The above-captioned was a hearing before the House Committee on Armed Services Subcommittee on Intelligence, Emerging Threats, and Capabilities, held March 13, 2013. The entirety of the statements can be found here.
Read more after the bump.
Members in attendance included Mac Thornberry (Vice Chairman, R-Texas), Joe Heck (R-Nevada), Susan A. Davis (D-California), James R. Langevin (D-Rhode Island), Derek Kilmer (D- Washington), and Scott Peters (D-California). Witnesses called included General Keith Alexander (Commander, United States Cyber Command), The Honorable Elizabeth McGrath (Deputy Chief Management Officer, Department of Defense), and The Honorable Teri Takai (Chief Information Officer, Department of Defense).
Hon. Langevin: One only needs to look at the recent headlines to understanding the relentless attacks we are enduring. Our defense networks are at a great risk, and they must be fail proof and secure. We must be mindful of tax payers’ money and use it effectively. I want to hear what steps we are taking to battle challenges, and how DoD has developed since our last hearing. I also want to hear about how we are going about recruitment and training of cyber work force. The vulnerability of our critical infrastructure is obvious; I want to make progress to close these weaknesses.
General Keith Alexander: We are currently battling the sequester; this situation could potentially affect the training Department of Defense (DoD) needs to bring new people on board. We need to be prepared for attacks against our nation in cyber space. DHS has the resilience, the recovery, and acts as the public interface. We need to work closely with Congress to establish comprehensive legislation for the future that prioritizes civil liberties and privacy. We must train workforce, obtain situational awareness, obtain defensible architecture, and create a set of standards.
The Honorable Elizabeth McGrath: Information technology is key. The Congress has been instrumental in supporting many processes’ to support information technology. The department is committed to improving IT systems as well as our overarching business environment that will create lasting results for men and women in uniform and American citizens.
The Honorable Teri Takai: We are in a joint information environment. A singular system will be created in order to advance unity. One consistent network will allow technology to keep pace with fast pace operational responses. Timely and secure access of necessary information will be reached by one singular network. The Joint Information Environment (JIE) aims to simplify and standardize IT operations across the department to create a seamless information ecosystem in which DoD personnel and warfighters are able to access the information they need quickly and securely. Cyber command will be better equipped to set priorities. We continue to work on several weaknesses, and there is always room for improvement.
Q & A
Ranking Member Thornberry: Can you tell us what American people should expect the Department of Defense to protect them from?
General Alexander: I think it is reasonable for the American people to expect that the Defense Department will do its part to defend the country in any way we can, with the focus being on critical infrastructure. The issue is, when does an exploit situation become an attack and when do we respond to it. Many of those decisions become policy issues and fall on the administration.
Ranking Member Thornberry: Can we be confident that our information technology systems can defend against cyber-attacks?
Hon. Takai: The report you are most likely referring to is over a year old, it also does not consider some of the actions that we have been taking to change our cyber defense approach. We need to be sure we are prioritizing where we are putting our research. Overall, we have come a long way and are taking high precautions around our technology system.
Hon. Langevin: Can you speak to how cyber is affecting critical infrastructure. What are the processes’ put in place to know how and when to respond if there is an attack?
General Alexander: We are working with the White House and agencies to create those rules of engagement. Right now, the decisions rest with the President and Secretary. I think this is a learning process. The partnership with industry is key and that is why legislation is crucial. Right now, we cannot react properly to attacks on industry. Liability protection is also necessary in order for a free flow of information to become possible.
Hon. Langevin: What information needs to be shared?
General Alexander: If someone was throwing an attack at Wall Street, we would need to know the types of attacks and exploits. The government needs to know these technological details, not information in people's personal emails. There is a way to do this that protects privacy, but also protects our nation's critical infrastructure.
Hon. Langevin: You mentioned teams are being created for specific missions. Can you expand on this further?
General Alexander: The key is the teams are organized into groups to counter an adversary that is attacking our country. The teams will have specific missions and areas of focus.
Hon. Heck: How would a national threat versus an international threat differ between reactions?
General Alexander: FBI would be responsible for domestic, and DoD would be deal with international. All of this can be done in real time speed.
Hon. Kilmer: I am interested in work force issues; how do we prepare the work force for these cyber threats. Can you elaborate on this issue?
Hon. Takai: We need to expand communications to recruit capable employees and expand the program from a communications aspect. We need to better educate companies about requirements needed. We are in need of new individuals who are highly skilled but not necessarily skilled in only cyber. We want a broad range of expertise.
Hon. Kilmer: What can we do as Congress to help you recruit?
Ms. McGrath: The Congress has passed legislation to hire qualified experts, the Department has simply not leveraged the opportunity thus far. We have a very good model, where our military is sent out into industry to recruit. Based on the pay cuts many take by entering the military, it is often difficult to present incentive. People need to feel confident in a job path and future in the military.
Hon. Peters: I think General you told us about difficulties recruiting in light of the budget uncertainty we have. Update us on how the budgeting continuing your effort to recruit.
General Alexander: What we are getting from some of our potential recruits, such as industry folks who are taking a pay cut, are verbalizing a sense of uncertainty. Our most valuable assets are the people we hire. We have to let them know we are about them and we need your support.
Hon. Davis: The electronic health records are a concern for me. Recently it was announced that DoD was going to try and work with the Department of Veteran’s Affairs (VA) to combine health information, in order to allow information to flow more smoothly. Now, it is unclear whether that system is still going to happen. Can you fill me in on the progress?
Ms. McGrath: We have made significant progress about sharing of information between DoD and VA. We want to modernize health records, history, and legacy systems. The foundational aspects we agreed to in 2011 are still in place, the issue is cost effectiveness. We wanted to look into a more economical way of providing a singular system. We have not abandoned the joint strategy, but we are trying to find a more economic design.
Hon. David: How is that going to affect the service member? Many of us worked a very long time promoting this system.
Ms. McGrath: The entire infrastructure that we have been working on since 2011 will be carried forward; we are not scrapping anything from that prospective. I'd be happy to give you more detail at another date.
Ranking Member Thornberry: The defense business board made a recommendation about satellite communications. It has been suggested that we could lease satellite services for more than one year at a time, can you comment on that suggestions. Isn't that an easy way to save money?
Hon. Takai: We have seen those recommendations and there is benefit in taking them into consideration, but it must be looked at over a multi-year period. We are putting together a cost-recovery model to see what the best approach is.
Hon. Langevin: Let's talk about the cloud; articles that I have been reading diminish my confidence with the cloud. Yet, that is something you are considering moving towards. What is the security like?
General Alexander: This has several dimensions, first our current system takes way to long and the timeliness is not where it needs to be. A cloud can patch systems in almost real time, but there are valid concerns with cloud. For example, cloud systems did not have data element security tagging capabilities. In the cloud we created you can tag individual pieces of data for further security. Our cloud is more secure and much better than legacy architecture.
Hon. Langevin: These great technologies come down to the people and how well they are trained. I know you touched on this, but can you speak to us more about the pipeline of cyber and development of IT officials?
Ms. Takai: We are first making sure we can support General Alexander in the cyber work force. We are putting together a strategy today by looking at individuals we already have in DoD, and we also are looking for lots of different experiences and expertise. We are stepping up our recruiting by being more definitive with the career path for the civilians that we are hiring. A challenge is that people won't be able to rotate in and out of jobs. Individuals need a singular career path to be able to grow in this field. We will find a way to recruit individuals at a more senior level.
Ranking Member Thornberry: There was a recommendation for sharing spectrum as a possible solution, can you comment on that?
Ms. Takai: We feel very strongly that it is important for us to look at spectrum sharing going forward. We are participating in 5 working groups hosted by the NTIA to look at areas of spectrum sharing. We believe there are opportunities but it does have its challenges. There are several ways to do it, one is geographically. We are interested in doing further testing, but we know spectrum sharing will not solve the problem entirely.