tv Senate Select Intelligence Committee on Intelligence and Cybersecurity... CSPAN September 24, 2015 2:30pm-4:31pm EDT
live now to capitol hill for a hearing by the senate intelligence committee. committee members today will hear from u.s. cyber command commander admiral michael rogers talking about cyber security threats to the nation. admiral rogers is also the nsa director. the chairman of the committee is richard burr of north carolina on the right of your screen there. dianne feinstein in the center is the ranking member, democrat from california. live coverage on c-span3.
i'd like to call this hearing to order. admiral, welcome. i'd like to welcome admiral rogers, director of the national security agency. mike, as you well know, we typically hold our hearings in closed session so that we can review your classified programs. given the sensitive nature of these programs and the need to protect sources and methods by which intelligence is gathered, that position is certainly understandable. today, however, we want to take time to ensure that the american
people have an opportunity to learn more about the nsa, the mission your workforce is tasked with, and what you're doing to combat the increasing cyber threat to our nation. cyber threats to our u.s. national and economic security are top priority for the intelligence community. and destructive cyber intrusions and attacks are increasing in scale, scope, complexity and severity of impact. office of personal management recently suffered from one of the bigs cyber breaches our government has ever encountered and there are countless other recent examples of cyber breaches and attacks in both the public and private sector. while nsa typically works in secrecy, i think all of us on this committee expect that you will be front and center on the issue for the foreseeable future informing and educating the american public. i'd like to take a moment to thank you and your workforce for
your dedication and the critical work you continue to do to protect our nation. you are by now accustomed to the difficult and direct questions which we ask you often in closed session and you know that we do so to challenge you and your organization always to be better. admiral, today represents a unique opportunity for you to educate the american people on what you do, how you do it, and how your agency's posture to address the growing cyber threat for both state and nonstate actors. i want to thank you again for joining us today and i look forward to your testimony as you seek to separate the myth of the nsa from the reality of the nsa to the extent that you can do so in an open setting. and we recognize how difficult that is. i would also respectfully remind high co my colleagues to avoid any questions that touch on
classified programs or questions that would require admiral rogers to divulge any sensitive information and the vice chair and i will consult if we believe we have put admiral rogers in that type of situation. welcome, admiral. i turn to the vice chairman. >> thanks for holding this open hearing to allow the committee to discuss in public the important work that the nsa does and some of the current challenges they face to keep up with national security threats against us. director rogers, welcome back before the committee. as we have discussed many times in closed sessions, nsa and cyber command are at the he forefront of a number of major national security challenges and policy decisions. so i look forward to this discussion today. before getting to the rest of my statement, i want to publicly praise the work the nsa has done in collecting intelligence that has enabled the rest of the
government to identify and stop terrorist plots directed or inspired by the islamic state of iraq and the levant here in the homeland. this threat is by no means over. but there have been a number of important disruptions thanks to good intelligence and good law enforcement office work. and you figure in that in a major way. so thank you very much. as fbi director jim comey noted in his testimony in july, and i quote, the foreign terrorist thousand has direct access into the united states like never before, end quote. there are now horn 200 americans who have traveled or attempted to travel to syria to participate in the conflict and that remain as significant concern. i'd appreciate your assessment of the isil threat and threat to the united states from others, as well. of course when discussing that
threat, we also have to recognize that due in part to leaks of classified information, improved operational security by terrorist frgroups, and availability of encrypted means of communications that cannot be collected, there is increasingly a limit on what nsa will be able to contribute. i know we'll have a chance to discuss that change. there are also numerous press reports in the past week or two suggesting that the administration is rethinking if support for any legislative solutions to this problem. we welcome your thoughts on how to approach the so-called going dark issue. and i think the more you can tell the public about it here today, the better. certainly the hack on the opm database as the chairman said demonstrates the need for better protection of personal
information. but i'd very much like to hear your views on whether this is an either/or situation, or if there is a way to keep private communications protected while still allowing the government to gain access to critical information when it's doing so pursuant to a court order or other appropriate legal process. as the head of one of the most technically proficient agencies in the government, your input into this question is very important. next, while the committee has been following the implement tags implementation of the usa freedom act, today presents a good opportunity for the american public to hear how no that transition is going. under the new law, the nsa will no longer collect phone metadata collectly from phone companies and conduct its own tailored queries of those data. instead of government will have
to obtain a court order in order to ask telecommunications providers to query their own records and produce the responsive information. it's important i think for the public swellings for us to know whether this transition will be complete at the end of 180 day period. and whether you assess that the system is in place at that time, if you assess it will meet your operational needs. i'd also like to know whether this system once fully in place will achieve the goal of providing nsa with responsive information from a broader set of records than it had before the usa freedom act passed. or whether there will still be the relatively small percentage of phone records that were available to you before the change. finally, you briefed the committee recently on the reorganization you're putting in to place in the nsa.
it would be appropriate at this hearing for you to describe that reorganization to the extent that you can, why it's needed and what changes are being made. again, thank you very much for the work your agency is it. i've been very proud of it and thank you for your leadership. tha . >> thanks vice chairman. for the purpose of members, we will skip the one question round and we are go to five minute questions after the admiral has testified, we will do it based upon seniority. with that, admiral rogers, the floor is yours again. welcome. >> thank you. chairman burr, vice chairman feinstein, members of the committee, thanks for inviting me today. it's a distinct honor and
privilege to appear before you because i appreciate this opportunity to speak to you about the national security agency, about who we are, what we do, and how we contribute to the nation's security. in talking with you moreover, aim grateful for this chance to explain to the american public whom you represent what it is that their fellow citizens at nsa do to defend our nation as well as support allies and partners around the world. nsa play as critical role in protecting the united states' national security systems and providing insightful and actionable foreign intelligence to our lead eveerleaders, milit commanders and foreign partners. the nsa workforce approximately 40,000 civilian and military employees is headquartered at fort immediate, maryland just outside washington as you know. we have facilities in 31 states and a global presence that spans the world. the team that i'm proudly a member of compromises --
comprises a diverse group of individuals. about 40% is uniformed military representing every service with both active duty and reserve members. our team members at nsa include analysts, collectors, operators, mathematicians, linguists, crip toll graphers, engineer, computer scientifics and too many other skills to list by name. our workforce ranges from high school internists to junior enlisted members of the military to senior executives of the civilian service and flag rank officers in the military. nsa personnel are well educated with with over 75% of our civilians holding bachelor's degree or higher. our military and civilian linguists working in our foreign intelligence mission have proceed 23ish city in over 120 different foreign languages. almost 40% of our employees work in the science technology engineering and mathematics fields. and they hold the majority of the over 200 patents that have been granted to members of the
nsa workforce. more patents than any other agency. our employees help to enhance their local communities by volunteering in classrooms, planting community gardens, and helping to clear the appalachian trail. they donate thousands of gallons of blood to the red cross, contribute to the federal charity drives and give tons of food to the family hunger drive. they're volunteer firemen, marines collecting for toys for tots campaign, soldiers coaching little league, sailors volunteering to clean the chesapeake bay a civilians leading girl and boy scout troops. this short they are your neighbors. nsa employees work hard and they work well to keep our nation safe and protect our civil liberties and privacy. let me explain their main duties and missions in a little bit more detail. nsa's information assurance mission is to protect national
security systems such as systems that process classified information. we generate ideas for defending these networks and impart value security insights so the public and our allies may benefit. we ensure our nation's leaders and military can communicate securely and that adversaries cannot gain access to our nation's secrets. that work also enables us to share warnings and cyber insights with the private sector. nsa has evolved with changes in technology as the world has shifted from analog to digital communications. as a result, nsa now play as key role in cyberspace, assisting u.s. government efforts to see, mitigate and deter cyber security threats. in concert with public, private
and foreign partners, our work helps to ensure users, operators and administrators maintain control of their systems and data. nsa also gives our leaders -- gives our leaders unique insights in to the hostile activities of foreign powers and their agents. our people lead the intelligence enterprise defending america and our allies by collecting, analyzing and reporting foreign intelligence and counter intelligence information derived from the interception of foreign signals and communications. nsa does this work in accordance with law and strict guidelines and only by collecting foreign intelligence in response to specific requirements from u.s. policymakers and senior u.s. commanders which are deemed necessary to advance the nation's policy goals, to warn and report on strategic and military developments around the world, and to prevent strategic surprise. what nsa collects and analyzes is driven by the priorities
listed by our nation's political and military leaders. we work within a framework of law, rules and oversight provided by congress, the executive branch and as appropriate the courts. that system of accountability ensures the privacy and civil liberties of u.s. persons. on a daily basis, nsa provides insights into hostile plans and intentions so that our customers and partners can counter threats across the globe. you're military and its partners rely on nsa to help and chief tactical and operational success. our products are part of the fight ascension to military operations as food, fuel and ammunition. our requirements include a wide range of sigg missions. one of the most important is terrorism, discovering terrorists plan, intentions, communications and locations. as combat support agency, nsa
directly supports the military with information to perform its missions and to provide force protection, indications of warning, and overwatch support to keep our troops out of harm's way. you're work also helps the united states and its allies to capture bombmakers, spot illicit fund transfers, work trans national crime and explain to other nations terrorists. we work to identify potential threats to u.s. citizens, military personnel and embassies around the world. in addition, we devote considerable resources to the international campaign to halt the spread of weapons of mass destruction, tracking reporting and sharing data to keep nuclear biological and chemical weapons out of the wrong hands to keep the nation safe. we also assist the efforts of the department of homeland security to protect america's critical infrastructure from cyber attacks. and finally, we support u.s. cyber command which i also lead and will continue to help the
command to develop the capability and capacity it needs to accomplish its vital missions. the threat environment both in cyberspace and in the physical world is constantly evolving. and we must keep pace in order to maintain our advantage and generate the insights that our nation is counting on. the nation's networks, communications and data are increasingly at risk from diverse and persistent threats. these include rogue states, organized criminal enterprises, and terrorists who are showing a willingness and an aptitude to employ sophisticated capabilities against us, our allies and indeed anyone who they perceive as a threats or lucrative target. various self proclaimed cyber activists also cloud the threat picture. in addition, certain states are disposed to conduct cyber coercion against their neighbors and rivals and to fund campaigns of cyber exploitation against us and our allieallies. targets extend well beyond
government into privately owned businesses and personally identifiable information putting the privacy and day taf all americans at risk. terrorist tactic, techniques and procedures continue to evolve. those who would seek to harm us. those who would seek to harm us use the same internet and the same mobile communication devices and the same social media platforms that we all use in our everyday lives. as terrorists become more savvy about protecting their communications we must keep pace in order to protect the nation and our allies. nsa will continue to rise to these challenges. as an interprice we've had to reinvent ourselves before and we'll do so again. the use of intelligence to protect our nation dates back to the very origins of the revolutionary war. our predecessors working with the world war ii partners found german u-boats. they helped turn the tide of the war in the pacific at midway by cracking the japanese codes. today the men and women of nsa fight terrorists around the globe. today we target the
communications of terrorist organizations who mean to do us harm helping to uncover and thwart their efforts to communicate with sleeper cells around the world or recruit fighters to their cause. the means of communications have changed, but the requirement to maybe table o maintain our ability to stop foreign actors remains constant. we helped lead the way toward information assurance and pioneered intelligence in cyberspace, while enabling counterterrorism acts in real time. every nsa employee takes an oath to preserve, protect and defend our constitution and its civil liberties and the privacy of our citizens that the constitution guarantees. we just repeated this oath across our workforce on 9/11. security and privacy are not trade-offs to be balanced but
complementary imperatives and we support both. the complex issues before us today represent an opportunity to write yet another chapter in our agency's rich tradition of service to the nation. we play an indispensable role to keep the peace and secure the nation. our value lies in facilitating positive outcomes for the nation and our allies and we've delivered this for well over 60 years. our unique capabilities are more in demand and more important to the nation's security than ever. we are rightfully proud of that accomplishment and what we continue to accomplish and we are striving to ensure that the american people take pride in nsa. mr. chairman, madam vice chairman and members of the committee, thank you for the opportunity to be here today, and i look forward to your questions. >> thank you, again, members we'll go to five-minute rounds based upon seniority. admiral, cyberthreats continue
to grow both for the public and private sector. nsa faces stiff competition from the private sector at recruiting those individuals with the skills that are needed. what can you offer at nsa that silicon valley can't offer? >> i think the difference for us is you have acknowledged, chairman, we're competing for much of the same workforce. the advantage that we have in my mind is not unique to the cybermission. i've experienced this as a uniformed individual for the last 34 years. it's the power of mission and the sense of serving something bigger than yourself. that ultimately is thedge that we have. that's not something you can easily replicate on the outside. it enables us to attract cutting-edge technology, incredibly motivated and capable men and women even in the fales of the fact that they could earn a tremendously greater amount of money working on the outside.
but it's that sense of mission and it's that sense of purpose, it's that ethos of culture and compliance if you will that i think is our greatest advantage. >> admiral, nsa plays a significant role in counterterrorism efforts, discovering terrorist plans, intentions, communications, and locations. to disrupt or to defeat their attack. obviously we can't go into great detail here. but to what extent can you discuss it? please elaborate on what nsa is doing to combat terrorism, and more specifically, something that every american's focused on and that's isil. >> so, without going into the details of how we do this, we broadly use our ability to work communications in the foreign space, to generate insights as to what isil and other groups are doing.
largely through our cyberand our signals intelligence expertise. the challenge i would argue in the counterterrorism mission set for us whether it's isil, i've seen the same thing in al qaeda and al qaeda in the arabian peninsula, for example, i've seen more changes in their behavior in the last two years probably than any other target. that they -- they actively reference some of the compromises and media leaks of the last couple years. and we know that they have achieved a level of insight as to what we do, how we do it and the capabilities we have that quite frankly they didn't have in the past. as a result of that quite frankly, it has become harder, more difficult, to achieve insights as to what they're doing. combined with, in fairness, the broader changes in technology we're seeing, encryption, use of apps that offer end-to-end
encryption, more complicated attempts to hide in the broader set out there. the positive side, though, to me is in the end it's not technology, it's about the motivated men and women of nsa. that's our edge. and i always remind them the nature of our profession is that we tend to gain advantage and lose advantage over time because technology and the opponent's behavior always changes. >> admiral, why should the american people care whether you're successful or not? >> because the insights that nsa is able to generate directly help to ensure the security of every scitizen of this nation a well as those of allies or friends. i will not for one minute pretend we're a perfect organization, but i'm very proud of the mission set, the way we do it and quite frankly, the only reason i'm still doing this is because i think the mission that nsa does is incredibly important to the nation and our allies. >> what's your greatest resource challenge right now?
>> requirements far exceeding resources. if you look at the growth of cyberchallenges, you look at the proliferation of communications technology, trying to stay on top of this with a workforce that has not grown. we're in our fiscal year, '16, which we'll start on october the 1st, we'll see how the budget comes out. but we project this will be the fifth straight year of a declining budget, and so one of my challenges as a leader is how do we continue to generate the insights the nation is counting on even as the resources we use to generate those insights continue to decline. >> thank you, admiral. i turn to the vice chairman. >> thanks very much, mr. chairman. i'll try to get through three questions in five minutes. let's go to the usa freedom act. how long did it take one of your analysts to do a query under the
old bulk collection system and how long does it take to do a query under the new system at the telecom companies? >> now, if i could, i assume by asking how long to conduct a query, that includes both getting the court's approval and the analysis that goes in to deciding we need to query the data. under the old system there were several different -- we had emergency authorities, for example, that i could use which were the very quickest. under those authorities generally we could do the analysis, the team could make a case to me as to why i needed to use those emergency authorities when i believed that there wasn't sufficient time to get to the court. on those handful of occasions in which i have done that, i have to notify the attorney general in writing, i have to notify the fisa court in writing as to what i did and why i did it and what the basis of my determination was. in each case the times i've done it to date were all driven by
the fact that we were getting ready to pursue tactical action somewhere in the world that i was afraid was going to precipitate a reaction from isil and other groups. and as a result i authorized access to the data and then informed the court and the attorney general. that process probably anywhere, all the analysis, them briefing me, me approving it, them going in and looking at data, probably something less than 24 hours. if you count everything. the average under the old system, not using that emergency basis, was something -- i think the fastest we ever did the entire process was something on the order of two days using the normal processes. the average was closer to four to six. >> well, now are you saying you have to use the emergency more often? >> no. >> you said five or six instances. >> no. we query the data multiple times through court approval -- >> you're saying it's faster
now. >> no, that is under the old system. you asked me to compare old versus new. trying to give you a framework for under the old system. under the new system because it's not implemented i can't tell you right now. remember, we're in the process of transitioning, the transition must be complete by the end of november 28. >> so you have not done any. >> we have not completed the process. the legislation this will take a number of months to work with the providers, to make the technical changes on the provider sigh. >> sunday's "new york times" reported that our country will ask the chinese to embrace the united nations code of conduct on principles for cyberspace that no state should allow activity, quote, that intentionally damages critical infrastructure and otherwise impairs the use and operation of critical infrastructure to provide services to the public. from your perspective would a cyberarms control agreement along these lines be valuable? would it be enforcible?
>> first, that's a broad policy question. in terms of the input, my opinion, the devil is always in the details. i'd want to understand the specifics of exactly what we're talking about. >> that's a good duck. it just doesn't quack. >> i apologize but there's so many variables in this. >> let's move on. i wanted to ask you about the use of encrypted communications by terrorists and criminals. the fbi director came before us as you know and gave us very stark testimony about going dark and how big the problem was. do you believe that the increased use of this kind of encryption and apps as you pointed out poses a national security threat? >> yes, ma'am. i am concerned that the direction we're going is effectively -- if we make no
changes, is -- represents a significant challenge for us in terms of our ability to generate insights that the nation is counting open. >> can we make changes? >> i'm the first to acknowledge it's a complex issue. i make a couple points. first, i don't think you want the government deciding, hey, what the right answer is here. we've got to collectively get together between the private sector, government, industry, policy, the technical side and sit down and figure out how we're going to work our way through this. because i'm the first to acknowledge this is an incredibly complex topic and there's no simple and easy answers here. i believe, that like anything, hey, if we put our mind to it, we can ultimately come up with a solution that is acceptable to a majority. it likely won't be perfect and i'm the first to acknowledge you don't want me or an intelligence organization making those kinds of decisions. you don't want us able to unilaterally do that, i'm the first to acknowledge that. >> thank you. thank you, mr. chairman. >> senator coats.
>> thank you for your service. and appreciate you. follow-up on senator feinstein's question. if i heard you right, under the old system given the procedures that you go through, if it's an emergency, you can get clearance in less than 24 hours. >> under the previous framework i as the director of nsa was delegated the authority in emergency situations to authorize access to the data. i then had to go to the court and to the attorney general and put in writing why i did it, what i did, and what the basis of that decision was. >> what if it's imminent? what if you get a call that a plane took off in boston, turned south toward new york when i was scheduled to go to montreal and you said, that will arrive in new york airspace in 15 minutes. >> that's one of the reasons -- >> whooat happens? >> that's one of the reasons for the emergency authority, so that i have the authority under the
current system -- now as we transition to the new law, which, again, we have to have firmly in place by november the 29th. i have lost that authority. it's now been raised to the attorney general. i'll have to approach the attorney general why she in this case, why she needs to authorize emergency access. >> so we're adding time to the process. >> it is probably going to be longer i suspect we're going to find out. >> and based on your -- based on my question, then, your answer is something that imminent probably can't be addressed in time to put up the defenses. >> not in minutes. i doubt we could do it in minutes. >> you stated in your statement here that nsa works daily to protect privacy and civil liberties. we've seen breaches of tens of millions of federal employees' records. we've seen breaches of well over 50 million of major insurance company in my state.
we've seen breaches of everything from retail stores to you name it. obviously those are -- those occur partly because those entities did not have the procedures in place to block that. that nsa does. and yet you're critcized, your agency has been criticized, for being too loose on privacy, can't trust you. but all the information -- and you're collecting phone numbers whose names of individuals you don't know. and the breaches are occurring with all kinds of information of when you were born and what your social security number and what your bank account number is and everything else. so, give me, again, for the record just what kind of things nsa went through and continues to go through that protects
privacy and civil liberties. and if you can an explanation of why nsa is deemed untrustworthy, holding information and yet we rely on institutions that leak the stuff by the tens of millions. >> so, if i could, let me anxioanswer the second part first, it's a great challenge for me as a leader and us as a nation. increasingly we find ourselves as a society of government writ large and in the aftermath of the media leaks nsa in broad terms. i think that's both a part of this broader environment that we currently live in right now. you see it in the fact that we're unable to achieve -- you live this every day in your political lives, you're unable to achieve political consensus on difficult issues that face the nation. we have strong opinions and yet we can't seem to come to a consensus on how we move forward on many things. what is happening to nsa is a
part of that broader context. and so we find ourselves in a position where we acknowledge we must follow the law. we acknowledge we must operate within a legal framework and the set of authorities and policies. we do not indiscriminately collect. everything we do is driven by the law and a set of priorities as to exactly what we do and what we focus on. those priorities are designed to generate insights to help defend our nation not to violate people's privacy. but in the world we're living in now, that seems to get lost in the ether in many ways. part of the challenge being is a classified organization if you will, the how we do what we do because i can't go into great details about, well, this is exactly why you should feel comfortable. let me walk you through all the things we have done that you have no clue about but you should feel very comfortable with as a sit zenl or ally of what we've been able to forestall. what we've put in place to ensure the privacy and civil liberties of our society, you
look at the legal framework, the collectively was created for the call data records, usa freedom act. you look at what we have done in terms of complying with court orders. you look at what we have done in terms of nsa has had three major outside reviews of 702, the section 215, the call data records, of our collection in general. every one of those reviews has come back with the same conclusion, you can argue with the law is good or bad, but nsa is fully compliant with the law. nsa has a systematic system in place designed to ensure oversight and protection of the data we collect. we ensure that not anyone in our workforce can just access anyone that we collect. the call data records, for example, section 215 out of an organization as i told you in my opening statement that's close to 40,000, we had limited access to that data to 30 -- approximately 30 people. by design. we want -- we understand the
sensitivity and the importance of the data collect that we collect and we need to ensure that we can tell you as our oversight as well as the broader citizens we defend that we are not arbitrarily misusing this data, that we are not opening it up to just anyone in our workforce who wants to look at it. we take those duties and those responsibilities very seriously. and each one of the three major indendent reviews we've had in the last 18 months have come to the exact same conclusion in that regard. >> senator wyden. >> thank you, mr. chairman. thank you, admiral, for your professionalism. let's see if we can do the first question on bulk collection. this matter of collecting all the millions of phone records on law-abiding people with just a yes or no answer because i know senator feinstein got in to some of the questions with respect to implementation. and i have heard you comment on this but i'd like to see if we could do this on the record. do you expect that ending bulk collection is going to
significantly reduce your operational capabilities? >> yes. >> in what way? >> right now bulk collection gives us the ability to generate insights. we call it discovery. gives us the ability to generate insights as to what's going on out there. i'd also encourage the panel as well as the committee as well as the nation to review the national academy of sciences review in which they were specifically asked, is there an alternative to bulk collection. is there software or other things that we could develop that could potentially replace nsa's current approach to bulk collection and that independent impartial scientific body said no. under the current structure there is no real replacement and that bulk collection as used by nsa generates value. >> as you know the president's advisory committee disagreed with you. they had an independent group appointed and they said, and i believe it's at page 104 of their testimony, that there was no value to bulk collection that
could not be obtained through conventional means and it specifically cited. let me ask you about encryption, because in my view this is a problem largely created by your predecessors, general hayden and general alexander in specific -- specifically. i believe they overreached with bulk collection, that undermined the confidence of consumers, and the companies responded because they were concerned about the status of their products with strong encryption. so at that point i began to be pretty concerned because it looked like the government's position was companies would be required to build weaknesses into their products. now the discussion has shifted to whether there should be the availability of encryption keys to access these products. now, i don't want to go into anything classified or matters relating to executive branch discussions, but let me ask you
about a policy matter. as a general matter, is it correct that anytime there are copies of an encryption key -- and they exist in multiple places -- that also creates more opportunities for malicious actors or foreign hackers to get access to the keys? >> again, it depends on the circumstances, but if you want to paint it very broadly like that for a yes and no, then i would probably say yes. >> okay. i'll quit while i'm ahead. what concerns me, admiral, seriously is that as this question of access to encryption keys is pursued -- and i think that's where we've moved. as i indicated to you in our conversation from the original position which looked like companies would have to build weaknesses into their products, which i think is a staggering development. it seems now it has shifted with miss yates' comments to this
question of availability of keys. you've just told me as a general proposition when there are multiple keys -- and there will be multiple keys -- that creates more opportunities for malicious actors or foreign hackers. and to me the good guys are not going to be the only people with the keys. there are going to be people who do not wish this country well. that's going to provide more opportunities for the kinds of hacks and the kind of damaging conduct by malicious actors that i think makes your job harder. i think you're doing a good job. i think you've been straight with the congress and certainly with me. but that's what concerns me about access to malicious keys and i appreciate your answer on that. go take a look at page 104 of the president's advisory committee because on this question of operational capabilities, not only do we not have any cases that indicated that there was a compromise of the abilities of our intelligence community, it was the unanimous finding of the
president's experts. that page will give it to you. thank you, mr. chairman. >> senator rubio. >> thank you, admiral, for being here. the leader of the chinese communist party is going to be in the white house this week. and received the full honors of a state visit but our relationship with china is not at a good place this moment. they've brach they've breached the u.s. databases. over the last 20 years we've witnessed the single largest transfer of wealth as the chinese government has stolen proprietary data and the data of 25 million americans if not more. one of the things i advocated is a three-step process. we should expel known chinese spies operating in the u.s. we should be disconnecting all sensitive databases from the internet to ensure -- and ensure that our agencies that are responsible for protecting government databases are doing their job. and i think we need to make
clear that we're going to respond in kind to deter adversaries like china who will continue to attack us. i guess my question begins by asking you would agree that a public discussion on an offensive cybercapability would be an effective deterrent? >> i think we as a nation need to have a very public discussion about how do we achieve this idea of deterrence because if we don't change the current dynamic we're not in a good place and we've got to fundamentally change the dynamic we're dealing with now. >> as the director of nsa and as commander of the u.s. cybercommand have you provided a vice to the president? i'm not asking what the advice is, but have you provided advice to the president of the white house for appropriate measures for us to respond to attacks? >> yes. >> and i understand that you're not charged with creating policy, but has the white house sought your opinions on policies relating to these matters, specifically on a more effective cyberdeterrent and best practices for securing u.s. government systems? >> yes. i'm very happy in the process in
the sense that, hey, i'm just one perspective, i certainly understand that. but i've certainly had the community to communicate my views as to what i think we need to do. >> i guess my last question is going back to the points that i've raised about expelling chinese spies operating in the u.s. as retaliation and also disconnecting the sensitive databases from the internet, are these measures that you think are worthy of exploration, would they have any sort of deterrent effect or be part of the broader public discussion about this issue? >> certainly in my experience one of the things we found as one of the challenges particularly for cybercommand, my other hat where i deal with penetrations in the department of defense, one of the things that we have come to understand is you need to minimize your exposure with what we call public interfacing websites, connectivity with the internet. the flip side, though, is that there is a requirement in many instances to ensure information flow for the internet into
systems. and so the idea that you're going to be able to do some of these things with no interconnectivity, it depends on the situation, can be problematic if you expect data to flow back and forth. >> i just have one last question. i apologize, kind of a matter of doctrine more or less. our doctrine, the doctrine of most nations if not all on earth there's a difference between intelligence gathering on governments and intelligence gathering on private entities. clearly multiple nations if not all around the world have some sort of intelligence gathering capability and it's targeted primarily at the governments and government actors in other nations, especially those they have an adversarial position with. is it fair to say for the chinese there's no such distinction, for them the notion of intelligence gathering they view commercial intelligence gathering and governmental/commercial gathering as all part of their foreign policy and intelligence gathering capability? they don't have that distinction that we have and other nations have. >> they clearly don't have the
same lines in the sand if you will with that regard. i mean, i watch some of my counterparts there do things that under our system i could never do. >> exactly. so the point i'm trying to drive at because many americans are programs not fully aware of this is the chinese government actively encourages as part of their national policy the stealing of commercial secrets of american companies for purposes of building up their own capability and this is directed by government. this is not a chinese company hacking an american company. this is directed influence and funded by the chinese government itself. >> yes. >> all right. thank you so much for your service. >> senator warner. >> thank you, admiral rogers, for your service. let me just add an edtorial comment here to the chair and the vice chair. my hope would be, in light of the testimony of admiral rogers, that we could, again, urge respective leaders in both parties to bring that information-sharing bill that passed out of our committee back to the floor.
i think we do a great disservice to our country if we don't act on that legislation as quickly as possible. >> vice chair and i can assure all the members we are working aggressively to get that back up and my hope is that members will have an opportunity not only to debate it but to amend it if need be in the month of october. >> thank you, mr. chairman. admiral rogers, i want to spend a couple moments on the opm breach obviously. 22 million plus individuals now we are understanding 5.6 million fingerprints. we dug in to that and i know you can't comment too much, but that we found and senator collins and are working on legislation that says as we look at the responsibilities of dhs to try to protect the dotgov regime, they don't have the same kind of abilities and responsibilities that you have at nsa to defend
the dotmil regime when it comes to cyberhigh jean. dhs has an ability to recommend but not recognizing it might be an editorial. >> firms of all, i would argue the authorities to defend dod networks really reside operatiationally more in my u.s. cybercontrol hat. it's part of the cultures that spawn us. in the department of defense our culture is you are always focussed on generating actionable outcomes. you're focused on empowering individuals and clearly identifying responsibility and authority and then holding people accountable. i think where we want to get to in the dotgov domain is something quite similar over time. i think it's fair to say we're not there right now. >> we have -- senator collins and i have legislation that would give dhs similar-type authorities as well as that in effect chain of command.
there still seems to be some lack of charity about who is in charge and what we hear constantly is that dhs made recommendations about cyberhygiene that were not implemented by opm and a variety of other dotgov regimes. that to me seems not good process going forward. >> sure. >> can you speak to -- within this setting -- what responsibility you have in protecting cyber -- in protecting sensitive but unclassified data on the dotgov side of the house? >> so, i do not have immediate responsibility in the sense that the structure is that i at nsa work through dhs to provide support when it's requested. i am not in those networks. i'm not monitoring those networks. >> and post-opm has dhs requested your assistance? >> yes. >> again, this is an area that i believe would be addressed as
well, hopefully, with at least an amendment to the information sharing bill and something i know senator collins and i and i think most of our other colleagues share. we need to give dhs those same tools. let me switch over to an area where senator rubio was. i concur with him that while we've not formally identified the source of the opm breach there's obviously speculation amongst members and the press, my comment as well that we do need a deterrence as part of our overall national strategy. i'd like you to make any comment you might have on, again, we're playing on different standards that the chinese in july passed legislation that required all of their information systems and companies that do business in china to have systems that were secure and controllable in terms of access by the chinese authorities which not only precludes any of the kind of encryption tools american
domestic companies are looking at -- again, i think raise huge concerns. i agree fully with senator wyden, but i do think there are concerns to be raised. but also this secure and controllable language. wouldn't that be in effect an open ability for chinese authorities to potentially get into those companies' databases for property theft and other activities? >> so, the chinese have a fundamentally different construct than we do. they believe in essence that access to the content of communications and data is a sovereign right. we reject that notion. it leads to some of the things we've seen them do. it's why we have very publicly discussed this with our chinese counterparts because in the end we want to get to a place where we can both work together, but the current approach where we are so fundamentally apart, we've been very upfront, this is not acceptable. we can't sustain a long-term relationship, the kind of relationship we want, if this is
the approach. that the privacy of individuals, the access to intellectual property is just viewed as something the state can do at the time and place of its choosing. it goes totally against our framework. >> i hope the president will continue to raise this. again, mr. chairman, my hope is so many of the businesses that we saw meeting with president xi the other day in seattle, i hope they will not default to a lower standard in a rush to try to access the chinese market. thank you, mr. chairman. >> senator collins? >> thank you, mr. chairman. admiral rogers, let me add my thanks to those of the committee for your dedicated service. you mentioned in response to a question from senator coats that only 30 nsa employees had access to the metadata, were authorized to query the database. am i correct in assuming that those 30 employees were well vetted, they were trained, and
that they would be held responsible if there were any misuse of the information? >> yes, ma'am. >> had there ever been any misuse of the information that you're aware of? >> no, ma'am. the other thing i would highlight in terms of oversight and compliance, for example, for those 30 individuals we monitor every keystroke they use in trying to access the data. we don't do that for every one of our tens of thousands of other employees. we do it in this regard because we realize the sensitivity of the data. >> i think that's an excellent point that should have been reassuring. to me it's very ironic that the usa freedom act was passed under the guise of increasing privacy protections for the american people, when there are 1,400 telecom companies, 160 wireless carriers -- not that you're necessarily going to have to deal with all of those.
but isn't it likely that far more than 30 people will now be involved in this process? >> yes, i would expect that to be the case. >> and given that those companies market and sell a lot of this information, aren't the privacy implications far greater with this new system than under the careful system that you described with only 30 people authorized? >> i would respectfully submit that's for others to decide. >> well, i think from your -- i understand why you're saying that, but i think one just looks at the numbers, the case becomes very evident. in the u.s. freedom act there's no requirement for the telecom companies to retain the call detail data. and by that i'm not talking about content. i'm talking about call detail data. that's another misconception
that some people have. there's no requirement that that data be held for any particular period of time. companies hold it for their own business records purpose. is that a concern to you? >> based on our initial interactions with the providers as we move from the old structure to the new structure where the providers hold the data, in talking to them, there's a pretty wide range. we're right now dealing with the three largest who really have been the focus under the previous structure. we will bring additional online as you have indicated. among those three we're starting with initially, a pretty wide range of how long they opt to choose data, retain data and for what purposes, again, under the construct that's their choice. we'll have to work our way through this. one of the things i've always promised in the discussion about that led as part of the legislation was, once we get into this new structure, what i
promise will be honest and direct feedback on how this is working. is it effective. is it not effective. what kind of time duration is it taking us. what, then, are the operational impacts, i promised i'll bring that back once we get some actual experience. >> we appreciate that. let me turn to a different issue, and that is the protection of our critical infrastructure from cyberthreats and cyberintrusions, which is an issue which has long been of huge concern to me. the department of homeland security has identified more than 60 entities in our critical infrastructure where damage caused by a single cyberincident could reasonably result in $50 billion in economic damages or 2,500 immediate deaths or a severe degradation of our national defense.
your predecessor -- your written testimony talks a little bit about this issue. your predecessor, general alexander, previously has said that our nation's preparedness when it comes to protecting against a cyberattack against our critical infrastructure is about a three on a scale of one to ten. where do you think that we are on that scale? >> it varies by sector, but on average i would probably say right now, again, depending on the sector we're probably at a five or a six. it's not where we need to be. clearly. >> so, there's still a severe problem in this area that makes us very vulnerable as a nation. >> yes, ma'am. >> thank you. >> senator king? >> admiral rodgers, greetings. would a shutdown of the federal government next week compromise national security? >> yes. if i could just to go beyond that, in the last five days or
so as we now are publicly talking about this possibility, watching the reaction at the workforce of nsa and u.s. cybercommand who are going, again? who could easily get jobs on the outside and earn significantly more amounts of money, this instability, this message to the workforce that -- this is probably a pejorative, but you are a secondary consideration in a much larger game if you will that drives -- >> no, no, it's a smaller game, admiral. >> smaller game, that just drives the workforce. and i -- to the point where today i literally was talking to the leadership about we need to sit down and figure out how we're going to keep this men and women if their attitude -- >> keeping these talented men and women is hard enough to begin with because of higher salaries outside. there's a survey i commend to your attention i'll submit for the record done late last year of national security professionals across the government and one of the fascinating results is that u.s.
political dysfunction they ranked as a higher threat to national security than a nuclear armed iran, vladimir putin, china's military buildup or north korea. the only thing above political dysfunction was islamic extremism. so, that shocking. let me move on. you know, political dysfunction being a national security threat, you know, pogo, we have met the enemy and he is us. a couple of other questions. deterrents. you've talked about it briefly. i want to emphasize you testified that you're in communication with the white house and the president on this issue. i think this has got to be a high priority. deterrence doesn't work unless people know about it and it's got to be a strategy because right now we are in a fight the cyberwar has started. and we are in the cyberwar with our hands tied behind our backs. we would never build a destroyer without guns. >> right. >> i just -- we've talked about this before.
i think -- i hope you will carry this message back, because we've got to fashion a theory of deterrence, otherwise we're going to lose. you cannot defend, defend, defend, defend, and never punch back and if your opponent knows you're not going to punch back it's just not going to go anywhere. if you can find a question in there, you're welcome to it. but i think you understand -- >> no. yes, sir. >> i hope you will take that message back. you're a very strong advocate and you're the right guy to take that message. another question that's been touched upon is the idea of a cybernonproliferation treaty. i find that a fascinating concept. and i wish you would expand a bit on that, that there -- we can establish some rules of the road in this field for our mutual protection of the various countries that are cybercapable. >> i certainly think we can get to the idea of norms. formal treaty, i don't know. because one of the challenges in my mind is how do we build a
construct that ultimately works for both nation-states and non-state actors. and one of the challenges inherent in cyber is the fact that you are dealing -- unlike the nuclear world, where you're dealing with a handful of actors all nation-states. you're dealing with a much number -- a much greater number of actors, many of whom quite frankly are not nation-states and have no interest in sustaining the status quo so to speak. in fact, if you look at isil and other groups, their vision would be to tear the status quo down. they're not interested in stability. >> i just think that this is a promising area with other nation-states. obviously it's not going to be the whole solution, but if there are states like russia or china that are willing to have this discussion, i think it's a profitable discussion. >> right. >> along with the idea of deterrence, because we are asymmetrically vulnerable in this war, we're the most wired
country on earth and that makes us the most vulnerable country on earth. i appreciate your testimony and the work that you're doing. oh. you've testified a few minutes ago that you had a variety of reactions from the telecomes about retention levels. you said they were short to long. what's the shortest that you've been informed of? >> i want to say it's something on the order of 12 to 18 months. >> okay. so that's on the short end. i hope you will let this committee know if it goes below that level. because at that point it becomes very problematic as to whether or not the data being retained will be of usefulness in a national emergency. >> i will. >> thank you, admiral. thank you, mr. chairman. >> senator langford. >> admiral, thanks for being here and your leadership and your work. we've had multiple conversations and i appreciate what you bring to this. anxio answer this for me, what else can the nsa do to help other
agencies with cyberdeficiencies? what assets can the nsa brick to bear to help on this? i think you end up coming to clean up the mess as much as you end up trying to defend. how do we get proactive on this? >> what i'd like to do -- and, again, nsa will be part of a broader team. what i'd like to do is be proactive and get ahead of this problem set. >> currently the agencies have responsibility to be able to take on and make sure that their systems are all protected and there doesn't seem to be a lot of accountability in the structure. there are people advising agencies but what can be done proactively? >> i'd be interested in, for example, can we build a framework where someone from outside the organization is doing an independent assessment as an example. i can -- within the dod, largely under u.s. cybercommand authority, but i also do this with nsa, i can go into any dotmil network anywhere in our structure. i can assess it. i can attempt to penetrate it. i don't have to give notice.
to the network owners an example that really doesn't exist on that scale anywhere else in the government. i'd like to see what we can do to try to, again, get ahead of the problem set. try to replicate some of the activities we're seeing prom opponents ahead of time before they do it. >> right. >> to test our abilities. >> okay. let me ask about auditing and how you do that for your own people and processes. you mentioned, for instance, on these 30 folks in the past every keystroke has been monitored. how often do you do auditing and how do you audit that? you have an incredible group of folks that serve the nation but obviously the accountability network is extremely important. we've had rogue folks in the past take information. >> so, auditing varies. as i've said those 30 individuals, the call data record database, that's probably the area we put more external monitoring and controls in than any other part of our structure. on the other hand, in the aftermath of the media leaks, you know, we've sit back and
asked ourselves, so how could this have happened, what have we failed to do as an organization and what do we need to do to ensure it doesn't happen again. we've put a series of capabilities in place where we can monitor behavior. we put a series of capabilities in place where we look at personal behavior more. although i will tell you this is another issue that often can provoke a strong reaction from the workforce who says, so let me understand this, because of the actions of one individual -- >> correct. >> -- you are now monitoring me, you are now watching my behavior in a way you didn't initially do before. do i want to work in a place like that. we try to sit down with the workforce and walk through here's what we do and here's why we do it. there's a reason behind this. that each one of us as we voluntarily accept access to the information that we're given, we hold ourselves to a higher standard. we hold ourselves to a different level of accountability. that's part of the quid pro quo here if you're going to be an
nsa professional, if you're going to be an nsa employee, but it's not lost on our workforce at times. >> so, let's talk about cyberwar we're dealing with internationally at this point. biggest threats that we have, are they state actors, nonstate actors at this point internationally? >> let me answer it this way if i could. the greatest amount of activity is still criminal based. but when i look at from a national security perspective i would argue at the moment the nation-state represents the greater national security challenge if you will. there's three -- when i look at the future, there's three things and i've said this publicly that concern me the most when it comes to cyber. number one is something directed -- -- destrect you have activity to infrastructure, two is ma nimlations changes to data. at the moment most of the activity has been theft. what if someone gets in the system and starts just manipulating, changing data, to the point where as an operator you no longer believe what
you're seeing in your system. and the third area that i think about in terms of concerns about the future really go to your question is what happens when the nonstate actor decides that the web now is a weapons system. not just something to recruit people. not just something to generate revenue. not just something to share the ideology. >> so, the relationship between private industry, infrastructure, both state and local utilities and the federal government, where do you think we are in the conversation level at this point? >> we're having the conversations clearly. dhs really is in the lead here. we're having the conversations. it's a little uneven. some sectors more than others. but we're all victims of the culture we're from. the culture that i'm from as a uniformed individual is, it isn't enough to talk. you must physically get down to execution-level detail about how you are going to make this work. how are we going to coordinate this. i don't want to get into a crisis and the first time i've dealt with someone is when their network's penetrated, i'm watching data stream out at the
gigabit level and could you tell me about your basic structure. that's not the time to have this dialogue. >> okay. thank you. >> thank you, mr. chairman. admiral, thank you for your service and for being here today. you and director clapper had testified before a house committee that data manipulation and what you refer to as data destruction is probably on the horizon. while we can't do very much about those kinds of behaviors on the part of nonstate actors, is it very incumbent on us to engage in discussions and as some of my colleagues have referred to as proceeding toward the goal of a cyberarms control agreement with certain state actors who have that capability? >> i don't know if an arms control agreement is the right answer. but clearly -- >> whatever it is that we come to some kind of understanding so
that state actors do not engage in manipulation and destruction of data. >> right. >> i think that would be just totally -- >> i would agree. we have been able historically -- as a sailor, i can be at the height of the cold war we knew exactly how far we could push each other out there. we've got to get to the same level of understanding in this domain and we are not there right now. >> do you know whether -- with the president of china's visit, whether the cyberissues will be discussed by the two leaders? >> i think the national security adviser and the president have been very public in saying they will raise the full spectrum of issues to include cyber with their chinese counterparts. >> i have a question relating to the opm breach. our understanding is that 19 or 20 -- of 24 major agencies have declared that cybersecurity is a significant deficiency for their agencies. and you indicated that the nsa doesn't have immediate
responsibility to help these other agencies, but that you would respond at the request of dhs. so, has dhs made such a request to nsa that you become engaged in helping these other dotgov agencies to become -- well, cybersafe? >> not in terms of the day-to-day per se. there hasn't been a major penetration in the federal government in the last 18 months that nsa hasn't been called in to respond. i think the challenge -- and i know dhs shares this -- is we've got to move beyond the cleanup in aisle 9 scenario. it goes to my response to senator langford, how do we get ahead of this problem and start talking to the organizations about what are the steps you need to take now to ensure they can't get in. not, well, they're already in, let me walk you through how to get them out. >> so, are you engaged in that process now with the 19 agency? >> not with every agency in the federal government, no. >> why not?
>> again, under the current construct dhs has overall responsibility for the dotgov domain. for me i have to be asked. >> well, that was -- that was my question whether you have been -- >> i can't do it unilaterally. >> it's an agency-by-agency basis that dhs asks you to. if they were to ask you to deal with all of the dotgov agencies would you have the resources? >> my first comment would be we got to prioritize. because i'm expected to defend all of the dotmil and if that same capacis capacity to work o dotgov my first comment would be we've got to prioritize. what's the most essential things we have to protect. >> as in all things we've got to prioritize, but i think it would behoove dhs -- it would help if they would make such a request and then you can engage in prioritizing. speaking of resources, i want to thank you for your frank assessment of what would happen if there's a government
shutdown. and you also inside kadicated i testimony that recruiting and retaining people in what is going to be an ongoing challenge for our country to stay ahead in the cyberarena, can you -- and i did have the opportunity to visit our very large nsa facility in hawaii, and i thank all the people there for the work that they're doing. but can you talk a little bit about what you're doing, how aggressively you're going after the -- getting the appropriate people to sign on to work for nsa? >> so, knock on wood, both our retention of our s.t.e.m. or high technical workforce continues to be good as has our ability to recruit. we have more people trying to get in with the right skills than we quite frankly have space for right now. i'm always mindful, though, of what are the advance indicators that would suggest that's changing. that we're going to lose more than we can bring in. and i would tell you the workforce at nsa and u.s.
cybercommand still talk to me about the shutdown in 2013 as an example. hey, is this -- i get this every time, literally, when i talk to our workforce around the world. sir, is this going to happen again? am i going to be told i can't come to work? i may not be paid? or i'm going to be put on furlough, again, as we did in 2013? and the situation that we're facing now and what the workforce is reading in the media right now is not helpful. >> i agree. thank you. >> senator cotton. >> thank you. admiral rodgers, it's nice to see you in an open setting for once. i've enjoyed our many classified briefings, my visit to your headquarters and my visits to your many personnel all around the world and on behalf of the 3 million kansans i want to thank you but more importantly the thousands of men and women you represent. they are patriots and professionals and they are responsible for saving thousands
of american lives. in 2014, north korea state sponsored hackers launched a cyberattack against sony pictures. sony called the fbi and asked for help. my understanding is that sony choose this course of action largely due to the fbi's expertise in this area specifically cyberforensic and defense. their belief that a crime had been committed and because of the strong relationship that they had developed with the fbi. do you believe sony did the right thing by calling the fbi? >> i am not in a position to tell you the why they did it. i mean, i'm glad they reached out because then very quickly the fbi reached out to nsa and we ended up partnering, again, never thought i would be dealing with the motion picture company about cybersecurity. but i was grateful for their willingness to be very upfront and very honest. we've received a major penetration with a massive theft of intellectual property and we need help from the government. >> in the same way that we encourage a bank that's been held up or a brick and mortar company that's been physically
attacked to contact the fbi, you believe that we should encourage these private sector actors to contact the fbi. >> i think the fbi needs to be part of this. whether it should be dhs, the fbi. part of the things i believe we need to do we've got to simplify things for the private sector. when i talk to companies around the united states, and i'm often approached, can't you do more directly for us and i'm going, no, i cannot under the current construct, i'm struck by them telling me, you guys have got to make this easier. it is incredibly -- i can't figure out if i'm supposed to go to the fbi, dhs, do we go to you. because i'm, for example, in the financial sector, should i go to treasury. i think collectively in the government, in the federal government, you know, we've got to do a better job of simplifying this so potentially it's one access point and then everything, machine-to-machine speed, to ensure as well accountability and privacy, but the data quickly is disseminated across all of us. because there are so many
organizations that to be effective you have to bring to bear in a very orchestrated, very structured way. it can't be like kids with a soccer ball. hey, everybody just runs. >> okay. the nsa is in charge of information assurance operations for the federal government, meaning that the nsa is in charge of assuring our national security systems. am i correct the nsa from time to time will also help federal agencies protect their unclassified systems? >> yes. when they request assistance. >> i realize this is before your time, but to your knowledge did the state department ever ask the nsa about the wisdom of setting up a private server so secretary clinton could conduct official state department business? >> i'm not aware of whether they did or they didn't, sir. >> what would be your response if the current secretary of state or another cabinet member came to you and said, admiral rodgers, i'd like to set up a private nongovernmental server and use it to conduct official business? >> you really want to drag me -- drag me into this one, sir? >> i'd like -- i'd simply like
your professional opinion. >> i mean, my -- my comment would be you need to assure you are complying with the applicable regulations and structures for your department. i'll be the first to admit i'm not smart about what the rules and regulations are for every element across the federal government. >> are the communications to the senior advisers to the president of the united states even those that may be unclassified a top priority for fed -- for foreign intelligence services in your opinion? >> yes. >> if an nsa employee came to you and said, hey, boss, we have reason to believe that a russian foreign minister or an iranian minister is conducting official business on a private server, how would you respond? >> from a foreign intelligence perspective, that represents opportunity. >> are you aware of any nsa officials who e-mailed secretary clinton at her private account? >> no, i have no knowledge. i apologize i just don't. >> aware of any nsa officials
who were aware that secretary clinton had a private account and e-mail server? >> you are talking something before my time, senator, i apologize, i just don't know the records. >> could irecord. >> thank you. >> the relevance of that to this committee, however that's just my opinion. i do have a question. >> the admiral, you indicated in a private session that you were taking a look at reorganization. i know that isn't/0mñ completed. still underway. what can you share with the public about the reasons for it and what you believe it might bring about. >> so i've been the director at nsa for approximately 18 months and spent the first portion of those 18 months focused on the aftermath immediately trying to make sure we were structured as an organization to deal with that challenge and to make sure
that we were in a position to be able to tell our oversight as well as the citizens of the nation we are fully compliant with the law and regulation and we're in a place where we're able to execute our missions ensuring the protection of the data we access as well as the broad privacy of u.s. citizens. i then posed the following question to the work force. if we stay exactly the way we are, if we change nothing in five to ten years are we going to be able to say that we are the world's -- i'm asking you this question because my concern is if we make no changes i don't think we're going to be able to say that and i believe that part of my responsibility as a leader is whenever i turn the organizations over i want to be able to tell whoever relieves me you should feel good we structured this so you're ready to do what you need to do. as a result of that i posed a series of questions to the work
force from how do we build a work force to the future to how do we need to optimize ourselves for cyber because my argument was cyber in the next 15 years will be like counter terrorism has been for the last 15 years. a foundational mission set that drives us as a organization and requires us to do things on a scale we have never done before and do it more broadly. to do that particularly in a declining resource environment, we have got to be more efficient to be effective. as a result of that, the other point that i made, i don't want this decided by senior leadership. we're composed of hard working men and women and i want them to have an input into it. what do we need to structure ourselves given the changes we see happening in the world around us we can say nsa remains the intelligence and informations assurance organization in the world. as a result of that we spent six
months, the organization, the work force has teed up a set of recommendations to me. in excess of 200. they cover from very minor things to very broad things. there's three final areas that i said i want you to spend more time on. the first was the military part of the work force. i try to remind everybody as i said in my ownipening statement you. we have to optimize every single part of this enterprise to get where we need to be. the second issue i said was i want you to think a little more broadly about cyber because i don't think we're being far reaching enough and the recommendations you have given me and the last one was organizational structure. i said if you look -- if you were building nsa from the ground up today is this the structure you would have created? it reflects a series of changes
and choice that is have been made over the last 20 years. the last organizational change made was 1999 and 1998. coming up on 20 years and our world has really changed and our missions have evolved and i just want to make sure we're optimized to meet the future. i'll receive the final input back on those three by the 1st of october. i think i'm going to review a draft this weekend to be honest. i'm told they have some initial work for me to look at this weekend. as i indicated previously, once we sit down and decide what we think we ought to do it's my intention to come back to the committee to say this is what i intend to do, here's why. this is what i think it will generate in terms of value. >> thank you. >> yes, ma'am. >> i think nsa is in good hands. thank you very much. >> admiral, i seldom get the
opportunity to highlight north carolina's high tech successes, especially given the fact that my vice chairman represents silicon valley. i keep reminding her i have the triangle park. while there are 99 days left in the lts breaker challenge that north carolina state universities currently rank number one out of 182 entrants. >> is that good? >> depends on whether the ad mill -- admiral thinks it's important to please the chairman. . it is good but i think it highlights again something that diane and i both know. that that's the fertile ground that you go to recruit. it's where we develop the next talent that not only works at research triangle park or silicon valley but works at the nsa and it really is the
backbone of our intelligence organizations. when your mission continues to change in large measure because of the technology explosion. and it's an explosion like we have never seen before. it will only speed up. will not slow down and your mission will be impacted by that innovation. i want to say as we conclude the committee is here to be a partner. >> yes, sir. >> we're anxiouses to hear your reorganization plans because that reorganization gives you the flexibility to move to wherever the challenge forces the nsa to go. i speak on behalf of the vice chairman and myself when i ask you to please go back to the 40,000 plus nsa employees and on behalf of the committee thank them for the work they do, work that many times the american people don't understand the value of but sleep safely at
>> now today i'm a reporter for nbc4. is this marion barry's place. oh, yeah. that's his seat. i went back to the office and called him up. i said mr. mayor i've just been to club 55. don't you realize that people are watching what you do and where you go. they say you sit there all the time and watch naked dancing girls. there was a pause on the phone and he says it's nice isn't it? >> this sunday night on q and a. nbc4 washington reporter on the political corruption in d.c., maryland and virginia. >> i think 44 attorneys general from around the country signed the letter saying they agreed with governor mcdonald that what he did was politics, not bribery and these gifts, he should have reported the gifts but he didn't. $15,000 for a child's wedding. $70,000 loan.
the problem was bobby don hued ha been considered a potential vice president candidate was in over his head. you're a public figure and let your messy private life combine together. >> sunday night at 8:00 eastern and pacific on cspan's q and a. president harry true man referred to his wife bes as the boss. she had little to say to the media. especially after some unforgettable public moments. and she spent a good part of her white house years home in missouri. bess truman on cspan's original series. examining the public and private lives of the women who filled the position of first lady and
their influence on the presidency from martha washington to michelle obama sunday at 8:00 p.m. eastern on cspan3. >> now to capitol hill where pope francis delivered a historic address this morning. the pontiff's remarks focused on global issues, immigration and climate change. this is about 50 minutes. mr., speaker, the pope of the holy see.
i would like to think that the reason for this is that i too am a son of this great continent, from which we have all received so much and toward which we share a common responsibility. each son or daughter of a given country has a mission, a personal and social responsibility. your own responsibility as members of congress is to enable this country, by your legislative activity, to grow as a nation.
you are the face of its people, their representatives. you are called to defend and preserve the dignity of your fellow citizens in the tireless and demanding pursuit of the common good, for this is the chief aim of all politics. a political society endures when it seeks, as a vocation, to satisfy common needs by stimulating the growth of all its members, especially those in situations of greater vulnerability or risk.
legislative activity is always based on care for the people. to this, you have been invited, called and convenes to those who elected you. yours is a work which makes me reflect in two ways on the figure of moses. on the one hand, the patriarch and lawgiver of the people of israel symbolizes the need of peoples to keep alive their sense of unity by means of just
legislation. on the other, the figure of moses leads us directly to god and thus to the transcendent dignity of the human being. [ applause ] moses provides us with a good synthesis of your work. you are asked to protect, by means of the law, the image and likeness fashioned by god on every human life. today i would like not only to address you, but through you the entire people of the united states.
here, together with their representatives, i would like to take this opportunity to dialogue with the many thousands of men and women who strive each day to do an honest day's work, to bring home their daily bread, to save money and, one step at a time, to build a better life for their families. these are men and women who are not concerned simply with paying their taxes, but in their own quiet way sustain the life of society. [ applause ]
they generate solidarity by their actions, and they create organizations which offer a helping hand to those most in need. i would also like to enter into dialogue with the many elderly persons who are a storehouse of wisdom forged by experience, and who seek in many ways, especially through volunteer work, to share their stories and their insights. i know that many of them are retired, but still active.
they keep working to build up this land. i also want to dialogue with all those young people who are working to realize their great and noble aspirations, who are not led astray by facile proposals, and who face difficult situations, often as a result of immaturity on the part of many adults. i wish to dialogue with all of
you, and i would like to do so through the historical memory of your people. my visit takes place at a time when men and women of good will are marking the anniversaries of several great americans. the complexities of history and the reality of human weakness notwithstanding, these men and women, for all their many differences and limitations, were able, by hard work and self-sacrifice, some at the cost of their lives, to build a better future. they shaped fundamental values
which will endure forever in the spirit of the american people. a people with this spirit can live through many crises, tensions and conflicts, while always finding the resources to move forward, and to do so with dignity. these men and women offer us a way of seeing and interpreting reality. in honoring their memory, we are inspired, even amid conflicts, and in the here and now of each day, to draw upon our deepest
cultural reserves. i would like to mention four of these americans, abraham lincoln, martin luther king, dorothy day and thomas merton. [ applause ] this year marks the 150th anniversary of the assassination of president abraham lincoln, the guardian of liberty, who labored tirelessly that this nation, under god, might have a
new birth of freedom. building a future of freedom requires love of the common good and cooperation in a spirit of subsidiarity and solidarity. all of us are quite aware of, and deeply worried by, the disturbing social and political situation of the world today. our world is increasingly a place of violent conflict, hatred and brutal atrocities, committed even in the name of god and of religion. we know that no religion is
immune from forms of individual delusion or ideological extremism. this means that we must be especially attentive to every type of fundamentalism, whether religious or of any other kind. a delicate balance is required to combat violence perpetrated in the name of a religion, an ideology or an economic system, while also safeguarding religious freedom, intellectual freedom and individual freedoms. [ applause ]
but there is another temptation which we must especially guard against, the simplistic reductionism which sees only good or evil, or, if you will, the righteous and sinners. the contemporary world, with its open wounds which affect so many of our brothers and sisters, demands that we confront every form of polarization which would divide it into these two camps.
we know that in the attempt to be freed of the enemy without, we can be tempted to feed the enemy within. to imitate the hatred and violence of tyrants and murderers is the best way to take their place. that is something which you, as a people, reject. [ applause ] our response must instead be one of hope and healing, of peace and justice.
we are asked to summon the courage and the intelligence to resolve today's many geopolitical and economic crises. even in the developed world, the effects of unjust structures and actions are all too apparent. our efforts must aim at restoring hope, righting wrongs, maintaining commitments, and thus promoting the well-being of individuals and of peoples. we must move forward together, as one, in a renewed spirit of fraternity and solidarity,
cooperating generously for the common good. [ applause ] the challenges facing us today call for a renewal of that spirit of cooperation, which has accomplished so much good throughout the history of the united states. the complexity, the gravity and the urgency of these challenges demand that we pool our resources and talents, and resolve to support one another, with respect for our differences
and our convictions of conscience. [ applause ] in this land, the various religious denominations have greatly contributed to building and strengthening society. it is important that today, as in the past, the voice of faith continue to be heard, for it is a voice of fraternity and love, which tries to bring out the best in each person and in each society. such cooperation is a powerful resource in the battle to
eliminate new global forms of slavery, born of grave injustices which can be overcome only through new policies and new forms of social consensus. politics is, instead, an expression of our compelling need to live as one in order to build as one the greatest common good, that of a community which sacrifices political interests, in order to share, in justice and peace, its goods, its interest, its social life.
i do not underestimate the difficulty that this involves, but i encourage you in this effort. [ applause ] here too i think of the march which martin luther king led from selma to montgomery 50 years ago as part of the campaign to fulfill his dream of full civil and political rights for african americans. [ applause ]
deepest and truest in the life of a people. in recent centuries, millions of people came to this land to pursue their dream of building a future in freedom. we, the people of this continent, are not fearful of foreigners, because most of us -- [ applause ] >> -- because most of us were once foreigners. [ applause ]
i say this to you as the son of immigrants, knowing that so many of you are also descended from immigrants. [ applause ] tragically, the rights of those who were here long before us were not always respected. for those peoples and their nations, from the heart of american democracy, i wish to reaffirm my highest esteem and appreciation. those first contacts were often
turbulent and violent, but it is very difficult to judge the past by the criteria of the present. [ applause ] nonetheless, when the stranger in our midst appeals to us, we must not repeat the sins and the errors of the past. [ applause ] we must resolve now to live as nobly and as justly as possible, as we educate new generations not to turn their back on our neighbors and everything around us.
building a nation calls us to recognize that we must constantly relate to others, rejecting a mindset of hostility in order to adopt one of reciprocal subsidiarity, in a constant effort to do our best. i am confident that we can do this. our world is facing a refugee crisis of a magnitude not seen since the second world war. this presents us with great challenges and many hard decisions.
on this continent, too, thousands of persons are led to travel north in search of a better life for themselves and for their loved ones, in search of greater opportunities. is this not what we want for our own children? [ applause ] we must not be taken aback by their numbers, but rather view them as persons, seeing their faces and listening to their stories, trying to respond as best we can to their situation. to respond in a way which is