do you have a response for that?
8:08 am
have you thought of ways that we might be able to use those guard units more readily? >> this is a topic that in fact i just was talking to the director of guard bureau a few weeks ago to say, hey, look, this is something in 2017, i want us to sit down. there's a couple of specific missions were the capabilities of the guard and reserve are really well optimized. i would be the first to admit the answer can't be every time we'll just throw the active component at this. i don't think that's an optimal approach for us to do in business. so you'll see this play out for us in 2017. we've got to work through the title 32 versus title 10 issue, what's the right role, do we put this into the civil authority construct? i like that because it's a framework that we already have, i'm a big fan of let's not reinvent the wheel, how do we take advantage of the structures and authorities already in place. that's one thing you'll see some specific changes on within the
8:09 am
department, we're working through that right now on the policy side. >> very good. i appreciate it. i know my time is expiring. i look forward to working with you on that, admiral rogers. >> thank you, mr. chairman. and i want to thank all of you for all your efforts today, for the amazing careers you've had. and mr. chairman, thank you for holding this hearing. i think it's critically important to our nation. and i want to be clear that the purpose of today's hearing is not to debate the validity of the election, but to discuss foreign attempts to use cyber attacks to attack our country, including the recent russian actions intended to influence our elections. i appreciate the bipartisan effort to get our people the answers they deserve. i'm grateful for the amazing efforts that our intelligence agencies put forth every single day, that every day lives are on the line to make sure that we're
8:10 am
safe and to make sure that all americans have a chance to take care of their families and go to sleep at night and not have to worry while your people are on the front lines all around the world. and i can total you on behalf of all hoosiers that when it comes down to a choice between your people or intelligence agencies and julian assange, we're on your team every time. i actually find it stunning that there is even a discussion in our country about the credibility of our intelligence agencies versus mr. assange. it is astounding to me that we would even make that comparison, when you see the stars in the cia headquarters of all the people who have lost their lives and all who have lost their lives in our agencies to keep us
8:11 am
safe. director clapper, how would you describe your confidence in attributing these attacks to the russian government as opposed to someone in their basement? >> it's very high. >> the government has named those responsible for the dnc hacks as apt 28 and apt 29, part of the russian intelligence infrastructure, the gru, and the fsb. are all the actors targeted by these two entities known to the public, sir? >> i'm sorry, sir. the question again? >> are all the actors targeted by these two entities, gru, the fsb, apt 28, 29, do we know everybody? have you told us who is involved or are there more that you can't discuss at this time? >> right, i don't think i can discuss that in this forum.
8:12 am
>> okay. how far up the chain, in what you can tell us, does this go in regards to the russians? at what level were the instructions to take these actions given? >> again, sir, i can't speak to that in this setting. >> thank you. do you think we are communicating clearly to our adversaries in a language that they'll understand that the costs will outweigh any gains they get if they try this again? not only you, director, but the others, how do we best send that message, do you think? >> well, certainly the sanctions that have been imposed, the expulsion of the intelligence, 35 intelligence operatives, the closure of the two facilities used for intelligence purposes,
8:13 am
and the other sanctions that were levied does convey a message. it's open to debate whether more should be done. i'm a big fan of sanctions against the russians. but that's just me. >> admiral, what would you say, sir? >> i would agree. i mean, the challenge here is, look, we don't want -- i don't think it's in the best interests of any of our nations to be in this confrontational approach to doing business, and we've got to figure out how do we articulate what is acceptable or not acceptable in a way that enables us to continue to move forward in a productive relationship. that's not unique to the russians. i would argue that's a challenge for us on a whole host of actors out there. this is just a poster child for this challenge of late. >> i would add to that, if i may, that it certainly would be a good thing if we could find areas where our interests converge, i'm speaking of ours
8:14 am
and the russians. and we've done that in the past. so just to foot-stomp admiral rogers' point. but i think there is a threshold of behavior that's just unacceptable. and somehow that has to be conveyed. >> i am out of time. on behalf of all the american people, we want to thank you. you have dedicated your lives to keeping us safe. and we're incredibly grateful for it. thank you, mr. chairman. >> thank you, mr. chairman. and thank you for you and the ranking member for holding this hearing. i also want to thank you, general clapper, mr. secretary, for your services. this might be your last hearing. and the men and women you lead. you know, you described in your testimony the increasing attacks we're seeing, not just from russia but china and other actors, iran, north korea, their
8:15 am
increasing capabilities. the chairman's opening statement pretty much stated that it's his view, and i certainly share the view, that we're being hit repeatedly because the benefits outweigh the costs for those who are taking these actions against us. do you agree with that? >> i do. i think we all do, that this is for adversaries like -- i'll just name north korea and iran, there's a relatively low cost acts that can cause havoc. and what i think we've seen over time is that they keep pushing the envelope, as their capabilities improve and they're willing to exercise those capabilities. >> so if that's the case, and i'm glad there's some consensus
8:16 am
here, you're talking about retaliating, upping the cost with all instruments of power, mr. secretary, you mentioned retaliating in the time of our choosing, in the realm of our choosing. but it doesn't seem to be happening. we see attacks continue. so let me just gave ive an exam. let's say iran, you mentioned them being more aggressive and risky in north korea, some kind of cyber attack. if we did something, maybe without announcing it, like the president announced the russian counteractions, but let's say we didn't announce it, let's say we did but where we essentially collapse their financial system or something pretty dramatic, do we let them know we did it? we don't have to publicize it. do you think that's the kind of action that would say, hey, don't do this or we're going to come back and retaliate at our time, our choosing, and crush you? how come we haven't done that yet? do you think if we did something
8:17 am
like that with the iranians or north koreans, would that deter them in the future? mr. secretary? >> senator, i think you're getting right at the question of what is the -- what do we mean by a proportional response in some instances. >> or asymmetric. you're talking about asymmetric responses, which i fully agree with. >> that's right, or in instances that are significantly serious and grave, whether a more than proportional response is required to really set that deterrence framework in place. >> but isn't the key question right now, that came from the chairman's opening statement, that you agreed with, nobody seems to be intimidated by us right now. let me give another example. senator inhofe asked a question early on about china. china hacked, allegedly, maybe you can confirm that, 22 million
8:18 am
files. a lot of the sf-86 files that you use for background clearances. they have mine, i was informed by the government. very sensitive information, as you know, that they can use against intelligence operatives and military members. and senator inhofe asked the question, did we retaliate, what did we do. the answer that i heard from all of you was, well, we tried to protect people like me and i'm sure others whose sensitive intel information and background information was compromised. but i didn't hear any claim of a retaliation on a huge hack, huge, 22 million american, federal, military, intel workers got hacked by the chinese. so the president signed this statement with president xi jinping, the u.s./china security
8:19 am
agreement. but obviously, general clapper, from your testimony, the chinese have not abided by that, have they? >> they have. >> i thought you indicated -- >> i indicated in my testimony -- i'm sorry. >> i'm sorry, i thought you said in your testimony today that they continue to conduct cyber attacks. >> they continue to conduct cyber espionage. they have curtailed, as best we can tell, there has been a reduction, i think the private sector would agree with this, there has been some reduction in their cyber activity. and the agreement simply called for stopping such attacks for commercial gain. >> did we retaliate and up the cost against china after an enormous cyber attack against our nation? >> we did not retaliate against an act of espionage any more than other countries necessarily retaliate against us when we
8:20 am
conduct espionage. >> isn't that answer just part of the problem, that we're showing that we're not going to make it costly for them to come in and steal the files of 22 million americans including many intel officers? >> well, as i say, people live in glass houses need to think about throwing rocks. this was an act of espionage. you know, we and other nations conduct similar acts of espionage. if we're going to punish each other for acts of he espionage, that's a different policy issue. >> senator king. >> thank you, mr. chairman. your opening statements are always erudite and thoughtful. but i thought today's was particularly so, you touched on all the important points that have really formed the basis for this hearing. so i want to thank you for that. director clapper, i think's important to put some context
8:21 am
around some of these discussions. one of the most important things to me is that your public statement in october, long with jeh johnson, was prior to the election, and you were simply telling facts that you had observed. and in my experience of reading intelligence community communications, it's one of the more unequivocal that i've seen. you've stated here you have high confidence in those conclusions that the russians were behind it, that it was intended to interfere with our elections, and that approval won't ent to highest levels of the russian government. have you learned anything subsequent thly that you can te us here today to contradict those findings that you publicly stated last october? >> no. in fact if anything what we've learned reinforces that statement of the th 7th of octo. >> and there was no political
8:22 am
intention, you were simply reporting facts as you saw them? your history is one of being nonpolitical. >> absolutely. i felt particularly strongly, as did secretary johnson, that we owed it to the american electorate to let them know what we knew. >> now, people in maine are skeptical, and they want to have evidence and proof. i'm hearing from people, prove it. the problem, as i understand it, is the desire to provide evidence that is convincing that your conclusions are correct versus the danger of compromising national security on sources and methods. can you sort of articulate that? because i think that's an important point. >> we have invested billions and we put people's lives at risk to glean such information. and so if we were fulsomely expose it in such a way that
8:23 am
would be completely persuasive to everyone, then we can just kiss that off, because we'll lose it. and then that will endanger our -- imperil our ability to provide such intelligence in the future. and that's all the dilemma that we have in intelligence. we want to be as forthcoming and transparent as possible. we feel very strongly as we do in this case about protecting very fragile and sensitive sources and methods. >> let's again turn to a question of context. what we saw going back almost a year was an example of a russian strategy that's been playing out in europe for some time, that includes not just hacking, as you said, but disinformation, propaganda.
8:24 am
8:25 am
>> we had a meeting, i know the chairman was in the baltic states, they're just deluged with this, they have been warning us about this for years, about the messing around with elections. i said, what do you do, how do you defend yourself? they said, we're trying to defend ourselves in various ways. but the best defense is for our public to know what's going on so they can take it with a grain of salt. i thought that was a very interesting observation. because their people now say, oh, yeah, that's just the
8:26 am
russians. that's why i think public hearings like this, the public discussion of this issue, is so important. because we're not going to be able to prevent this all together. but we need to have our people understand when they're being manipulated. would you agree? >> abilitiesolutely. that's why i felt so strongly about the statement in november. >> general clapper, during the cold war, we had a strategy, radio free europe, the voice of america. senator graham, speaking next, will attest to in our recent trip, they don't have a strategy. they don't have a counterpropaganda -- the united states of america, i'm talking about. and we've got to develop that strategy. even if it encompasses the internet, social media. they are doing pretty significant stuff, particularly in the baltics and eastern
8:27 am
europe, would you agree, senator graham? >> yes. i appreciate being before the committee. yes, i would. would you agree with me that radio free europe is outdated? >> i'm frankly not up on -- >> well, it says radio, and a lot of people don't listen to the radio like we used to. >> actually radio is a very popular mode in many parts of the world. >> radio is big in your world? >> in my world? not so much. >> i don't listen to the radio much either. so the bottom line is, you're going to be challenged tomorrow by the president-elect. are you okay with being challenged? >> absolutely. >> do you both welcome it? >> we do. >> do you think it's appropriate? >> we won't be. >> are you ready for the task? >> i think so. >> good. is there a difference between
8:28 am
espionage and interfering in an elections? >> yes. espionage implies, to me at least, a passive collection. this was much more activist. >> so when it comes to espionage, we better be careful about throwing rocks. when it comes to interfering in our election, we better be ready to throw rocks. do you agree with that? >> that's a good metaphor. >> i believe what obama did was throw a pebble. i would be willing to throw a rock. taking your information about russia's involvement in our election and what they're doing throughout the world, would i be justified in being more aggressive than president obama? >> that's your choice, sir. >> do you think he was justified in imposing the sanctions he did? >> i do. >> so those who want to throw rocks, you'll get a chance here soon. if we don't throw rocks, we're
8:29 am
going to make a huge mistake. admiral rogers, is this going to stop until we make the cost higher? >> we have to change the dynamics here. >> you've got that right. could it be republicans in the next election? we're not so much better than democrats at cyber security. i don't remember anything about trump in the election. if trump goes after the iranians, which i hope he will, are they capable of doing this? >> they clearly have a range of cyber capability and they have been willing to go offensively, we've seen it in the united states. >> if trump takes on china, are they capable of doing this? >> yes. >> so we've got a chance, as a nation, to lay down a marker for all would-be adversaries, do you agree with that? >> yes. and i would be the first to acknowledge we need to think about this broadly. >> and we should take that opportunity before it's too
8:30 am
late? >> yes, sir. >> do you agree with me that the foundation of democracy is political parties, and when one political party is compromised, we're all compromised? >> yes, sir. >> all right. now, as to what to do, you say you think this was approved at the highest level of government in russia, generally speaking; is that right? >> that's what we said. >> who is the highest level of government? >> well, the highest is president putin. >> do you think a lot happens in russia, big, that he doesn't know about? >> not very many. certainly none that are politically sensitive in another country. >> okay. now, as we go forward and try to deter this behavior, we're going to need your support now and in the future. so i want the president-elect to know it's okay to challenge the intel, you're right to do so. but what i don't want you to do is undermine those who are serving our nation in this arena until you're absolutely sure
8:31 am
they need to be undermined. and i think they need to be uplifted, not undermined. north korea. let me give you an example of real world stuff that he's going to have to deal with, trump. do you believe that north korea is trying to develop an icbm to hit the united states? or that could be used to hit the united states? >> that could be, yes. >> do you agree with that, admiral rogers? >> yes. >> so when the north korean leader says they're close to getting icbm, he's probably in the realm of truth? >> he's certainly working aggressively to do that. >> if the president of the united states says it won't happen, he's going to have to come to y'all to figure out how far along they are, because you will be his source for however along we are, right? >> i hope we would be the source. >> i hope he would talk to you too. here is what i hope he realizes, that if i has to take action against north korea, which he may have to do, i intend to support him, but he needs to
8:32 am
explain to the american people why. one of the explanations he'll give is, "based on what i was told by the people who are in the fight." and let me tell you this. you don't wear uniforms because but you're in the fight. and we're in a fight for our lives. i just got back from the baltics, ukraine, and georgia. if you think it's bad here, you ought to go there. so ladies and gentlemen, it is time now not to throw pebbles, but to throw rocks. i wish we were not here. if it were up to me, we would all live in peace. but putin is up to no good and he better be stopped. and mr. president-elect, when you listen to these people, you can be skeptical, but understand, they're the best among us, and they're trying to protect us. thank you all. >> do you have any response to that diatribe? [ laughter ]
8:33 am
>> senator graham and i have had our disagreements before, but i find myself in complete agreement with what he said. >> thank you. >> chairman mccain, if i might pick up on a comment of yours. that has to do with the information fight, if you will. and this is strictly personal, not company policy. but i do think that we could do with having a usia on steroids, united states information agency, to fight this information war a lot more aggressively than i think we're doing right now. >> i agree, general. i think one of the areas where we're lagging more than any other area is social media. we know these young people in the baltics are the same as
8:34 am
young people here. they get their information off the internet. we have really lagged behind. senator gillibrand. >> thank you, mr. chairman, for holding this important hearing. i want to follow on with something senator ernst started. i appreciate that this is beginning to happen, members of the guard bring unique skills and capabilities, and we should be leveraging them. admiral rogers, i look forward to working with you on how best to do this. can you tell me whether there has been movement on the army national guard cyber protection teams being included in the cyber mission forces? >> yes. we brought two online that have been activated in the last year, two additional that are coming online in '17, and the first of which just came online. so yes, ma'am. >> how much more is left to be
8:35 am
done? >> the guard and reserve are bringing on an additional 21 teams. those will not be directly affiliated with the mission force. but one of the things i think we're going to find over time, the only way to generate more capacity in a resource-constrained world is to view this as an entire pie, not just here is one sliced-off area, the mission force, and here is a separate area, the reserve. i think we have to look at this as much more of an integrated whole. >> i do too. because our guard and reserve have day jobs, they may be working google and have extraordinary skills. as a way to tap into the best of the best, we should look at people who already have these skills, who are already committed to serving this nation as best they can. i appreciate your work. >> i would be interested in your help, for many employers in the guard and the reserve, and i say this as the son of a guardman when i was a kid growing up, they often, sometimes, view that
8:36 am
service as something that you do overseas, i'm going to let you go because you're going to afghanistan, going to iraq. in the world of cyber, we're operating globally, you know, from a garrison. >> from any location in the world. >> anywhere. >> correct. >> this just came up just yesterday, i said one of the things we need to do is educate employers about what is the nature of this dynamic, every bit as relevant as sending someone to afghanistan or iraq. >> i think that's right. on a separate topic but related, eve long been advocating for aggressive development of the manpower we need to support our cyber security mission. in particular i continue to believe that we have to not only develop the capability in our military and the interest in cyber among young americans but that the military must be creative when thinking about recruitment and retention of cyber warriors. how would you assess our current
8:37 am
recruitment and retention of cyber warriors and what challenges do you foresee in the future and what recommendations do you have to address them? because obviously we are competing with some of the most dynamic, innovative companies in the world, but we need them to be our cyber defense and our cyber warriors. >> so knock on wood, in the military aspect, we are exceeding both our recruiting and retention expectation. i worry about how long can we sustain that over time in the current model. my immediate concern is a little less on the uniformed side, in part because money, if money was a primary driver for them, they wouldn't have come to us in the first place. on the civilian side, however, that's probably my more immediate concern. i'm finding it more challenging -- we're able to recruit well. retaining them over time, i'm running this on the nsa side, how do you retain high end, exquisite civilian talent for
8:38 am
extended periods of time. >> i would be delighted to work with you over the next year on that. director clapper, i was very interested in your opening remarks, and the initial conversation you were having about the russian hack onto the dnc and various personnel's e-mails, and the question of whether it was a declaration of war. given that that is such a serious statement, i want to ask you, do you think we should take things like the democrat and republican party infrastructure and consider them to be critical infrastructures? should we be actually looking at our infrastructure differently, since -- because of this recent event? >> that's been the subject of discussion about whether, you know, they're a political infrastructure that should be considered a critical
8:39 am
infrastructure. i know secretary johnson has had discussion with state officials about that. and there is some pushback on doing that. so it's a policy call, to whatever additional protections that such a declaration would afford, i think that would be a good thing. whether or not we should do that or not is really not a call for the intelligence community to make. >> i hope it's one that the members here in this committee will discuss, because if it is -- if it does result in such a grave intrusion, maybe it should be critical infrastructure. and certainly politics and political parties are not set up that way. so it would be quite a significant change. thank you. >> director clapper has to leave in about 20 minutes. we'll enforce the crime -- the time. senator tillis.
8:40 am
>> thank you, mr. chair. gentlemen, thank you all for your service. i for one have high confidence in the community that you represent. and i hope that they recognize that i speak for most of the senators here that share the same view. director clapper, i'm going to spend most of my time privately reflecting on some of the comments that you made. the glass house comment is something i think is very important. there's been research done by a professor at carnegie mellon that's estimated that the united states has been involved in one way or another in 81 different elections since world war ii. that doesn't include coups or e regime change. russia has done it some 36 times. when russia was apparently trying to influence our election, we had the israelis
8:41 am
accusing us of trying to influence their election. we live in a big glass house and there are a lot of rocks to throw, and i think that's consistent with what you've said on other matters. i want to get to the purpose of the meeting, foreign cyber threats. i think admiral rogers and director clapper, you all have this very difficult thing to communicate to policy people who may not have subject matter expertise in this space. for example, director clapper, you were saying that one of the problems with a counterattack, i think it was you, it could have been admiral rogers, is that you may have to use an asset that's actually a presence on some other nation where that nation may or may not know that we have a presence there. in fact, we have presences across cyber space that are not known, that is a part of a counterattack. the counterattack could be nothing more than exposing our presence because we know a lot of our adversaries may or may not be aware of presences we may have out there in appropriate
8:42 am
locations; is that correct? >> yes. and i think you've succinctly illustrated the complexities that you run into here. >> that is why, as thrilling as somebody who has written precursors the fishing code and stolen passwords as part of ethical hacking, i was paid to do this, that underscores the need for us to really be educated about the nature of this battle space, and how more often than not, it's probably more prudent to speak a response that isn't a cyber response, given the fluid nature. we're in an environment now where we see a threat and we build a weapons system. it's on the water, it's in the air, it's on the ground. and then we kind of counter that threat and come up with war plans to use that capability. in cyber space, major weapons systems get created in 24-hour cycles. you have no earthly idea whether or not you have a defensive
8:43 am
capability against them. if you all of a sudden you think let's declare war in cyber space, be careful what you ask for, because collectively, there are 30 nations right now that have some level of cyber capability. there are four or five of them that are near peer to the united states. there are two or three that i think are very threatening and in some cases probably have superior capabilities to us in terms of presences, maybe not as sophisticated, but potentially, in a cyber context, more lethal. so i think there are a lot of questions. one of the beauties of being a freshman, i guess now i'm not a freshman, being at the end of the dais, all the good questions have been asked. but one of the things i suggest we do is we as members really get educated on the nature of this threat and the manner in which we go about fighting it. and understanding that the iterative of weapons creation on the internet are unlike anything we've seen in recorded human
8:44 am
history for warfare, and we need to understand that. we also need to understand what the rules of engagement are going to be and how future aumfs actually include specific treatment for behaviors that are considered acts of war and then a whole litany of things we should do for appropriate responses so that we can begin to make more tangible the consequences of inappropriate behavior in cyber space. and so that's not so much a diatribe but it probably is a speech, mr. chair. the last thing i'll leave you with is, admiral rogers, i would like for my office to get with you and continue to talk about how we get these bright people retained and recruited, to stay up to speed with developing these threats. we need to understand that they are the secret to creating these weapons systems to counter the malicious acts like russia and china and iran and other nations are trying to develop against us. thank you. >> thank you, mr. chairman, and thank you, gentlemen, for your
8:45 am
service. i think it's clear that we have tremendous concerns about russian hacking in our elections. i think it's more than ironic that we have a president-elect that kept talking about our elections being rigged, which i would consider trying to interfere with our elections, to be a part of a rigged kind of an election, at the same time he denied russia's activities in this regard. some of this was already touched on regarding the president-elect's attitudes towards the intelligence community, the morale, the impact on morale. so going forward, as we are challenged by the need to have more cyber aware or skilled cyber workforce, if this attitude toward the intelligence community doesn't change on the part of decisionmakers including the president, would you agree
8:46 am
that it would make it that much harder, director clapper and admiral rogers, to attract the kind of cyber experienced workforce that we need to protect our country? >> well, it could. i don't know that we can say some of these statements have had any impact on recruiting. i think it could. >> on retention? >> on retention, maybe just to embellish what admiral rogers was saying, i do think that consideration needs to be given to having more flexibility, more latitude on compensation for our high end cyber specialists who are lured away by industry, who are paying huge salaries. that's not why you're in the government, not why you serve in the intelligence community, it's not obviously for money. but i think think that those
8:47 am
highly technical, high end skill sets that we badly need in the government, in the intelligence community, that it would be helpful to have more latitude on compensation. >> i would agree, both of these individuals, in the last 24 hours, using my authority as director of the nsa, i'm going to authorize the following increased compensations for the high end cyber part of our workforce because i'm watching -- >> of course. and it's not just compensation that attracts people to what we're doing in our intelligence community, because service to the country is a very important motivation, and of course i would think that morale would be very much attendant to that. there was some discussion about what would constitute, in the cyber arena, an act of war. and director clapper, i note in your testimony, i think this is one of the reasons that we want to develop international norms in this arena.
8:48 am
so who should be the key players in developing and agreeing to these international norms in the cyber arena? and if the big players are u.s., china, russia, if we don't have those players at the table to come up with international norms, how realistic is it to develop and adhere? >> that's exactly the challenge. and those are the key nation states that would need to engage. and there has been work done under the auspice of the united nations to attempt to come up with cyber norms. but i think we're a ways away from those having impact. >> would you agree, admiral rogers? >> yes, ma'am. >> turning to the awareness of the public, as to the extent of the threat, 2016 opinion piece by two members of the 9/11
8:49 am
commission, basically they said that the most important thing government and leaders in the private sector can do is to clearly explain how severe this threat is and what the stakes are for the country. director clapper, do you think the general public understands the severity of the cyber threat and the stakes for the country? and what should americans keep in mind with regard to this threat and what can ordinary americans do to contend with this threat? >> i think there's always room for more education. certainly we have a role to play in the intelligence community, and sharing as much information as we can on threats posed by both nation states as well as non-nation states. and i think there are simple things that americans can do to protect themselves. you know, be aware of the threat
8:50 am
we have a challenge in the government getting our people to respond appropriately to cyberthreats. so this is one case where communicate, communicate, communicate is the watch word. >> senator cruz? >> thank you, mr. chairman. gentlemen, thank you for being here. thank you for your service to our nation. the topic of this hearing, cybersecurity, cyberattacks is a growing threat to this country and one that i think will only become greater in the years ahead. we have seen in recent years serious attacks from, among others, russia, china, north korea. indeed it is with some irony, i spent a number of years in the private sector and to the best of my knowledge never had it hacked and then all i had to do was get elected to the senate.
8:51 am
my question admiral rogers, starting with you, is what do you see is the greater cybersecurity threats facing our country, and what specifically should we be doing about it to protect ourselves? >> so, small question. when i look at the challenges and threats, it's in no particular order. significant extraction of information and insight that's generating economic advantage for others. that's eroding operational advantage at times for us as a nation. that is as you have seen in this russian piece, we're not just the extraction but then the use of this information adds a whole other dimension. and what concerns me beyond all that is what happens as we start to move in an environment in which not only is information being -- i've heard some people use the phrase weaponized. what happens when now we see
8:52 am
people suddenly manipulating our networks? so we can't believe the data we're looking at? that would be a real fundamental game-changer n it's only a question of the when, not the if. this is going to happen. what happens when the nonstate actor decides that cyber offers an asymmetric advantage to them because their sense of risk and their willingness to destroy the status quo is significantly different and greater than your typical nation state. those are the long-term things. so as we've talked about more broadly today, we've got to get better on the defensive side because part of deterrence is making it harder to succeed. a defensive strategy alone isn't going to work. it's a resource intensive approach and puts us on the wrong end of the cost equation. that's a losing strategy for us but it's a component of a strategy. we've got to ask ourselves, how do we change this broader dynamic. how do we convince nations and other actors out there that
8:53 am
there's a price to pay for this behavior. that, in fact, it's not in your best interest. >> what should that price be? >> it's a wide range of things. there's no one set. if we're looking for the perfect solution, there isn't one. this will be a variety of incremental solutions and efforts that are going to play out over time. there's no one single approach here. >> and your point about manipulating data. about a month ago i chaired a hearing on artificial intelligence and our growing economy's growing reliance on artificial intelligence. and one of the things the witnesses testified there was concern on the cybersecurity side of a hack that would modify the data that's being relied on for artificial intelligence to change the decision-making in a way nobody is even aware it's been changed. and i think that's a threat. i hope that you all are examining closely. and it's the sort of threat that could have significant repercussions without anyone even being aware it's happening. let me shift to a different
8:54 am
topic. director clapper, you've testified before this committee that cuba's intelligence threat on par with iran and listed below only russia and china. their reports the intelligence base in cuba will be reopened. and additionally, this past summer, russia and nicaragua struck a deal to increase military intelligence cooperation. and resulting in influx of russian tanks into minaugua in an effort to build an intelligence base which may be disguised as a satellite navigation tracking system. to the best of your knowledge, what is russia's strategy in the western mem sphere and how concerned are you about the russians expanding their influence in cuba and nicaragua? >> well, the russians are bent on establishing both a presence in the western hemisphere, and
8:55 am
they are looking for opportunities to expand military cooperation, sell equipment, air bases, as well as intelligence gathering facilities. and so it's just another extension of their aggressiveness in pursuing these interests. and with respect to cuba, cuba has always had a longstanding, very capable intelligence capabilities, and i don't see a reduction of that -- of those capabilities. >> thank you. >> thank you, mr. chairman. thanks to the witnesses for today and for your service. mr. chair, i appreciate you calling this hearing. i think this hearing is a test of this body, the article one
8:56 am
branch congress. this hearing and others to follow. i was chairman of the democratic national committee for a couple of years, and we had a file cabinet in the basement that had a plaque over it. it was a file cabinet that was rifled by burglars in an invasion of the democratic national committee in 1972. it was a bungled effort to take some files and plant some listening devices. that small event led to one of the most searching and momentous congressional inquiries in the history of this country. it was not partisan. one of the leaders of the congressional investigation was a great virginian who was my father-in-law's law partner in roanoke before he went to congress. played a major role. it was not an investigation driven because something affected the election, the 1972 presidential election. it was the most one-sided in the modern era. but it was a high moment for congress because congress in a bipartisan way stood for the
8:57 am
principle that you couldn't undertake efforts to influence a presidential election and have there be no consequence. the item that we'll discuss and we'll discuss more when the hearing comes out is different. that was a burglary of a party headquarters that was directed to some degree from the office of the president. but this is very serious. the combined intelligence of this country has concluded that efforts were undertaken to influence an election by an adversary. an adversary that general joe dunford said in testimony before this hearing was in his view the principal adversary of the united states at this point. in addition, the attack was not just on a party headquarters. the october 7 letter that you've referred to talked about attacks on individuals, current and former public officials with significant positions, and also attacks on state boards of elections. the letter of october 7 traced
8:58 am
those attacks to russian entities, russian companies and didn't ascribe at least in that letter directed by the russian government, but i'm curious about what the full report will show. it is my hope that this congress is willing to stand in a bipartisan way for the integrity of the american electoral process and show the same backbone to show all the facts and get them on the table as the congress did in 1974. there is another congressional inquiry that was directed after the attacks on 9/11. and there was a powerful phrase in that report that i just want to read. the commission concluded the most important failure was one of imagination. we do not believe leaders understood the gravity of the threat. and that's something i think we'll all have to grapple with. did we have sufficient warning signs? i think we did. and having had sufficient warning signs, why did we not
8:59 am
take it more seriously? that question is every bit as important as a question about what a foreign government, an adversary did and how we can stop it from happening. three quick points. one, is the report next week that's going to be issued not solely going to be confined to issues of hacking but also get into the dimension of this dissemination of fake news? will that be one of the subject matters covered? >> without preempting a report, we will describe the full range of activities that the russians undertook. >> i think that is incredibly important. i had a little role in this election. i was along for the ride for 105 days. and was the subject of a couple of fake news stories. and it was interesting. there were at least three. the mainstream media didn't cover because they were so incredible, like, why would they? but i looked at one of the stories and it had been shared 800,000 times. and when i see an administration
9:00 am
who is put in place as the proposed national security adviser someone who traffics in these fake news stories and retweets them and shares them, who betrays a sense of either gullibility or malice that would kind of be -- these are stories that most fourth graders would find incredible. that a national security adviser would find them believable enough to share them causes me great concern. second, go back to joe dunford. he talked about russia as a potential adversary because they had capacity and they have intent. with respect to our cyber, i think we have capacity. but i think what we've shown is we shouldn't yet developed an intent about how, when, why, whether we're going to use the capacity we have. so if we're going to shore up our cyberdefense, if i can just one word, you think what we really need to shore up is our capacity or shore up our


info Stream Only

Uploaded by TV Archive on