09.26.18

Rounds Delivers Opening Statement at Cyber Subcommittee Hearing

Purpose of Hearing to Review DoD Cyber Operational Readiness

WASHINGTON—U.S. Sen. Mike Rounds (R-S.D.), a member of the Senate Armed Services Committee and chairman of the Cybersecurity Subcommittee, today delivered the opening statement at a joint Cybersecurity and Personnel Subcommittee hearing to review the cyber operational readiness of the Department of Defense (DoD).

 

Rounds remarks, as prepared for delivery:

The Cybersecurity and Personnel Subcommittees meet this afternoon to receive testimony on the cyber operational readiness of the Department of Defense. Our witnesses are:

 

  • Brigadier General Dennis Crall, Principal Deputy Cyber Advisor and Senior Military Advisor for Cyber Policy;
  • Ms. Essye Miller, Principal Deputy, Department of Defense Chief Information Officer;
  • Lieutenant General Stephen Fogarty, Commander, U.S. Army Cyber Command; and
  • Lieutenant General Vincent Stewart, Deputy Commander, United States Cyber Command.

 

This hearing will commence in open session, in which Senators Tillis, Nelson and Gillibrand will all make a few opening remarks.

 

At the conclusion of Senator Gillibrand’s comments, we will ask our witnesses to make their opening remarks.

 

After that, we will have a round of questions and answers.

 

We will then transition to SVC-217, the Office of Senate Security, and recommence in closed session.

 

Each of the witnesses may provide additional context and testimony that they were not able to provide in an open setting, and we will then close with another round of Q&A.

 

I encourage members and staff to stay through the closed session, given the gravity of the topic at hand.

 

The administration recently issued a new policy document known as National Security Presidential Memorandum 13.

 

The new policy entailed by NSPM 13 replaces that of Presidential Policy Directive 20 which virtually paralyzed the conduct of offensive operations by U.S. Cyber Command outside of armed conflict.

 

I look forward to a Department of Defense briefing on the new policy in the near future.   

I am hopeful this new policy will enable the Department of Defense to act more nimbly and effectively to counter and deter our adversaries’ ongoing cyber-attacks on the United States, attacks conducted with virtual impunity.

 

However no such policy, however well crafted, will succeed unless U.S. Cyber Command develops and maintains the high level of cyber operational readiness required to implement it.

 

With the elevation of Cyber Command to status as a fully unified command and the Cyber Mission Force’s achieving full operational capability in May, the Department’s cyber forces appear to have moved beyond adolescence.

 

It is now vital that the current capability and operational readiness of the command fulfill the requirements entailed by these designations.

 

I invited Senator Tillis and Senator Gillibrand, along with the remainder of the Personnel Subcommittee, because these shortfalls are not limited to traditional readiness measures of equipment and training.

 

Indeed, a great deal of the Department’s cyber readiness issues revolve around the shortage of skilled, cyber-capable personnel.

 

These shortfalls will only be aggravated if the Cyber Mission Force needs to be expanded in the future, and I am concerned that the current recruitment, pay, retention and career pathway structures in place are not equipped to manage this problem.

 

I am thus eager to hear the Service or tactical level perspective from General Fogarty; the operational Cyber Command’s perspective from General Stewart; the more strategic and governance perspective from General Crall in OSD; and the CIO and civilian personnel perspective from Ms. Miller.

 

I am also eager to explore the Department’s plans to correct these shortfalls with the senators of the Personnel Subcommittee today, and I am grateful to have their expertise at this table.

 

An ongoing concern of the subcommittee, which I am sure the department shares, is that we preempt a hollow cyber force and that we have a cyber force that is adequately staffed and equipped and has the necessary tools, targeting capability and development capability to respond to operational needs.

 

In particular, Cyber Command needs the indigenous capability, without overreliance on NSA, to surveil adversary networks for zero-day vulnerabilities, produce malware to exploit these vulnerabilities and implant this malware within a reasonable and realistic timeline.

 

Such capabilities are necessary not only for its DODIN-defense and national missions but also for those conducted in support of the combatant commands.

 

I am eager to hear about CYBERCOM’s current capacity and activity to assist in EUCOM’s, PACOM’s and CENTCOM’s operations.

 

Each of our witnesses have an important role to play in this space: General Stewart, as Deputy Commander of Cyber Command, is most directly responsible for the readiness of the Cyber Mission Force; General Crall’s role in defining DOD cyber policy shapes and is shaped by the capabilities offered by the Cyber Mission Force; General Fogarty as Commander of Army Cyber Command is the executive agent for the Persistent Cyber Training Environment and must man, train and equip its cyber teams; and Ms. Miller and the CIO’s office generally retain responsibility for the cyber infrastructure—including that on which the Cyber Mission Force will fight and test their malware—across the Department.

 

I will close by thanking our witnesses for their service and for their willingness to appear today before the subcommittee.

 

###