tv Key Capitol Hill Hearings CSPAN September 25, 2015 2:00am-4:01am EDT
iraq but the transition must be complete. >> you have not done any? >> we have not completed the process this will take a number of months to work with the providers to make the technical changes on the provider side. >> got it. "the new york times" reported our country will ask the chinese tour embrace the code of conduct of principles for cyberspace that no state should allow the activity that intentionally damages critical infrastructure. . .r perspective, would a cyber arms control agreement along these lines be valuable and enforceable? >> that is a broad policy
question, first. in terms of the input, my opinion the devil is always in the details. i would want to understand the specifics of what we are talking about. >> that is a good duck. it just doesn't crack. let's move on, i want to ask you about the use of encrypted information by terrorist and criminals. the fbi director came before us and gave us stark testimony about going dark and how big the problem was. did you believe the increased use of this kind of encryption and apps as you pointed out poses a national security threat? >> yes, ma'am, i am concerned the direction we are going, if we make no changes is minted
>> we have to get together with the government and industry and policy side. this is a complex network and there is no simple answer here. if we put our mind to it, we can come up with a solution that is september acceptable. you don't want me or an intelligence organization making those kinds of decision. you don't want us to unilaterally do that. i am the first to acknowledge that. >> thank you, mr. chairman.
>> senator? >> thank you for your service. following up on senator fienstein's question, given the procedures on the old system, if it is an energy you can get clearance in less than 24 hours? -- emergency -- >> under the previous framework, as the director, i was able to authorize data and had to go to the court and attorney general to put in writing why i did it and the bases >> what if it is imminent? what if you get a call that a plane took off from boston and went south when scheduled to go to montreal and said it will arrive in 15 minutes what happens? >> that is one of the reasons for the emergency authority.
as we transition to the new law, i have last that authority and it has been raise today the attorney general and i will have to approach the attorney general on why she needs to authorize access. >> we are adding time to the process? >> it is probably going to be longer i suspect. we will find out. >> based on my question and your answer something that imminent probably can't be addressed in time to put up the defenses? >> not in minutes. >> you stated in your statement here that nsa works daily to protect privacy and civil liberties. we have seen breaches of tens of millions federal employee records. we have seen breaches of well over 50 million major insurance companies in my state, we have seen breaches of everything from retail stores to you name it.
obviously those occur partly because those entities did not have the procedures in place to block that and the nsa does. and yet your criticize, your agency has been criticized for being too lose on privacy. you are collecting phone numbers whose names of individuals you don't know. the breaches are occurring with all kinds of information on when you were born, what your social security number is, bank accounts and everything else. give me again, for the record, what kind of things the nsa went through and continues to go through that protects privacy and civil liberties.
and if you can an explanation of why the nsa is deemed untrustworthy of handling information but we rely on organizations that link information by the tens of millions. >> it is one of the great challenges as a leader and i would argue as a nation that we find ourselves as a society distrustful of government at large and in the aftermath of media links nsa on broad terms. i think that is part of the broader agreement we have now. you live this every day in your political lives unable to achieve political dissonance.
we acknowledge we must follow the law and operate within a legal framework and set of authorities and policy. we do not collect everything we do is driven by the law and a set of priorities as to what we do and focus on. those priorities design to generate insight to help defend our nation not violate privacy. in the world we are living in now that is lost in the ether. i cannot go into details on why you should feel comfortable. let me walk you through what we have done but you should be comfortable with with. in terms of what we put in place to insure privacy and civil liberties you look at the legalal framework that was
collectively created for the call data records, usa freedom act, and you look at the three reviews of the section 217 that called the records of collection in general. the nsa has a law to insure oversight of the data we collect. we make sure no one in the workforce can access anything. section 215 out of an organization i told you that is close to 40,000 we have limited access to that data to approximately 30 people.
we understand the sensitivity of the data we collect and week tell you from oversight that we are not arbitrarily misusing the data, opening it up to anyone in the workforce who wants to look at it. we take those duties and responsibilities very seriously and each of the three reviews we have had came to the exact same conclusion. >> senator wyden. >> let's see if we can do the first question on bulk collection. collecting millions of phone records on law-abiding people on yes or no questions. i would like to do this on the record. do you expect ending bulk collection is going to significantly reduce your
operational capabilities? >> yes. >> in what way? >> right now bulk collection gives us the ability to generate insight and we call it discovery would this replace the current bulk collection? it was found no. under the current structure there is no real replacement and that bulk collection as used by nsa generates millions. >> the president's advisory committee disagreed with you. they had an independent group pointed and they said i believe on page 104 of their testimony that there was no value to bulk collection that could not be
obtained through conventional means. let me ask you about encryption. this is a problem largely created by predecessors. general hayden and alexander in specifically. i believe they overreached with the bulk collection that undermined the confidence of consumers and the companies responded because they were concerned about the status of their product with strong encryption. now the discussion shifted to whether there should be the availability of encryption keys to access these products. i don't want to go into anything classified but let me ask you about a policy matter.
as a general matter, is it correct any time there is encryption keys that exist, it creates more opportunities for foreign hackers to get access to the keys? >> depends on the circumstances but if you want to paint it like that for a yes and no i would probably say yes. >> i will quit while i am ahead. what concerns me is as this is pursu pursued, and i indicated from the original stance, which companies have to build weaknesses into their product which is a staggering development, it seems you just told me as the general
proposition when there are multiple keys and there will be multiple keys and that creates more opportunities for malicious actors or foreign hackers. to me, the good guys are not the only people with the keys. there are going to be people who do not wish the country well. that is going to provide more opportunities for the hacks and imaging conduct my malicious actors that makes your job harder. i think you are doing a good job and have been straight with the congress and me but that is what concerns me about access to malicious keys. look at page 104 on the question of operational capability not only do we have cases that indicate there was a compromise on the ability of the intelligence community but it was the findings of the president expert. >> senator rubio.
>> thank you admiral for being here. as you were aware, the leader of the chinese communist party is going to be at the white house this week and receive the full honors of the state visit but our relationship with china is not in a good place. they breached u.s. government databases, continue cyber attacks against the government, over the last 20 years we witnessed chinese companies stealing propriety and data and secrets and now the personal information of 25 million citizens or more. i think we should be expelling known chinese spies operating in the united states as retaliation for the cyber attacks. i think we should disconnect sensitive databases from the internet. and i think we need to make clear we will respond to deter
people like china to continue to attack us. would you agree a public discussion on cybersecurity is an effective deterant? >> i think we need to have a discussion about achieving deter bas basic. >> as the director of the nsa and commander of the u.s. cyber command have you provided advice to the president, i am not asking what the advice was, but ways to defend against attacks, and appropriate measures to respond to such attacks? >> yes. >> i understand you are not charged with creating policy but has the white house sought your opinion on these matters specifically on a more effective cyber deterance? >> yes, i am very happy in the process in the sense of i am just one perspective, but i have
had the opportunity to communicate my views on what i think we need to do. >> my last question is the point i made about expelling chinese spies and disconnecting the sensitive databases from the internet, are these measures you think are worthy and would have be part of the broader public discussion about this issue? >> in my experiencex one of the challenges we found, and my other hat dealing with penitation in the department of defense, one thing i understand is you need to minimize your exposure with what we call public interface and connection with the internet. the flip side is there is a requirement in many instances to insure information flow of the internet. >> the idea you will be able to
do some of these things with no internet connection can be problematic if you expect data to flow back and forth. >> i have one last question. our doctrine and the most of all nations is there is a difference between intelligence gathering on government versus private gathering. all nations target the government but is it fair to say for the chinese there is no distinction and the notion of intelligence gathering they view commercial intelligence and governmental intelligence gathering as part of their foreign policy? they don't have that distinction we have. >> they don't have the same
lines in the hand. i watched counterparts do things there we could never do. >> many americans are not perhaps fully aware of this and the chinese government encourages as part of the national policy the stealing of commercial secrets of american companies for purpose of building their own capability. this is not a chinese company hack an american company. this is directed influence and funded by the chinese government itself. thank you for your service. >> general warner. >> thank you were your service. let me add a comment here to the chair and vice chair. my hope would be in light of the testimony of admiral rogers that we could urge respected leaders and both parties to bring the information sharing bill back to the floor. i think we do a great disservice to our country if we don't act
on that legislation as quickly as possible. >> the vice chair and i can assure all of the members we are working aggressively to get that back up. my hope is members will have an opportunity to debate and amend it if need be in the month of october. >> thank you, mr. chairman. admiral, i will spend a couple minutes on the opm bridge with 22 million plus individuals and now understanding 5.6 million fingerprints. i know you cannot comment too much on this but we found and senator collins and i are working on legislation and looking at dhs to protect the dot gov regime, they don't have the same responsibilities at nsa to defend this. no regime with cyber hygiene and
the dhs has the ability to recommend but not enforce and recognizing this might be asking for your view here. do you want to make a comment on that? >> i would argue those authorities to defend the dod network reside operationally more on my u.s. command role. in the department of defense our culture is you are focused on generating actionable outcomes, focused on empowering individuals and clearly identifying responsibility and authority and holding people accountable. i think where we want to get to with the dot gov domain is similar over time. it is fair to say we are not there yet. >> senator collins and i have legislation that would give dhs similar command. there is a lack of clarity on
who is in charge. we hear that dhs made recommends that were not implemented and a variety of other regimes were not good processes going forward. can you speak within this setting what responsibility you have in protecting cyber and sensitive but unclassified data on the dot gov side of the house? >> i do not have immediate responsibility in the sense that the structure is that i at nsa work through dhs to provide support when it is requested. i am not in those networks. i am not monitoring those networks. >> and has dhs requested your assistance? >> yes. >> again, this is an area that i believe would be addressed as well and hopefully with an amendment to the information
sharing bill and something senator collins and other colleagues share that we need to give dhs the same tools. let's me switch over to the area where senator rubio was. we have not identified the source of the breach, but there is talk among members and the press, and my comment is we need a deterence as part of the strategy. i would like any comment you might have. we are playing on different standards but the chinese in july passed legislation that would require all of their information systems and companies that do business in china to have systems that were secure and controllable in terms of access by the chinese authorities which not only precludes any of the encryption tools that the american domestic companies are looking at and i think raised concerns.
and i agree with senator wyden with there being concerns that need to be raised. but the secure language, isn't that an open ability for chinese authorities to potentially get into those companies databases for property theft and other activities? >> the chinese have a different con instruct than we do. they believe access to the data is a sovereign right. we reject that notion. it leads to things we have seen them do and why we we have discussed this with counterparts because we want to get to a place where we can work together. but the current approach where we are apart and have been upfront this is not acceptable. we cannot sustain a long term relationship if this is the approach. the privacy of individuals, the
access to individual property is something the state can chose. >> i hope our president will continue to raise this. and again mr. chairman, my hope is many of the businesses we saw meeting with the president in seattle i hope they will not default into lower standard. >> senator collins. >> thank you, mr. chairman. admiral rogers, let me add my thank you for the dedicated service. you mentioned that only 30 nsa employees had access to the meta data authorized to query the database. am i correct that those 30
employees were well vetted, trained, and held responsible if there were misuse of the information? >> yes, ma'am. >> had there every been any misuse of the information? >> no ma', ma'am. for those 30 individuals we monitor every key stroke they use to access the data. we don't do that for the tens of thousands of other employees. we realize the sensitivity of the data. >> i think that is a great point. to me it is ironic the usa freedom act was passed under the guide of increasing privacy protections for the american people when there are 1400 telecom companies, 160 wireless carriers. not that you are going to have to deal with all of those, but isn't it likely that far more than 30 people will now be
involved in this process? >> yes, i would expect that to be the case. >> and given that those compani companies market and sell a lot of this information aren't the privacy implications greater under the system than under the careful system you describe with only 30 people authorized? >> i would submit that is for others to decide. >> i understand why you are saying that but if one looks at the numbers the case is evident. in the usa freedom act there is no requirement for the telecom companies to retain the call detail data and by that i am not talking about content. i am talking about calls, details, and data. that is another misconception that some people have.
there is no requirement that that data be held for any particular period of time. companies hold it for their own business records purpose. is that a concern to you? >> based on our initial interactions with the providers moving from the old structure to the new structure where the providers hold the data, in talking to them there is a wide range and we are dealing with the three largest that have been the focus under previous structure. among those three, a wide range how long they opt for data. one thing i promised about the discussion that was part of the legislation was once we get into
the structure i promise directive feedback on if this is working. >> let me turn to the protection of the critical infrastructure from cyber threats and cyber intrusion which is an issue that has been a huge concern for me. the department homeland security identified more than 60 entities in the infrastructure where damage caused by a single incident could result in 50 billion dollars in economic damages or 2500 immediate deaths or a severe degradation of our national defense. your testimony, your written testimony, talked a little bit
about this issue, your predecessor, general alexander pr prev previously said our nation's preparedness when it comes to protecting against oa cyber attack against our infrastructure is a three on a scale of 1-10. where do you think we are. >> right now i would say five or six. not where we need to be. clearly. >> so there is still a severe problem in this area that makes us very vulnerable as a nation? >> yes, ma'am. >> thank you. >> senator king? >> general rogers, greetings. would a shutdown of the federal government compromise national security? >> yes, and if i could to go beyond that, in the last five days or so as we are publically talking about this possibility, watching the reaction of the
workforce of the nsa at u.s. cyber command are going again, who could get jobs on the outside and earn significantly more amounts of money, this instability and message to the workforce that and this is saying you are a secondary consideration and larger gain. >> no, no, a smaller gain. >> it just drives the workforce to the point where today i literally was talking to the leadership about we need to sit down and figure out how we will keep these men and women. >> keeping these talented men and women is hard enough to begin with because of the higher salaries outside. there is a survey i commend to your attention and i will submit for the record done late last year of national security professionals across the government and one of the fascinating results is the us
political disfacs is more of a threat than north korea, russia and the many others with the only thing being above that is islamic extremism. that is shocking. political disfacs pogo. -- disfaysfunction -- and i wan talk about this being a high priority. deterence doesn't work unless people know about it. we are in a fight. the cyber war has started. we are in the cyber war with our hands tied behind our backs. we would never build a destroyer without condguns. we talked about this before. i hope you will carry this
message back. we have to fashion a theory here of detering or we will lose. you cannot defend and defend and never punch back. if you opponent knows you will not punch back it will not go anywhere. i think you understand it. >> yes, sir. >> i hope you will take that message back. you are a very strong advocate and the right guy to take that message. >> another question that is being touched upon is the idea of a cyber non-proliferation treaty. i find this fascinating and i wish you would expand on we can establish rules of the road in the field for our mutual protection of the various countries that are cyber capable. >> i certain think we can get to the ideas of norms. formal treaty, i don't know. how do we build a construct that
works is a concern for me. states like russia or china that are willing to have this discussion, i think it's a profitable discussion. along with the idea of deterrence, because we are asymmetric include vulnerable in the war. the woes wired country on earth and that makes us the most vulnerable country on the
planet. i appreciate the work you're doing. oh, you testified a few minutes ago that you had a variety of reactions from the telecoms about retention levels you. said they were short to long. what's the shortest you have been informed of? >> i want to say it's something on the order of 12 to 18 months. >> okay. so that's on the short end. i hope you will let this committee know if it goes below that level, because at that point it becomes very problematic as to whether or not the data being retained will be of usefulness in a national emergency. >> i will. >> thank you, admiral. thank you. >> senator largeford. >> admiral, thank you for being here. i appreciate what you bring to this. what else can nsa do to help other agencies deal with cyber deficiencies? we had some public cyber deficiencies of the federal government. what assets can the neace' bring
to bear to help on this? you come in to clean up the mess as much as you try to help defend. how do we get pro-active on this? >> what i'd like to do -- nsa will be part of a broader team. i'd like to be pro-active and get ahead of the problem. >> the agencies have responsibility to make sure their systems are protected, and there doesn't seem to be a lot of accountability in the structure of the people, advising agencies. >> i'd be interested in could we build a framework where someone from outside the organization is doing an independent assessment. i can within the dod and also with nsa. i can go into any dot-mill network, anywhere in our structure, can assess it, attempt to penetrate, don't have to give notice to the network owner, as an example. that really doesn't exist on
that scale anywhere necessary the government. i'd like to see what we can do to try to get ahead of the problem, try to replicate activities we're seeing from opponents ahead of time before they do it, to test our abilities. >> okay. let me ask about auditing and how you do that for your own poo processes you. mentioned on the 30 folks in the past every keystroke has been monitored. how do you audit that in and how often? you have an incredible group of folks that serve the nation. we have had rouge folkness the past. thank you. >> so, auditing varies. as i said the 30 individuals, they call that a record database, the area we pus more external monitoring and controls than any part of our structure. on the other hand in the aftermath of the media leaks we have set back and asked ourselves, so how could tis have happened? what have we failed to do as on
organization and what do we need to do sewn sure it doesn't happen again and we put a series of capabilities in place to monitor behavior, capabilities in place where we look at personal behavior more, although i well tell you this is another issue that often can provoke a strong reaction from the work force, who says, so let me understand this, because of the actions of one individual, you are now monitoring me and now watching my behavior in a way that you didn't initially do before. die want to work in a place like that? we try to sit down with the force and walk them through, hearings what we do and i whoa. i each one of us as we voluntarily accept access to information we're begin, we hold ourselves to a higher standard. we hold ourselves to a different level of accntability. that's part of the quid pro quo here to be an nsa professional, be an nsa employee. but it is not lost on our work force at times.
>> let's talk about cyber war we're dealing with internationally at this point. biggest threats we have, are they state actors, nonstate actors at this point internationally? >> let me answer this way. the greatest amount of activity is still criminal based but when i look at from a national security perspective, i would argue at the moment the nation state represents the greater national security challenge, if you will. there's three -- when i look at the future they're three things -- i said this publicly -- the concern me most. something directed to -- tree instructive activity against critical infrastructure. number two, is manipulation, changes to data. a most most of the activity has been theft. what if someone gets in the system and starts just manipulating changing data to the point now as an operator you no longer believe what you're seeing in your system. the third area that i think about in terms of concerns about
the future really go to your question, is what happens when the nonstate actor decides that the web now is a weapon system? not just something to recruit people. not just something to generate revenue. not just something to share their ideology. >> so the relationship between private struck infrastructure, both state and local utilities and the federal government, where do you think we are on the conversation level as this point? >> we're having the conversations clearly. dhs is in the lead here. we're having the conversations. it's a little uneven. some sectors more than others. but we're all victims of the culture we're form. the culture i'm from as a uniformed individual is isn't enough to talk. you must fully get down to execution level detail how to make this work. how to coordinate this. i don't want to get into a crisis and the first time i've dealt with someone is when their network is penetrated, i'm watching data stream out in the giga bit level. and i'm going, can you tell me
about your basic structure? that's not the time to have the dialogue. >> thank you. >> senator. >> thank you, mr. chairman. admiral, thank you for your service and for being here today. you and director clapper had testified before a house committee that data manipulation and what you refer to as data destruction is probably on the horizon, and while we can't do very much about those kinds of behaviors on the part of nonstate actors, isn't it very incumbent on to us engage in discussions and as some of my colleagues referred to as proceeding toward the goal of a cyber arms control agreement with certain state actors who have that capability? >> i don't know if as an arms control agreement is the right answer -- >> whatever we -- we come to some kind of understanding so state actors do no engage in manipulation and destruction of
data. just totally -- >> i would agree. we have been able historically, as sailor i can remember at the huge of the cold war we knew exactly how far we could push each other. we have to get do the same level of understanding in this domain, and we're not there right now. >> do you know whether, with the president's china visit, the cyber issues will be discussed by the two leaders? >> i think the national security adviser of the president has been very public in saying they will raise the full spectrum of issues to include cyber if their chinese counterpart. >> i have a question relating to the opm brief. our understanding is of 24 major agencies to have declared the cyber security is a significant deficiency for their agency, and you indicated that the nsa doesn't have immediate responsibility to help these other agencies, but that you would respond at the request of
the dhs. has dhs made such a request to nsa that you become engaged in helping these other dot-gov agencies to become, well, cyber safe? >> not in terms of the day-to-day per se there hasn't been major penetration in the federal government in the last 18 months that nsa hasn't been called in to respond. i think the challenge -- i know dhs shares this -- we have to move beyond the cleanup in aisle nine scenario, to how it -- it goes to my summons to senator langford, how do we get ahead of this problem and start talking to organizations to take steps to make sure they account get, not they're already in. how do you get them out? >> are you engaged in the process with the 19 agencies -- >> not with every agency in the federal government, no. >> why not? >> under the current construct
dhs has the. responsibility over the.gov domain. have to be asked. >> so it's on an agency-by-agency basis that dhs asks you? to -- and if they were to ask you to deal with all of the.gov weeds you have the resources to --ize my first comment would be we have to prioritize. i'm expended to spend all of the dot-mill, and that same capacity is also going to work on the dot-gov, my first comment would be, we have to prioritize. what's the most essential things we need to protect. >> as in all things we have to prioritize, but i think it would behoove dhs to make such a request. thank you for your frank assessment of what would happen if theirs a government shutdown. and you also indicated in your testimony that recruiting and
retaining people in what is going to be ongoing challenge for our country to stay ahead in the cyber arena -- i had the opportunity to visit our very large nsa facility in hawai'i, and i thank all the people there for the work they're doing, but can you talk at bit about what you're doing, how aggressively you're going after the -- getting the appropriate people to sign on to work for nsa? >> so knock on wood, both our retension of our stem or high-tech nick -- technical work force, continues to be good as well as ability to recruit. we have more people trying to get with the right skills than frankly we have pace for. i am always -- i'm -- we will lose more than we can bring in. i would tell you the work force at nsa and u.s. cyber command still will talk to me about the
shutdown in 2013 as an example. i get this every time, literally, when i talk to the work force around the world. sir, is this going to happen again? am i going to be told i can't come to work? i may not be paid? or i'm going to be put on furlough? again, as we did in 2013, and wt the work force is reading is not helpful. >> i agree. thank you. >> senator cotton. >> thank you. admiral rogers, nice to see you in an open setting. and on behalf of the three million arkansasan is represent i want to thank you and the towns of men and women you represent. they're patriots and professionals and they're responsible for saving thousands of american lives. in 2014 north korea state sponsored hackers launched a
cyber attack against sony pictures. sony responded by calling the fbi and ask for help. my understand is sony chose the course of action due to the fbi's expertise in this area specifically cyber forensic and defense. their belief that a crime had been committed and because of the strong relationship they had developed with the fbi. do you believe sony did the right thing by calling the fbi? >> i am not in a position to tell you why they did it. i'm glad they reached out because then very quickly the fbi reached out to nsa and we ended partnering. never thought i would be deal waiving motion picture company about cyber security but i was grateful for their willingness to be up front and honest. we received a major penetration with a massive theft of intellectual property and we need help from the government. >> the same way we encourage a bank that's been held up oar brick and mortar company physically attacked to contact the fbi, do you believe we should encourage these private
sector actors to contact the fbi? >> i think the fbi needs to be part of this. not whether it should be dhs, the fbi, part of the thing i believe we need to do is we have to simply identify things for the private sector. when i talk to companies around the united states, and i'm often approached, hey, can't you do more directly for us? i'm going, no, i cannot under the current construction. i'm struck by them telling me, you guys have to make this easier. it is -- i can't figure out if i'm supposed to go to the fbi, dhs, you? because i'm -- for example, i'm in the financial sector sheriffs go to treasury? i think check -- collectively in the federal government we have to simply identify this so potentially one access point and everything at machine to machine speed to ensure accountability and privacy and the data is quickly disseminated across all of us because you have to bring them to bear in an orchestrate,
structured way. can't be like kid with a soccer ball. everybody just runs. >> the nsa is in charge of information assurance operations for the federal government, meaning the nsa is in charge of assuring our national security systems. am i correct that the nsa from time to time will also help federal agencies protect their unclassified systems? >> yes. when they request assistance. >> i realize this is before your time but to your knowledge did the stayed department ever ask the nasa before the wisdom of setting up a private serve sore secretary clinton could conduct state department business. >> i'm not aware if they did or didn't. >> what would be your response if the current secretary of state or another cab met member said i'd like too set up a nongovernmental server and use that to nongovernmental business? >> you really want to drag me into this one? >> i'd like your professional opinion. >> in my -- my comment would be you need to ensure you're
complying with the applicable regulations and structures for the department. i'm not smart about what the rules and regulations are for every element across the federal government. >> the communications of the senior most advisers to the president of the united states, those that may be unclassified, top priority for foreign intelligence services in your opinion? >> yes. >> if an nsa employee came to you and said, boss, we have reason to believe that russian foreign minister lavrov or the irann foreign minister is conducting business on a private server, how would you respond? >> from a foreign intelligence perspective, that represents opportunity. >> are you aware of any nsa officials who e-mail's secretary clinton at her private account. >> i have no knowledge. >> aware of any nsa officials who were aware that secretary clinton had a private e-mail account and serve center. >> now you're talking about something before my time,
senator. i apologize. i just don't know the answer. >> could i ask you to check your records? >> yes, sir. >> and responsibility in writing. >> a good question f the record. >> thank you. >> to this committee, however that's just my opinion, i do have a question. admiral, you indicated in a private session that you were taking a look at reorganization. i know that isn't completed yet. still underway. what can you share with the public about the reasons for it and what you bring -- what you believe it might bring about. >> i blame the direct -- i've been the director of the nsa for approximately 18 months and i spent the first portion of those 18 months to trying to make sure we were structured as an organization to deal with that challenge and to make sure we were in a boeing to tell or oversight as well as the citizens of the nation, we are
fully client with the law and regulation and we're in a place where you should be comfortable we're able to execute our missions and ensure the protection of the dat we access as well as the broad privacy of u.s. citizens. i then pose the following question to the work force. if we stay exactly the way we are, if we change nothing, in five to ten years, are we going to be able to say that we're the world's preeminent information assurance snorings i aid i'm asking you the question because i concern if we make know changes we can't say that. and i believe part of my responsibility as a leader, when i turn the organization over i want to be able too tell whoever relieves me, you should feel good we structured this so you're ready to do what you need to do. as a result of that i posed a series of question dozen the work -- questions to the work force from, how do we build the work force of the future to what should organizational structure
look like, oh to you to optimize ourselves for cyber, because my argue. was cyber will be like counterterrorism for the last 15 years. a foundational mission set that drives us as an organization and it will require us to do things on a scale we have never done before, and to do it more broadly. and so to do that, particularly in a decline can resource view. , we have to be more efficient to be effective, guys. as a result of that the other point i made to the team dish don't want this decided by senior leadership at fort meade. we're a global enterprise and i want them to have a vote, an input what should the organization migrant look like what do we need to structure ourselves so in five to ten years, given the changes we see in the world around us, we can say, nsa remains the preeminent signals intelligence and -- as a result of that we spent six months in the organization, the
work force teed up a set of recommendations numbering in excess of 200, cover from very minor things to very broad things. there's three final area is said i want you to spend more time on, the first was the military part of the work force. i tried to remind everybody as i said in my 'em opening statement to you, we're an enterprise come polessed of civilian employees, military men and women, active and reserved, officer and enlisted and contractors and we have to optimize every part of the enterprise to get where we need to be. the second issue was i want you to think a little more broadly about cyber. i don't think we're being far reaching up in. the last one was organizational structure. i you building nsa from the ground up, is this the structure you would create? our structure reflects a series of changes and choices that have been made of the last 20 years. the last major organizational
change at nsa, on wide swath, was 1999-1998, coming up on 20 years ago now. the world has really changed and our missions have evolved, and i just want to make sure we're optimized to meet the future. and so i'll receive the final input back on those three by the first of october. in fact i think i'll actually review a draft this week to be honest, i'm told. they think they have some initial work for know look at. as i indicated previously, once we sit down and decide what we think we ought to do it's my intention to come back to the committee in its role as oversight and say, this is what has been recommend, what i intend to do, why. this is what i think it will generate in terms of value. >> thank you. i think nsa is in good hand. thank you very much. >> thank you. >> admiral rogers, i seldom debt the opportunity to highlight north carolina's high-tech
successes. especially given the fact that my vice-chairman represents silicon valley. i keep reminding her, i have the research triangle park. i'd like to note mat while there are 99 days left in the nsa's lts, net code breaker challenge, that north carolina state university is currently ranked number one out of 182 entrants. >> is that good? >> depends on whether the admiral thinks it's important to please the chairman. >> it is good but i think it highlights again something that dianne and i both know. that that's the fertile ground you go to recruit. it's where we develop the next talent that not only works at the research triangle park or silicon valley but works at the nsa, and it really is the backbone of our intelligence organizations.
admiral, your mission continues to change in large measure because of a technology explosion. and it's an explosion like we have never seen before, really. it will only speed up. it will not slow down. your mission will be impacted by the innovation. i want to say, as we conclude, the committee is here to be a partner. we're anxious to hear your reorganization plans because the reorganization i think gives you the flexibility to move to wherever the challenge forces the nsa to go. and i speak on behalf of the vice-chairman and myself when i ask you to please go back to the 40,000 plus nsa employees and on behalf of the committee, thank them for the work they do. work that many times the american people don't understand the value of, but sleep safely at night because of the work. this hearing is is adjourned.
of the roll. the presiding officer: without objection. mr. reed: thank you, mr. president. i rise today to join my colleagues in support of a clean short-term continuing resolution or, as we say, a c.r., to temporarily fund the government without controversial policy riders. after the vote we just had, i hope we can move to such a measure, even some republican leaders have acknowledged that this previous vote was a show
vote designed to appease but to fail. it is a part -- it is part of a crumbling pattern that that's been emerging over many months of avoiding meaningful bipartisan talks to fix the budget and of waiting until the last moment to deal with issues that everyone knows must be addressed. we have an obligation to the american people to keep their government working. it is one of the most basic responsibilities we have as members of congress. a clean c.r. at this juncture fulfills this obligation, keeping the government open for a few more weeks while we work on a plan to eliminate the sequester-level budget caps for defense and non-defense programs. i wish we could have begun work on an overall agreement earlier in the year, as vice chairwoman mikulski and others strongly urged months ago, but at this late hour we should pass this short-term measure and move on to serious negotiations about budget caps for this year and beyond.
shutting the government down now will not serve any useful purpose. what a shutdown will do is waste taxpayers' money and hurt the economy. the two-week republican government shutdown in 2013 cost our economy billions of dollars. based hon that experience, here is some of what we can expect if there is another forced shutdown this year. the department of housing and urban development will have to furlough more than 95% of its workforce impacting services to more than 60 field and regional offices nationwide. payments will be delayed to the roughly 3,000 local public housing authorities that manage the country's publicly assisted housing programs. in fact, shifting the burden onto them, causing them to turn to local municipalities who are equally stressed in terms of their budgets. so there's no avoiding this pain. in fact, it's multiplied if we
shut the government down. thousands of home sales and mortgage refinancing packages backed by the federal housing administration, the f.h.a., will be put on standby. people ready to close, people ready to make a commitment to a home, people ready to get and keep this economy moving will be told, stand back, wait and see. cities, counties, and states will not be able to move forward on the community block grant project. this is a program that affects every community in this country, and it's something that's a very positive, constructive way to give local leaders the resources to fund local nishtds that the community desperately wants -- local initiatives that the community desperately wants and needs. this is local america getting a chance to see their projects put in place. the federal aviation administration will not be able to verify -- rather, certify new
aircraft, interrupting billions of dollars of sales. the pipeline and hazardous materials safety administration will be forced to stop investigations and emergency response training. classrooms will be shuttered for 700 midshipmen at the united states merchant marine academy in kingsport, new york. these are young men and women who are committing themselves to serve the nation either directly in the armed forces of the united states or as members of our merchant fleet, and they will basically be told to go home. and financial support will stop for the maritime security program, or the m.s.p. this is an important public-private partnership that is critical to our troops serving overseas. these are just a few examples from two of the departments under my purview as the ranking member of the transportation, housing, and urban development appropriations subcommittee.
there are many other examples throughout the federal government that my colleagues will be talking about today. knowing the results that a shutdown and these hardball tactics have brought before, it's hard to believe that some still are willing to resort to budget brinksmanship again. i know that many of my colleagues on the other side share my concern. and i particularly want to commend senator collins, who has been an excellent leader in chairing the thud subcommittee, for her support of a clean c. rvment she's done extraordinary work urdz very difficult and challenging circumstances. and her support for a clean c.r. so that we can negotiate a longer-term budget solution is indicative of the kind of forthright, thoughtful, and in many 10 cases very courageous service she's rendered to maine and the country. and while we focus on the mid te immediate showdown threat, let's remember the bigger threats we
face. we're here because of the budget control act and its sequester-level caps on discretionary spending. let's remember these sequester-level caps were never intended to be implemented. at the time it was enacted, the cuts were considered to be an extreme -- in fact, so extreme that congress would not ever let them happen, that they would embrace defense and non-defense, that they would be an action-forcing mechanism, not an actuality of law, but an action-forcing mechanism to cause us on a bipartisan basis to come up with a long-term budget solution. and, unfortunately, that solution does not materialize over time. we had i think, a very good work -- the very good work of senator murray and congressman paul ryan to come up with a two-year extension, but we're right back where we were and the caps are staring us right in the face. but today, rather than working
together to tackle the sequester, we're on the verge of orchestrating another fiscal crisis. and it's not a crisis that will help the american people. rather, it will hinder the american people. and indeed it's ironic because the members on both sides recognize that these caps should be raised for both defense and non-defense appropriations. indeed, both the defense authorization and defense appropriations bills carry bipartisan sense of the senate language that says, "scwefertion relief must be accomplished for fiscal year years 2015 and 2017 and any other lecialtion scwefertion must include equal defense and non-defense relief." so you have a bipartisan consensus on these two committees that represent a significant number of our colleagues who are essentially
saying we've got to end this, and they're saying it because they believe that, as i do, i think, that our national security rests not just upon adequate numbers of the department of defense but adequate investment for all our federal programs. so beyond debating a clean short-term funding bill, we must focus on eliminating these draconian spending caps that are imposed upon us by d.c.a. we know these caps will cause real harm to programs across the federal government that our states and our constituents rely on. these are not academic, these are not issues that could be dismissed as being some programs that are ineffective and limiting. these are across-the-board cuts that hit all of our constituents and hit them hard. indeed, months ago, chairman mccain and i together wrote to urge the budget committee to include a higher baseline funding amount for the
department of defense and the budget resolution, essentially asking them to ignore the b.c.a. caps and produce a budget that realistically recognizes the base needs of the department of defense. not the one-time spending of overseas contingency but the routine spending that would be projected forward. and senator mccain particularly worked in extraordinarily good faith to try to get such a provision included in the budget resolution, but he did not succeed. and in response, the use of the overseas contingency fund was incorporated to skirt the budget amounts. essentially, what the committee has done, the defense authorization committee, has taken the president's budget numbers but moved money out of the base budget into o.c.o.
beyond the president's request. and what you're doing is creating this o.c.o. funding mechanism as a -- in a sense, a gimmick, really, to cover the real costs, the ongoing costs, the routine continuing costs of the department of defense. that's not good budgeting and it's not good for defense either. because of this, i was unable to support legislation on the floor for the defense authorization bill that in many, many other respects, virtually every other respect was extremely well done and extremely thought out. again, i will commend the chairman for all of his efforts for my colleagues. so i clearly disagree that using this o.c.o. funding arrangement gimmick, sleight of hand, whatever you hand is the way to proceed forward. relying on it essentially preempts defense from the budget control act and leaves
everything else under those onerous caps. as i said, not only not adequately and realistically funding defense, but seriously eroding national security because national security is something more than simply what the department of defense does. it's the department of state, department of homeland security. it's a myriad of other functions that will not see funding, in fact will see the funding begin to shrink dramatically. and if we use this approach this year with the argument it's just a bridge to the day we finally get ourselves together, i think we're deluding ourselves, because i think it will be much easier next year to put even more money into o.c.o., to take programs that are traditionally funded through the base budget of the department of defense and say well, i guess we don't have room, let's put it in o.c.o. it becomes the gift that will keep on giving, and he will not
provide the real resources and the certainty that the department of defense needs over many years to plan for their operations. to stick things in on one year of funding is not to tell the defense you can be confident two or three years from now when you're developing that new weapons systems platform, the money will be there. it may but again it may not. we can't give them that insecurity. we've got to give them a sense of certainty. now, this is the view that's shared not just by myself but colleagues here on both sides of the aisle but by senior defense department officials. they have testified repeatedly before our committee that o.c.o. funding does not provide long-term budget certainty. they need that. then the troops, the men and women they lead need that. in fact, it really just allows you indeed to plan for one year,
and there are very few programs in the department of defense that are one-year programs. a major weapons system is a multiyear development, and then production process. strategy is not year by year. it's over several years at least. so this is not an efficient and effective way to run the organization. proper budgeting planning in the department of defense at least requires five years. that's the standard, the standard measure. the five-year program forecast, budget forecast, and we're telling them well, this year you could have a bonanza of o.c.o. funds. next year, it could be more, it could be less. it could be much less. that's not the way to efficiently allocate resources of national security and to efficiently develop a strategy to counteract an increasing array of threats across the globe in many, many different dimensions and many different
regions. if we go down this path, it will lead to instability for our troops, their families, for our defense industrial base. and again, i think they deserve certainty, not a year-to-year, perhaps maybe, maybe perhaps approach. and we also, as i repeated before, national security is not just the department of defense. other agencies are critical -- department of state, department of homeland security, department of justice, department of treasury who does all the terrorist financing sanctions, who has to trace funds flowing around the world to ensure that they do not aid and assist terrorist activity or other maligning activities. taking the approach in the sense now of using this o.c.o.
approach for defense and then letting everything else stay under b.c.a. will not give these agencies the resources they need. i was struck a few days ago, general petraeus was there testifying, one of the critical areas of effort against isil is information warfare. they have proven to be extraordinarily adept at using social media, at communicating through the internet, and one of the questions of my colleague was very thoughtful and fundamental. well, is the state department doing enough to counteract, as one of our major foreign policy organizations, this information campaign by isil? and the general sort of chuckled a bit and then he said let me tell you, when i was commanding on active service, the state department had to come to me and essentially borrow a million dollars from sentcom funds so
they could get in the blaim, just get in the game in terms of information warfare, counteracting measures, public campaigns of information in countries throughout the globe, particularly the middle east. and that will be much, much worse if we proceed down this path. and we will not be enhancing our national security. if the isil measure -- message, rather, is unanswered, if they are able to attract adherence from around the globe because all they can really hear is this grotesque discussion of isil and what they propose and there is no counterarguments, no countervailing points, we lose that information warfare, and that's not just -- we have to make these investments in both defense and nondefense.
as i said before, if we stick with these b.c.a. caps, our non-department of defense programs will suffer. and in addition to that, the needs of the american people will suffer. we will not be able to invest in adequate transportation and water infrastructure. we won't be able to do things that provide adequate and decent housing for our citizens. and under the budget caps, we will lose jobs, too. when the resources diminish, the need for workers diminish. and that's going to happen. now, we have a situation particularly where some of our most vulnerable americans would suffer grievously. and just a few examples again. the elderly housing program has been cut in half since 2010. even when we know that the united states population ages
faster. every member of this senate has numerous elderly housing programs in their state. their citizens rely on it, and i would suspect they take some pride in the fact that there is adequate housing. in some cases, not enough adequate housing, but at least some adequate housing, they will suffer. the 7.7 million very low-income renters in the united states. that means they pay more than 50% of income in rent or live in substandard housing or both. they are living in substandard housing and paying half of their monthly income for rent. if these budget caps go in effect, then the h.u.d. bill will not include meaningful funding for the affordable housing production programs available to local governments. this trend, this is disturbing, will not only continue, it will
accelerate. we will turn away from the rental assistance programs which we have for many, many families. many of them are seniors, some are disabled citizens who qualify. if we look at public housing where again you have a significant population of both seniors and disabled americans, they are facing more than $3 billion in capital needs just to keep them repaired, just to make them places that are decent to live in, something that people can have appropriate hallway lighting, can have elevators that work, can have plumbing systems that are adequate, but basic. this is not building whirlpools and spas and jacuzzis. this is just keeping basic requirements and maintenance and capital repairs. those $3 billion in capital needs for more than one million of these households and public facilities will leave us if the
budget caps are in effect at the same level we had in 1980. that is going back about 30 years. 30 years ago, relatively speaking, we would be spending as much if not more on simply maintaining our public housing. and these are real-world consequences. again, b.c.a. comes in in terms of the impact on domestic programs. funding for public transit continues to fall. even while transit ridership goes up. one of the success stories of the last few years is our public transit systems, our buses, our subway systems, our light rail systems that have been enjoying increased ridership. that's good for people to get to work, it's good for our environment because of displacing the use of individual automobiles. it's good for so many things, but as our ridership goes up and the resources go down, we're going to see a system that gets less and less dependable, reliable and effective, and you're going to lose not only
those riders, but you're going to see incidences we've seen across the country where you have significant safety concerns. you have significant disruptions. it's not uncommon over the last several months here in washington to hear on the radio that a whole subway line has gone down because of a maintenance problem or something else, and that day's work force doesn't get to the office for three or four or five years. and guess what? that cost a lot of private employers a great deal of money, because the people aren't doing the work, and they are -- they would properly be paying. so essentially this impacts our economy and it's multiplied and it would be exponentially multiplied if we start cutting away the money as suggested in the b.c.a., the budget control act. so now it is time really to work together. it's time to enact first a clean c.r., to give us the time to address systematically and
comprehensively the issues that are staring us straight in the face because of b.c.a., the sequester caps on defense and nondefense. it's time to be able to move, as i believe the vast majority of my colleagues want to, the excess o.c.o. funding back into the regular budget of the department of defense, as we raised the budget cap and as we raised the budget cap for the department of defense to recognize we have to raise the cap for not only other national security agencies to protect our country but also for other agencies in order to invest in our economy, keep us productive, keep people employed and also keep faith with thousands and thousands of americans who have worked hard but now they need the benefits of public housing. they are seniors in needs
systems. they need a good transit system to get to work or if they are a senior citizen to get to a doctor's appointment. and they're counting on us. so i hope all of my colleagues can come together for such an agreement, avoid a shutdown, and then do something more than just keep the lights on; invest across the board in our people and watch those investments multiply to a productive, successful economy and a more secure america. with that, mr. president, i would yield the floor, and i would