awareness, missile defense, and electronic warfare to combatting weapons of mass destruction. stratcom coordinates the activity of u.s. cyber command across the department of defense, unlike combatant commands, which are regionally folk you, stratcom's missions are global. that capability needs to be preserved as we continue to reduce the size of these forces and modernize the infrastructure at the department of energy that supports this mission. general kaler, here are some of the issues that i hope that you'll address this morning. first, are you satisfied with

the direction we're taking in our nuclear force posture and with the department of energy's role in maintaining our nuclear stockpile so that we can continue to reduce its size without testing while ensuring the stockpile remains safe and meets military requirements? second, do you believe we are on a sustainable path to protect our space assets and to reconstitute them if necessary given the congested and contested nature of space? third, the department of defense has allocated a block of the electromagnetic spectrum that connects our space, cyber and electronic warfare assets to our fozs. stratcom is the lead combat ant command for synchronizing spectrum operations. how concerned are you about the

pros prospect of losing spectrum and what are you doing to preserve access to it? fourth with the cancellation of the operationally responsive space program, are you worried about our ability to field low-cost but rapidly deployable satellites that can fill capability gaps between large national intelligence satellite collection systems and the department's airborne surveillance platforms? fifth, what is your strategic vision for the combined use of space and cyber? these two dough mains are integrally linked but we have not seen a plan for integrating capabilities and operations. let me now turn to cyber command for a moment. there's much for us to examine in this increasingly important and complex but still new mission area. not only as it affects the department of defense but the government and economy as a

whole. general alexander has stated that the relentless industrial espionage being waged against u.s. industry and government chiefly been china constitute, quote, the largest transfer of wealth in history, close quote. the committee needs to understand the dimensions of this technology theft and its impact on our national security and prosperity. the armed services committee has focused for some time on the need to develop comprehensive policies and frameworks to govern planning and operations in cyberspace. what are the rules of engagement if we are attacked by another nation? what is the doctrine for operations and deterrence in war fighting strategies? the administration has made progress in these areas, is reflected in recent strategies and in the development of comprehensive legislation to improve cyber security but much more needs to be done.

as a still developing subunified combat ant command, the committee needs to understand the current and planned relationships between cyber command and stratcom and the other combatant commands. the defense department is considering the establishment of component cyber commands at the combatant commands. weep need to know what command arrangements would apply to these potential components as well as the authorities and the missions that stratcom has delegated to cyber command and those that it plans to retain. general alexander has stated publicly that he believes he needs additional authorities to defend the networks information systems of the rest of the federal government and those of critical infrastructure. the committee needs clarity on exactly what authorities general alexander might be seeking and whether they go beyond what the

administration has requested in its legislative proposal to congress. general alexander has also often stated that the department of defense does not in fact have a unified network but rather 15,000 separate networks or enclaves into which cyber command has little visibility. the committee needs to understand what can and should be done to correct what seemed to be an urgent and critical problem. the department of defense has conducted a pilot program with a number of major companies in the defense industrial business or dib as it is called and multiple internet service providers like or isps like at&t and verizon. they provide signatures of known cyber penetration tools and methods directly to the dib companies or to the isps that

provide the dib companies their communications services. the companies then use these signatures to detect and block intrusion attempts. carnegie mellon conducted an independent assessment of the dib pilot for dod and concluded that nsa provided few signatures that were not already known to the companies themselves and in many cases the dib companies by themselves detected advanced threats with their own nonsignature-based detection methods that probably is not known to the nsa. and so we need to hear from general alexander on his view of those issues as well. we thank you both again for your service, for your being here this morning and we call on senator mccain. >> thank you, mr. chairman. let me thank our distinguished witnesses for joining us this morning and their many years of service to our nation.

u.s. strategic command is in the midst of pivotal change has we proceed why the modernization of the nuclear weapons complex and nuclear try add and further imbred cyber defense and cyber attack and the core mission competencies of 21st century warfare. nuclear modernization i'm encominged even with the unpress didn'ted level of defense spending uncertainty, the department has maintained its commitment of modernizing the try add of nuclear delivery vehicles. unfortunately the same cannot be said for the national nuclear strurt administration and proposal to abandon or delay key elements of their plan. modernization is universally recognized as essential to the

future viability of the nuclear weapons complex and a prerequisite for future reductions. it's now been over a year since the treaty entered into force and we don't see any sign of the administration keeping those commitments. the core of the strategic

command mission is deterrence, however as frequency, sophistication and intensity of cyber related incidents continues to increase, it's apparent that this administration's cyber deterrent policies have failed to curb those malicious actions. the current deterrence framework, which is overly reliant on the development of defensive capabilities has been unsuccessful in dissuading cyber-related aggression. whether it's a nation state probing our military network, or criminal networks' theft of intellectual property, we must do more to prevent, respond to and deter cyber threats. the inevitability of a large scale cyber attack existential threat to our nation and does little to influence the psychology of attackers who operate in a world with few if any negative consequentials for their actions. last july general cartwright, the former vice chairman of the joint chiefs of staff, criticized the administration's reactive strategy for operating in cyberspace saying, quote, if it's okay to attack me and i'm not going to do anything other than improve my defenses every time you attack me, it's very difficult to come up with a deterrent strategy. i look forward to hearing from our witnesses if they believe that a strategy overly focused on defense is sustainable and whether they agree more must be done to defer and dissuade those who look to hold u.s. interests

at risk via cyberspace. the senate will soon begin debate on cyber security legislation. the central themes in that debate will focus on how to improve information sharing across the spectrum and whether a new governor bureaucracy will improve our cyber security. have i proposed legislation that first focusses on removing legal hurdles that hinder information shari sharing. if a timely response is ef sense, how would another layer of bureaucratic red tape be helpful? while a secured act does not give new authorities to the national security or u.s. cyber command, few will deny that those institutions, not the department of homeland security, are most capable of guarding against cyber threats. unfortunately other legislative proposals favor prematurely adding more government

bureaucracy rather than focusing on accomplishing the objective of protecting our cyber interests. general alexander, during an fbi sponsored symposium at fordham university, you stated that if a significant cyber attack against this country were being planned, there may not be much that either cyber command or nsa could legally do to discover and thwart such an attack in advance. you said, quote, in order to stop a cyber attack, you have to see it in realtime and you have to have those authorities. those are the conditions we put on the table. now, how and what the congress chooses, that will be a policy decision. in a fight where the threat can materialize in mill i seconds and quick action is essential, i look forward to better understanding what authorities you believe are needed to protect the united states interest both at home and abroad. the department of defense is requesting nearly $3.4 billion

for cybersecurity in fiscal 2013 and almost 17.5 billion over the future years' defense program. the cyber budget is one of the only areas of growth in the dod budget because of broad agreement that addressing the cyber threat must be among our highest priorities. ive thank the witnesses for appearing before the committee today and look forward to their testimony. >> thank you very much. senator kaymer -- i mean general kaler. excuse me. >> thank you, mr. chairman. if it's okay with you, i'd like to have my statement admitted to the record. >> it will be part of the record. >> sir, senator mccain and distinguished members of the committee, thanks for this tonight to present my views on the united states strategic commands missions and priorities. very pleased to be here today with general keith alexander, cyber commandes commander and of course as both of you have

pointed out, cyber is a critical component of our global capabilities. without question, mr. chairman, we continue to face a very challenging global security environment marked by constant change, enormous complexity and profound uncertainty. change and surprise have characterized the year that have passed since my last appearance before this committee. over that time, the men and women of strategic command have participated in support of operations in libya and japan, have supported the withdrawal of u.s. combat forces from iraq and have observed the arab spring, the bold operation that killed osama bin laden, the death of kim jong il and the succession of kim jong un, the passage of the budget control act and the adoption of new defense strategic guidance. through this extraordinary period of challenge and change, stratcom's focus has remained constant, to deter, detect and

prevent attacks on the united states, our allies and partners and to be prepared to employ force as needed. our priorities are clear, deter, attack, partner with the other commands to win today, respond to the new challenges in space, build cyberspace capability and capacity and prepare for uncertainty. transcending all of these priorities is the threat of n e nuclear materials or wednesdayons in twednesdaapons the hands of extremistextremist. conflict will likely be increasingly hybrid in nature, encompassing, land, sea and hybrid space, cross geographic boundaries, involve multiple participants. i think it's important to note the same space and cyberspace

tools that connect us together just last month the department of defense released new strategic guidance to address challenges. it describes the way ahead for the entire d.o.d. but i believe many portions are especially relevant to stratcom and are broad assigned responsibilities. for example, global presence, succeeding in current conflicts, deterring and defeating aggression, including those seeking to deny our power projection, countering weapons of mass destruction, effectively operating in cyberspace, space, and all other domains and maintaining a safe, secure, effective nuclear deterrent are all important areas in the new strategy where stratcom's global reach and strategic focus play a vital role. these are important responsibilities, there are real risks involved in the scenarios we find ourselves in today. it's my job to prepare for those

events and to advocate for the sustainment and modernization efforts we need to meet the challenges. in that regard, the fiscal year 2013 budget request is pivotal for our future. we're working hard to improve our planning and better integrate our efforts to counter weapons of mass destruction, proceed with our nuclear delivery, command and control systems, mod vearnize the complx that cares for them, improve resilience of our space cape ibilties and enhance our situational awareness of the congested, competitive and contested domain. we need to improve the protection and resilience of cybernetworks, increase cape ability and capacity and work across the inner agency to increase protection of our critical infrastructure. enhance our isr cape babilities.

we need to get better at electronic warfare, we need to practice how to operate in a degraded space and cyberspace environment. we need to improve our understanding of our adversaries, we need to review our plans and improve our decision processes and command relations, all subjects the two of you touched on in our opening comments. in short the new national security reality calls for a new strategic approach that promotes agile, decentralized action from a fully integrated and int interdependent and resilient joint force. these are tough challenges but the men and women of stratcom view challenges as opportunities, partner with other commands to forge a bet, smarter, faster joint force. we remain committed to work with this in committee, the services, other agencies and our international partners to provide the flexible, agile and reliable strategic deterrence and mission assurance capabilities that our nation and friends need in this increasingly uncertain world. mr. chairman, it's an honor and

privilege to lead america's fine evidence men and women. they are our greatest advantage. i'm enormously proud of their bravery and sacrifice, and i pledge to stand with them and for them to ensure we retain the best force the world has ever seen. in that, i join with the secretary of defense and the chairman of the joint chiefs of staff and other senior leaders, my colleagues, other combatant commanders in thanking you for the support you and this committee have provided them in the past, present, and on into the future. before i close, mr. chairman, i would like to pause and remind the committee that stratcom is headquartered in the great state of nebraska. and i wanted to take this opportunity to thank senator ben nelson for his service. senator nelson will retire at the end of the congress and during his service he has worked dill gently to better the lives of our troops and strategic offices. those who work at the air force base are well aware of his deep commitment to them. on behalf of your fellow nebraskans at stratcom, senator,

we off our thanks. thank you for this opportunity. i look forward to your questions. >> thank you very much, general. thank you for your reference to general ben -- now i call hem a general and you a senator -- to senator ben nelson. we all feel very much the way you do and grateful for your reference to him. thank you. general alexander? >> chairman levin, ranking member mccain and distinguished members of the committee, thank you for the community to appear before you today. i'm pleased to appear with general bob kehler, and i echo his comments all across the board, including with senator nelson. i would start up front by echoing some of those comments which is, is it a privilege and honor to lead the soldiers, sailors, airmen, civilians of cybercommand in nsa. we have great people. thanks for what you do to get those great people for us. i'd like to thank you and your

colleagues to your support and helping the command move rapidly forward in our efforts to address emerging threats and concerns to our nation. i need to thank all of our partners throughout d.o.d., dhs, and the fbi, and the endeavor to build capability and capacity. cyber is a team sport and we could not have come this far and accomplished as much as we have without them. many changes and substantial progress have been made since i last spoke to the committee almost two years ago. cyberspace has increasingly become more critical to our national and economic security, and chairman, you brought up one of the quotes about the greatest transfer of wealth. i think that is absolutely correct. we are seeing increased exploitation into industry, government government, other government agents and the tlehreat of intellectual property is astounding.

i'll address part of that shortly in comments coming up. ly eye also think that the threat has grown in terms of activists, nation state actors. the chairman emphasize cyber has area of investment and a liner defense budget. the task of assuring cyberspace access and security has drawn attention of all of our nations' leadership. u.s. cybercommand is a component of a larger u.s. government-wide effort to make cyberspace, one, safer and a form for vibrant citizen interaction, reserve our freedom to act in cyberspace and defend our vital interests those of our allies. cybercommand is charged to direct the security, operations and defense of the department of defense information systems. but our work is affected by threats outside d.o.d.'s networks. threats the nation cannot ignore. what we see both inside and outside d.o.d. information

systems underscores the imperative to act now to defend america in cyberspace. the american people expect broad and efficient access to cyberspace. military and civilian sectors rely on accessibility, increased inner connectedness of information systems, growing sophistication of cybercriminals and foreign intelligence actors has increases our risk. last spring, international strategy for cyberspace the president confirmed inherent right to protect ourselves against attacks in this domain as in traditional domains. he said, when warranted, the united states will respond to hostile acts in cyberspace as you would to any other threat to our country. cybercommand exists to ensure the president can rely on the d.o.d. information systems and has military options available to defend our nation. the president and secretary of defense recently reviewed our

nation's strategic interests issued guidance on defense priorities. in sustaining u.s. global leadership, priorities to 21st century defense, the secretary focuses on protecting access throughout the cyber domain. the u.s. cybercommand role is to pay attention how nations and nonnation state actors are developing asymmetric capabilities to conduct cyberespionage and attacks. d.o.d. recently added detail to that position in accordance with the president's strategy the department further explained our deterrent posture to congress in a cyberspace policy report last november. d.o.d. components especially cybercommand, worked to dissuade others from attacking our planning to attack the united states in cyberspace. we worked with a range of partners, u.s. governmental lies, private industry, strengthen defense of our citizens, the nation, and allies in cyberspace. i wanted to assure you that all of our work is performed to

safeguard the privacy and civil liberties of u.s. persons. these responsibilities are very much on our minds. in establishing the co-com relationships you asked about our relationships with other commands and i'd like to establish a. dress that. first establishing a cybersupport element at each of the six geographically-based cocom. u.s. centcom is operation pmg u.s. paycoms is partially operational and others are on the way. the purpose is to provide technical expertise and cape ability and improve capabilities to the cocom planning efforts. our goal to ensure each has full suite of cyberoptions to choose from and understanding of effects these options can produce in aor. chairman, you also asked about the standing rules of

engagement. the department's conducting a review of the joint staff of existing standing rules of engagement on cyberspace. these revised standing rules of engagement should give us authorities we need to maximize preauthorization of defense responses and empower activity at the lowest level. issues being ironed out are what specific he set of authorities we will receive conditions in which we conduct response actions and we expect those will be done in the next few months. d.o.d.'s role in defense against cyberattacks, the defending the nation in cyberspace requires coordination with several key government players, notably, dhs, the fbi, the intelligence community. i'd like to put some of those on the table because it is my opinion that we need all three working together as a joint team. dhs has to lead for coordinating overall national effort to enhance cybersecurity of the u.s. critical infrastructure.

they lead in resilience and preparing the defense. fbi has lead for detection investigation prevention and mitigation response within domestic arena under their authorities for law enforcement, domestic intelligence, counterintelligence, and counterterrorism. and of course d.o.d. and nsa and cybercommand lead for detection, prevention and defense in foreign space. defense of the nation comes under if the nation comes under attack. i'd line to go into a few, if i could, a little bit on what i see we need in cyberspace. the requirements to defend the nation from attack, because there's been a lot of discussion on this and i think it's important to put this up front. i think this is the heart of some of the discussion that's going on with the legislation today. first, we need to see the attack. what do i mean by that? that was a quote that we made up at the fordham university. if we can't see the attack, we

can't stop it. what we're not talking about is putting nsa or the military into our networks to see the attack. what we're talking about that all of you have put on the table is, we have to have the ability to work with industry, our partners, so that when they are attacked or they see an attack, they can share that with us immediately. the information sharing and the liability that goes along would allow industry, armed with signatures that we can provide, signatures that they have i agree it takes all of us working together to provide a better defense. what we need is for them to tell us that something is going on. there's a couple of analogies that i'd like to use. these are not perfect analogies, just best that i can come up with. being in the armed services committee here i use the missile analogy. if a missile were coming into the country and we had no radars to see it, we couldn't stop that missile. if we have a cyberattack coming

in and no one tells us that that's that cyberattack is going on, we can't stop it. today, we're in the forensics mode. what that means is, an attack or an exploit normally occurs, we're told about it after the fact. i think we should be in the prevention mode in stopping that. a lot of that can be done by industry. i think that industry should have the ability to see these and share that with government in real-time. when you think about it it's almost like the neighborhood watch program. somebody's breaking into a bank, somebody needs to call the authorities to stop it. in cyberspace, what we're saying is armed with the signatures, the software, those things that help us understand an attack is going on we believe that industry is the right ones to tell the government that they see that, and get us respond to it. so i just want to clarify,

because i do not believe we want nsa or cybercommand or the military inside our networks watching it. we think industry can do that. we think that's the right first step. and we think actually that's in both of these bills. the second part, i used that bank one because i think there's another part to this, that we have enforced within d.o.d., and that's what standards do we bill our networks to? how much of a defense do we put in there? how do we make our defense better? we have put in a series of defensive capabilities, if you will, standards that we operate and defend our networks. how do you align your networks, how do you know they're configured right? how do you make them defensible so they will last when somebody's trying to get? i -- we have a great information assurance directorate and one of the former directors told me that 80% of the exploits in attacks that come in could be

stopped just by the hygiene itself. chairman, you also brought up the issue of the carnegie melon report and i would like to hit some of that because i do think that's an important report, and it has -- it really applies to this discussion that we have going on now. as i have stated previously, that report and that assessment was early on in the d.i.b. pilot. that done mean that we can't do better. in fact, let me turn that around and say, for us to be successful in cyberspace, it's going to require government and industry working together with best of both. industry partners see signatures that government doesn't see and government sees signatures or militia software, exploitations and attack into the country that industry doesn't see. information sharing and the ability to do that is key to stopping that. what i see from the d.i.b. pilot was increased discussion between

government and industry, and this was a good thing. and it has grown. it continues to grow and we're getting better. so in legislation, what i think is we need to make the first step. we need to start. we won't get it perfect but we need that ability for industry to share with us the fact that these attacks and expoits are s exploits are going on. we cannot stop them, we cannot help. five areas that ifo cussed on with the folks at u.s. cybercommand. first, we have to build and train cyberforces and these are things that bob kehler and i are arm and arm on. second a defense ibl architecture. you mentioned 15,000 enclaves and our antiquated architecture, if we went to the way google, yahoo! and others are doing in the defense department we'd have a more defensible architecture and that's the way we are pushing, and the services are helping us get there. i think we have to partner with

dhs and fbi. the reason that i bring dhs into this is that, i believe we want them working with rest of government to help set up the rest of government networks and work with that. we do not want to take the people that i have and push them over here. i think we want people that we have looking outside and that goes to senator mccain's comments, we're the offensive force. we're the ones that are going to protect the nation, we need to see what's going on and be prepared to do that. we can give and work with dhs and provide capabilities and technical expertise, and that's growing. finally, i'd add in fbi. they have some tremendous capabilities, they have the law enforcement arm, and when you put all three of us together, i think our country knows that what we're doing is transparent and we're doing the right thing. in doing that, you've brought all three players to the table. i see command and control in partnership is key, especially with our allies, and i'd put the

allies on the table because this is going to be huge for our future and the concept of operating in cyberspace we mentions earlier. so, it is an honor and privilege to represent the soldiers, sailors, air american, marines and civ andi civilians of u.s. cybercommand today. a thank you. i'd ask my statement for the record be included on the record. and that's all i have, chairman. >> thank you so much, general. the statement will be made part of the record. we'll start with a seven-minute first round. general kehler, first, do you support the fiscal year 2013 budget request? >> yes, sir, i do. >> general kehler, you made reference to effective nuclear command and control network that needs improvement, i believe, in

your opening statement. are those efforts under way to modernize that command and control network? can you describe those efforts a little bit? >> yes, sir, i can. of course as you know the nuclear command and control system is composed of many, many parts. there are parts of the nuclear command and control system that are not survivable. there is, however, as part inher rent in the nuclear command and control systems a thin line that ultimately would be survivable under any conditions, so that we could always ensure that the president of the united states is connected to the nuclear forces. investments are under way in those critical capabilitcapabile capabilities that are part of the space architecture layer. of course dhs satellites, the first one is on orbit, the second will go to orbit in the next year, i don't have the

exact date. that will be the satellite-based survivable part of our thin line network, as we go forward. we have some issues with terminals and terminals lagging deployment of the satellites. that means we have to use older terminals we won't get the full capability of the satellites at first. we're working that program. we have some issues to make sure that our bomber connectivity is maintained. the air force program supports that. and so i am comfortable that we're going forward there to maintain the connectivity at the force end of this. we're also upgrading some of our other components to the network, ground-based parts of the network, et cetera. i believe i will always be a little uncomfortable about the network. i will tell you that i think there's more to be done. we are working that inside the department for future budget requests and in fact, we're under taking a fairly substantial review at this point

in time about the nuclear command and control system and how it does or doesn't support other issues as well. >> thank you, general. the 2010 nuclear posture you call out for studying additional reductions in nuclear weapons, do you think it is possible to further reduce our nuclear weapons s beyond the new start levels? >> mr. chairman i think there are opportunities to reduce further, but i think there are factors that bear on that ultimate outcome. and rather than get into those, and i don't think would be appropriate, i would simply say i do think there are tu opportunities here but recognizing there are factors that bear on this. i would also mention it is never our view that we start with numbers. we start with an assessment of the situation we find ourselves in, the strategy, our objectives, et cetera, and ultimately then you get to numbers.

>> thank you. general alexander, are you advocating for any additional legal authorities that are not included in the cybersecurity legislation that was proposed by the administration to congress or that's included in the lieberman-collins bill? >> no, chairman. >> industrial espionage campaign, i noted in my opening statement, and you made reference to it in your statement, particularly china's relentless industrial espionage campaign through cyberspace, i wonder, can you give us examples in open session of the technologies that have been stolen through penetration of major d.o.d. contractors and perhaps the department itself? and do you know whether or not, in fact, we have raised this

issue, particularly vice president biden, with the chinese? >> senator, i'm not aware on the last what vice president biden has shares with the chinese that discussion. but we are seeing a great deal of d.o.d.-related equipment stolen by the chinese. i can't go into the specifics here but we do see that from defense, industrial-based companies throughout. there are some very public ones, though, that give you a good idea of what's going on. the most recent one, i think, was the rsa exploits. rsa creates the two factor a authentication for things like paypal so when you order something and pay for it over the network the authentication is done by encryption systems that rsa creates. the exploiters took many of those certifications and

underlying software, which makes it almost impossible to ensure that what you're certifying or what someone else is certifying is in fact correct. now rsa acted quickly, and is replacing all of the certificates and has done that in priority order for the defense department and others. but when you think about it, the ability to do it against a company like rsa is such a high order capability, rsa being one of best, that if they can do it against rsa, that makes most of the other companies vulnerable. >> well, we took some action on the counterfeiting area in our defense authorization bill to try to stop that type of theft, particularly, again, by the chinese when it came to the supply of parts for our weapons systems. we -- i think it would be important for you to talk to vice president biden or his office so that you can see what

steps were taken to inform the chinese of our position on this. and we've now got to find ways -- and i think you're the perfect person to be a spokesman for this -- to stop their theft of other kinds of intellectual property through the use of cyber. and i wonder if you could give us some examples of -- give us some options. i think senator mccain also made reference to this. what are the options for us in terms of action for them or anyone else who is stealing our information, our enlech actual property to pay a price for this? >> well, i suppose using the rest of stratcom would be out, chairman. i think the first -- the first thing that strikes my mind, and i want to be clear on this

because the most important thing that we can do right now is make it more difficult for the chinese to do what they're doing. analogy i put on the table is, we have all of our money in our banks but the banks have the money out on tables in new york city at the park. and we're losing the money and we're wondering why, nobody's protecting or it's not well-protected. our intellectual property's not well-protected and we could do better protecting it. step unis take those steps to do that. i do think what the department is doing, you asked for authorities that would need legislation, i think those are in the legislation, and what the department is doing with the authorities we already have is maturing the standing rules of engagement that would allow us st stop some of the exploits going on. i think those are some of the things we can do, stop them in progress. as an example, we saw an

adversary trying to take about three giga the gu gigabytes from our contractors. the issue is now we had to work in human space to reach out to them to say they're trying to steal something you, you've got to stop it. there's got to be a better way to do that because that's like going at network speed, trying to send a regular mail letter to them that you're being attacked. so we've got to bring this up into the network age to get these responses out. so i would advocate, and i think the way we're going is, to, one, bill our defense and two have options that would stop it. beyond that, i think the president and secretary need options that would take it to the next step. these are not options that we would take but these are options that we would propose the administration. if they exceed certain limits, i think it is our responsibility jointly and with the co-coms to

say these are actions to take on stopping the act and here's what we propose to be done. i think our job would be to defend and protect astop some attack analogous to the missiles coming in and give the administration options to take it to the next step if they chose. those include cyber and other options available. i think the white house has put that forward in their cybersecurity thoughts. >> thank you. senator mccain? >> i want to thank the witnesses. i would ask general alexander, do you agree that secretary panetta and the fbi have said that cyberattacks may soon be the number one threats to the united states? >> absolutely, senator. >> and would you agree that a major threat to our national security come from outside the

united states? specifically, obviously, from unclassified information from china? >> absolutely. >> absolutely. so then what's the logic in providing the overall authority to the department of homeland security? anyone who has been through an airport, as i do regularly, as most of us do, have no confidence in the technological capabilities of the department of homeland security. in fact, as an example, nothing has changed as far as airport security is concerned since probably september 12th, 2011. so the major threat comes from overseas. what would be the logic, then in making the lead organization the department of homeland security? >> senator, i think the issue, if i could, i want to break this out into three areas to make sure my responses -- >> make it brief. i have additional questions.

>> yes, sir. i see three major things. we want dhs to take the lead on resilience and working with civilian agencies in critical infrastructure. we want d.o.d. to take the lead on defending the nation under cyberattack, fbi under law enforcement, and intelligence. and i think all three of us are need to work together as a joint team to move this forward. if we don't work as a team, then the nation suffers. so inside the united states, that's where i think dhs has the lead. they don't in terms of the foreign and the things coming in, that's where you'd want us to have the lead. >> how many people are under your command? >> in cybercommand, counting our service components, a little under 13,000. >> so we now have 13,000 in cybercommand recently formed up, so now we need other agencies. why shouldn't the responsibility lay with -- lie with cybercommand? >> senator, i do think the responsibility for defending the

nation against attack lies within cybercommand out. i think the lead for working with critical infrastructure and helping them defend and prepare their networks should lie with dhs. >> that's a curious logic, general. in fact, most curious. so really, all we formed up cybercommand for was to worry about external threats? is that what you're saying? >> i -- >> so if department of homeland security should take the lead of anything that happens in the united states from outside, but you are still there with your 13,000 people? >> not quite that way. probably i'm not clear enough on this. in terms of dhs' role and responsibility it's working with critical infrastructure and other government agencies on developing the standards in the protocols of how they build their networks and to be the

public interface. i think that's the role that we want them to do, and their people reach out with critical infrastructure and make sure those government systems are adequately developed. if they're attacked, no matter where that comes from, now i think the president has options of what he can do. we are one of those sets of options and if chosen, we are prepared to do that. more importantly, where those people really come in is in our offensive capabilities. you asked that earlier. so the offensive capabilities would be to support the other combatant commands in their plans and capabilities. the bulk of our people -- >> so your job is to support other commands with their offensive capability? general, one of the conclusions of the 9/11 commission was there's too much stove piping in our intelligence community. you're describing stove piping to me at its ultimate. >> well, that's not the intent. if i could go one point further,

the bulk of our forces are folks that operate and defend the d.o.d. networks. that's where we are today. the bulk of them are operating and defepnding our networks. think about what the army, navy and air force do in operating and defending the networks, that's the first mission that u.s. cybercommand was given. we are developing the second parts of that. but i would point out when you say stove pipe, senator i do not agree with that because this is an integrated network. it is one network trying to work everything together. so it is just the option of a stove pipe. >> it's interesting that michael mcconnell, at george washington university, former director of national intelligence said current u.s. cyberdefenses are work and the bills on capitol hill are insufficient. the former director of national intelligence has a significant disagreement with your assessment.

so, according to a reason article in "the washington post," the white house blocked draft legislation that would have given nsa or any government entity the authority to monitor private sector networks for computer viruss are operate active defenses to block them. the nsa supported the authority but the white house did not according to administration official blocking of the draft caused some consternation because nsa want to get that authority. there are some who propose that nsa should be able to detect but not read the cyberattack information. do you agree or disagree with that? >> i disagree. i think the approach that we have put on the table is the appropriate one, which is we give that to industry, they can look at that and when they see that, tell us. i think that's the first right step, senator. i think if we go too far it

sends the wrong message. i think we can take this journey and learn as we go on it. >> so you believe that d.o.d., general cartwright said that -- stated the former vice president of the joint chiefs of staff said d.o.d. is spending 90% of its time playing defense against cyberattacks and 10% playing offen offense, and that department should invert the defense/offense ratio to signify that a cyberattack on the united states will have negative consequences. and your answer, as i understand it is, well, we'll act in some -- in some way or fashion. perhaps you can be a little more specific how we can regain, how can we can gain the offense here. >> i agree with his statements and i'd like to characterize it if my word if i could, senator, in that more than 90% of our force was developed -- all of our force in cyber as we started was on the defense and operate.

we didn't have an offensive capability. what we're looking at how do we grow that cape ibilty. if you think about what we have within our fleets, air wings and brigades is the operate and defend cape ibilties. the offensive capabilities primary lies in exploitation capabilities of nsa and others. we're developing those. i agree we need to develop those more and faster, and we're working on that with the services and that's part of our growth plan. i think in terms of this, senator, i don't want to give you the impression that i don't believe we should defend the united states. i do. but i do think we can do that in a way that works with industry without having us in the middle of the network read. they share the information with us and i think that's the right, first step to take. >> according to industry does not need additional regulations. they need ability to share information, which is our proposal, rather than additional new government regulation implemented by probably the most

inefficient bureaucracy that i have ever encountered in my number of years here as a member of congress, the department of homeland security. wasted $887 million on a virtual fence on the arizona/mexico border, has made not a single technological advance as far as airport security is concerned to ease passengers' transit from one place to another, and has shown an incredible ability to illustrate inefficiency at its best. i thank you, mr. chairman. >> thank you, senator mccain. senator lieberman? >> thanks, mr. chairman. thanks to both of you. my friend from arizona. i have a disagreement. i want to come to the defense of the department of homeland security. the fact is that we haven't had a major terrorist attack on the u.s. since 9/11 and you have to give the leadership, bipartisan, over two administrations, and the thousands of people who work

at dhs, some credit for that. secondly, in terms of the stove piping, i think a better analogy here, and it's not a perfect one, it's to compare the relationship between the cia and the fbi to the relationship between cyber command, nsa and dhs. cia has authority outside of the united states of america. the fbi has authority -- this is -- speaking about terrorism, for instance or threats to the nation -- fbi has authority within the country. the problem before 9/11 is there they weren't stove piped, they weren't cooperating enough. in the same way nsa cybercommand, as you said, has the responsibility to protect america. it's a jewel. it's a national treasurer from attack along with many other, cyberattack, along with many other responses that you have. dhs has a domestic responsibility, a preventive

responsibility. and in that sense it's different unless expansive and fbi and the other case. the interesting thing that you've testified to, and i think senator mccain was inhering, is that you are building exactly the kind of cooperative relationship between nsa cybercommand, dhs, and the fbi that didn't exist before 9/11 and the fact is, senator mccain and i introduced an amendment to the national defense authorization act last december that codifies in law the working agreement between nsa and dhs. so i know -- incidentally, i would say this for the record -- i've talked to admiral mcconnell, a former dni, i've heard him speak in a public set, he thinks both bills are not strong enough. but if you ask him, do you prefer the secyber security actf

2012 which senator collins and i, or the security i.t., which my colleagues have put in, he couldn't be clearer. secure i.t. doesn't do it because it doesn't provide for defensive preparation by the private sector. look, i know private sector's lobbying against this. i think there's a terrible trap here. this is not just a question of regulation of business. this is a protection of our homela homeland. you've told us in response to senator mccain's question, general dempsey, secretary panetta, director muller, cyberattack is the main area of vulner ibilty we have today. shame on us if we look at this as business regulation. this is homeland security. and we have got to get together before too long and make this happen. i want to come to the particular difference between the two bills. there are two critical things that have to be done here, in my

opinion. there are many important things. one is an information sharing authorization section. the other is protection of most critical cyberinfrastructure, which is owned by the private sector, 90% of it financed, transportation, electricity, water, all of which is vul neverab neverabneve vulnerable attack by enemy. both bills have information sharing. the bill that senator colins and i have introduced as this provision for the department of homeland security to work with the private sector to require the most critical covered infrastructure, not every business, to take certain actions, to defend their network to defend our country. general alexander, i believe i heard you say, i just want to have you confirm it that you believe we need both of those authorities in government, that is, information sharing and a

system for protecting and better defending privately owned critical infrastructure, that is right? >> senator, that's correct. as you stated, that's the hard part, determining. how do you do that in a way not to burden industry? we have to set up some standards. we use the gold standard. >> right. >> the gold standard is one that we thought provided our networks the best defensive posture. we give that out free. we put it on the nsa.gov, here's set of standards. i think, as we work with industry, the issue is how do you make sure they are as defensible as possible without being overburdened? >> correct. >> i think we have to set that up. it's like roads, like cars. >> exactly. this is not regulation actually. these are standards for what we're going to ask them to do to defend our country. and they're going to then figure out how to do it.

incidentally, business is worried about the bottom line. we've got to be worried about the security of the american people. incidentally, i take it that from what you said earlier, that the fear of a cyberattack against the united states, i mean a major cyberattack, is not theoretical but real in your mind, general alexander? >> that's correct, senator. >> and it literally could happen any day. i'm not predicting that it will, but right now, our privately owned cyberspace, infrastructure, as compared and distinguished from d.o.d.s, is vulnerable to attack, is that correct? >> that's correct, senator. in fact, if i could add, it is my opinion that every day the pr probability of an attack increases as more tool are on the network, the internet. >> right. it's very important for people to hear that. i want to relate the requirement

on the most critical covered infrastructure to take some defense everybody action to your description, which i thought was excellent what you mean when you say you want to see an enemy cyberattack coming. you've made very clear that you don't want nsa into our private cybersystems. but you need to have the private cybersystems be able to tell you when an enemy attack is coming, right. >> that's correct. >> so you can act. to me, that's probably the most significant gain that we will have from the department of homeland security and formed by you, setting these standards for defense for the privately owned cyberspace, which is, look, i hear so many stories about critical infrastructure operating systems, using defensive systems that are 15 years old without even basic detection capabilities.

i think one of most important things that's going to happen, as a result of the system we're talking about, is that the most critical infrastructure, not every business at home everybody but the most critical infrastructure, will have to develop within itself or hire some of the private companies that do this, the defensive systems that will let them know -- which i lot don't now -- when they're being attacked immediately get to you so you can spring into action to essentially counterattack, is that correct? >> that's correct, and under what conditions is what the administration and the department is looking at on the rule of engagement. so when we actually do that, those will become rules of engagement that we're working on. >> let me just ask, finally, is your relationship under the memorandum that we codified into law with the department of homeland security working well, as far as you're concerned? >> it is. it's growing. and i think the key thing,

secretary napolitano is wonderful to work with. she came out to nsa and cybercommand and had a chance to sit down with all of us. absolutely her heart is in right direction. she understands what we bring to the table. she leverages that, not only in the cybermission but across the board, and i think we're making the correct strides. when you add fbi's tremendous capabilities there that's the team the government wants and needs in place. reality is we can put all of our manpower internal and it won't solve the problem. we have to work together as a team. i do believe that's the best way to approach it. >> sorry. >> i was going to say, to answer your question, dhs has been good to work with. they are growing cape ibilties. will take time. we provide a lot of assistance to that and we think it's a good relationship. >> that's exactly what they tell me, good relationship and they're benefiting enormously from your extraordinary expertise. thanks, general. >> senator lieberman?

>> could i add a comment? >> make it brief. >> it will be very brief. it's about balances responsibilities. when you look at balancing responsibilities between the military, the intelligence community, law enforcement, and the department of homeland security, if we weren't talking about cyber we know how to do that, we understand what that balance looks like. we understand that when dhs needs military support, we have what we call defense support of civil authorities. we have ways we can provide support to them. the question is, what happens when you add cyberspace to this mixture and that's the balance that we're trying to make sure that we are striking. i think that's an important point for us, as we go forward. the bottom line here is, all of us working to improve the protection of our nation and national security. the second point that i would make, quickly, is that there are three things we have to do here. one is protect ourselves better, related to cyberspace, for the very reason that you mentioned. the second is we've got to

become more wry zil yent, recognizing we're not going to be perfect at protection or defense, particularly the military side. lastly we've got to do better at an offensive cape ibilty and balance that in a better fashion as we go forward. >> senator inhofe? >> thank you, mr. chairman. the first question i'm going to ask, i know the answer, but i'm going to have to ask it just to get it in the record. in yesterday's "wall street journal," they talked about the president obama's meeting with russian president medvedev yesterday, monday, when president obama said, and i assume he said this without knowing that the mike was on, that this needs to be on the record, and i ask the record reflect this accurately, quote, on all these issues but particularly missile defense, this, this can be solved but it's important for him incoming

russian president putin to give me space. this is my last election, after my election, i have more flexibility. unquote. so the question is, do either one of you want to comment? i didn't think so. second thing that i'd like to mention is that general alexander, first of all, thank you for making the trip that you made out. just real briefly, kind of tell me what you found out during your visit to tulsa university. >> thank you, senator. first, there's two things. i am really impressed with the way the american people, especially in tulsa, have come together to help fund that university and the young folks that go there. and from my perspective, one of the key things and i thould have thought about this earlier, in the information assurance area, coming up with better ways to defend networks. when you think that, that's what we're talking about on resilient

side. what the young people do they find problems in networks. they showed us some in the system and others that if we now made some slight changes, i think those changes and upgrades in the security of networks would make them more secure. what i found was tremendous young people doing great things. some of whom we've hired and we continue to hire from tulsa and other universities throughout the country that are doing programs like that in the information assurance area. >> thank you for going out. one of the things that we do have, that you probably witnessed, was the community support behind that program, behind the university. so anyway, it's a good program. general kehler, the -- just a minute here -- back during the

time that we're considering the bill a year ago, we were talking about the fact that president obama's weighing options for sharp new cuts in the nuclear arsenal un lat rlry that was an greer agreement with russia to bring it to down to 1550. it was a month ago it was reported president obama is weighing the option of sharp, new cut to a nuclear arsenal unilaterally, potentially up, and these are figures they used, 80% proposing three plans that could limit the number of as low as 300. now, it was in '08, i always remember, and i carry this with me, gates stated as long as others have nuclear weapons we must maintain some level of weapons ourselves to deter potential adversaries and reassure over two dozen -- that's about 30 -- allies and partner whose rely on our

nuclear umbrella for their security making it unnecessary for them to develop their own. now i would like to ask if you -- what kind of implication this would come up with in terms of our outlies, those 30 other countries that are defending our umbrella if we would voluntarily bring it down 80%? >> sir, i make a couple of points. first thing i would say is, as i said earlier, we don't start with numbers. we have been starting with strategy, objectives, national security objectives, et cetera. the study that you referred to is still ongoing. there are no conclusions have been reached yet and so it isn't appropriate for me to comment on the study. stratcom has been a full participant in the study and i believe that as i said earlier, there are opportunities here for additional reductions. but that's --

>> unilateral reductions? >> well, sir, all along here, going all the way back to the nuclear posture review, i think the viewpoint has been that it's best to do this with russia. the russian and the u.s. arsenal still really drive this conversation. so doing this with russia is certainly the previoused way forward. i think that the need to continue to deter and assure l allies remains. >> the point i'm getting the key word is unilateral and that's what concerns me. >> yes, sir. >> le let me quickly cover a couple of other things here. this general kehler, this was the triad that we -- i think it's about 2004, 2005 showing the cliff, you're somewhat familiar with that. now, i'm wondering if -- if we could get this updated, first of all, during the consideration of

the new start the president said i intend to modernize or replace the triad strategy, strategic nuclear delivery system, a heavy bomber, air launch cruise systems and nuclear powered ballistic missile submarine and slbm, and maintain the united states rocket loader industrial base. he goes on to elaborate on that. now, this statement was made after this chart. do you have an updated chart on this that would reflect what's happening today? >> sir, may i take that for the record and get the chart back to you? >> you may. it's very reasonable. last thing on that, something no one talks about but i've always been concerns and that is relating to the technical nuclear weapons. we made -- several of us on this side of the aisle and the other side of the aisle -- made an effort to include tactical nuclear weapons at the time that we were looking at the new s.t.a.r.t. program. and as it is right now, it's

about a 10-1 advantage of russia over ourselves. do you have any -- do you agree or disagree with plea that that should be a part of the plan? >> i agree it should be a part of the plan, yes, sir. >> all right. thank you very much, mr. charm. >> thank you, senator. senator nelson? >> thank you mr. chairman. thank to both of you for your service and for your kind remarks this morning. i appreciate that very much. general kehler, and general alexander, the comments today and all of the discussion for some periods of time has indicated the growing threat of cyberwarfare to the threat to the united states national security. as we engage in this discussion there is an ongoing restructuring of stratcom's headquarters with the new

headquarters. general kehler, can you give us some indication why an aging facility would not be an appropriate facility as we take on new responsibilities but particularly as it relates to the high-tech cybersituation? general alexander if you had some thoughts about that, it would be helpful, too. >> sir, the activities that go on at stratcom are unique activities. we perform those activities particularly the command and control that we have of our strategic forces, the planning that we do for our strategic forces, the intelligence support that's required behind our continuing need for strategic level deterrence and being able to command and control forces under high stress. all of those really come together at stratcom headquarters. the demand that today's systems place on that headquarters

building have far outpaced the ability of the building to keep up. not only do we have vulnerabilities because of the cyberconcerns that we've expresses earlier, but we have physical plant vulnerabilities there. you're well aware of some of the failures that we've had, catastrophic failures, in the building systems themselves that have threatened to take that one of a kind location and really make it inoperable for months. we barely averted that kind of a catastrophe a year ago in december with a flood, of all things, in the basement, a burst water line. and so as we looked at ways forward, given the unique nature of what we do, given the one of a kind responsibilities that are performed there and giving continued importance of all of that in our deterrence posture, the conclusion that the engineers reached was that you

could not modify the building, that basically what you needed to do was go and build a new command and control facility that houses all of the act tests that we're going to need to perform. that remains my assessment today, that we need to get moving on this. i think that it is proceeding well. i believe that we are headed toward contract aware. the corps of engineers has a responsibility in this regard and things seem to be moving forward, at least everything that i can be aware of, and much of this, of course, needs to be in the realm of the core and others. so from my perspective, senator, the bottom line is the recognition that we do something unique there, that it isn't about a brick and mortar building. it's about what goes on there in the computer systems, in the need for support systems, information technology, and the supporting networks that put all of that together so that we are

prepared to continue to perform this deterrence mission as far into the future as we can see. >> thank you. as you know, when it comes to the cmr replacement facility, nsa has deferred for five years construction of the chemistry, metallurgy, radiological or cmr replacement facility, es this delay in the cmr replacement facility a concern for you in not only meeting our responsibilities and obligations and commitments on the new s.t.a.r.t. treaty but in general keeping our arsenal current? >> senator it is a concern for me. i think of all of the items in the '13 budget, those items that would be associated with stratcom's portfolio of mission responsibilities fared generally pretty well. there were some delays arc justments, other things that

were made. i think we can manage risk across all of that. when i look specifically at the weapons complex, the ability of the complex to provide us the weapons that we need that have the appropriate life extensions provided, that give us the flexibility to manage the hedge and allow us to look at potential reductions as we go to the future in the stockpile, i think the thing that concerns me the most is our continued investment in the weapons complex. and so the issue with cmrr does concern me. i understand the '13 budget does provide for us to get moving in a number of areas. the secretary of energy and secretary of defense sent a letter to the congress that reminded them that we're not ready yet to lay out what happens in '14 and beyond. until we're ready to lay all of that out, i remain concerned. >> well, it could be appropriate to at least start the process as in the case of the stratcom headquarters which is going to be a phased-in funding over

several years, at least a start could be made on cmr in a similar fashion. otherwise, it looks like we've just put together bailing wire and maybe duct tape structure to get us through '13 budget-wise. >> senator, this is ultimately a do-out from the departments of energy and defense, and we owe you the alternatives. i don't have with me today because we don't have yet a set of viable alternatives that we can come and present. i do agree, though, with the main thrust here and that is i see no alternative as we look to the future aside from modernizing the complex. regardless of what happens, we have a fairly extensive backlog of weapons awaiting dismantlement that require the same kind of a modern complex to dismantle. so i think from both sides of

this equation, we need a modern weapons industrial complex that's highly unique and it is very specialized. we need that kind of a complex so that we have a safe, secure and effective deterrent. >> it's hard to draw an analogy other than to say that trying to put together something in a stopgap basis might get us through '13 but doesn't position us for what we might do years beyond, and particularly with an aging stockpile. >> senator, we owe you some answers, and the study to produce those is under way. >> thank you. >> general alexander, as you relate to the responsibilities with cyber, i think you made it very clear that there's a role for the d.o.d., a role for homeland security, a role for our law enforcement agencies, and continuing to find ways to

work together is a reduction of stovepiping that has been so predominant in the past. are you comfortable that the agencies that are all trying to work together understand that the important need not to stovepipe and to break down even with some comparable authorities that will go to different agencies, but to continue to work together on this important threat to our country and to our business which is also a threat to our country? >> senator, i do. >> thank you. thank you, gentlemen. thank you, mr. chairman. >> thank you very much, senator nelson. senator brown? >> thank you, mr. chairman. general, i was wondering, do you consider the global strike command a pretty valuable -- let me restate that question. i'm sorry. would you consider the air operations groups currently supporting the global strike command a valuable resource?

>> senator, yes, we sure do. >> and are they irreplaceable? are they such an integral part of what you're doing that really, if you didn't have them, we would be in trouble? >> the entire force, that global strike command brings to stratcom, in fact, that's one of our air force components, one of our major components, as a matter of fact, they bring us the entire dual capable bomber forcers the b-52s and b-2s. they also bring us the entire icbm force. they bring us an air operations center that allows us to manage all of our air activities in stratcom so what global strike brings and all of its subordinates are all very valuable to us. >> that actually provides real world time-sensitive planning support as well, correct? >> yes, sir. >> that's why, you know, when you're answering those questions like that, that's why i'm a little concerned with the otis air national guard base. i was there a couple months ago

and they have a great mission in their air operations group supports stratcom's global strike command by providing exactly what you've indicated, the irreplaceable realtime sensitive support, and yet i've heard that the air force wants to break up this very valuable, irreplaceable unit to save money. i was wondering if number one, you are aware of or were given the opportunity to comment on that proposal affecting that group and otis in particular. >> senator, if i could take that for the record, i would appreciate that. i don't know enough about the details about what's happened. >> it would be helpful. i agree with you, i agree with everything you just said in your opening response to my questions, that it is irreplaceable, it is valuable and i know what these folks do there. especially being on the eastern seaboard of the united states and covering all of eastern united states in some respects, i mean, the air guard in particular, and army guard as well and reserves, they give you

great value for the dollar. i'm deeply concerned that we're cutting off our nose to spite our faces in that we're trying to -- it's kind of like the air force is saying okay, i'm going to keep all my toys here and by the way, the guard and reserves, we'll take away what you have and really, i think i have not been yet convinced that these cuts represent either an acceptable level of risk or an efficient use of the money. so i would ask and i will get you the very specific questions for the record and i appreciate that. i was wondering, i know we're talking about cybersecurity. i know there's many proposals, we have one in government regs, administration, you and the military's working on a whole host of things. how are the rules of engagement actually working or being implemented or coming along with regard to the cybercommand operation? >> right now we're upgrading -- >> i meant that to you general alexander. thank you.

>> right now, we're updating, if you will -- the rules of engagement that the chairman has put out were dated in 2005. given where we are today, what the joint staff has taken on is to update those. right now, all our measures are internal to our networks, what d.o.d. is authorized to do. what we're looking at within d.o.d. and within the inner agency, what are the next steps that we should have and how do we take those steps. i think over the next month or two, the joint staff will complete those standing rules of engagement and then move those to the inner agency and share those. >> what role do you see, what segments of the private sector should fall under d.o.d.'s responsibility, if any? >> well, i think this is where the discussion comes in. first -- >> let me just extend on that, if attacked, what entities would be considered an extension of u.s. government facilities? >> i think those are decisions

that you in the bills and the administration would make on when we actually implement response options or response options to support or to defend against an attack. that's the first step. so let me start with technically, what we're doing, i think the first part of that, senator, is to have the information sharing, to know that an attack is going on. we discussed that a little bit previously. that is the ability for industry to tell us that something is happening, and that either fbi if it's domestic, dhs or if it's foreign, that fbi and its cybercommand in nsa would respond to. the issue and i think what we're going to walk our way through candidly is we've got to start some place. i think putting out where we are on the information sharing and having industry take the lead with dhs on providing us the insights of what's going on is the first right step. i think that's the best step that we can take. more importantly, i think we need to take that step.

what we can't do is wait. and i think your question and where you're going on this is absolutely right. we've got to take -- we've got to take measures now. i think those are absolutely important, because my concern and the statements that go to that is that if somebody is attacked, the way we find out about it today is after the fact. you can't stop it then. now you're in the forensics mode. so i think what everybody agrees is so we've got to get to a point where industry can tell us when something is going on so that we can help prevent it. then the options come up to what -- so what industry is included in that and those are parts of the bills that i know that you're all considering. >> you know, that's great, but tell you what, we don't have all the answers. i can tell you that first-hand. what i'm concerned about is that we create a bill that has so much red tape and so much overlap and duplication that it kind of -- you can't get out of your own way. so i would ask for your recommendations and guidance as well to be part of the process

and let us know what your thoughts are and where you feel the weaknesses or strengths lie so we can expand or detract from that, and i am deeply concerned. i think you're right, i know you're right in the fact that we're always reacting instead of being proactive and when the attack happens we find out about it after, after our technology and intellectual property and military secrets and plans are stolen. and that's deeply concerning to me. i'm wondering, as the technology continues to advance with potential cyberattacks are capable, as you know, and i think have referenced, executed at increasing speeds, do you have enough leg room from the authorization standpoint to act at the earliest possible opportunity to defeat a cyberattack before it's launched? do you have enough flexibility, do you think? >> those are some of the issues that are being considered in the rules of engagement. so i won't know until we're complete with that.

we are pushing for what we think we need and i think what the chairman and joint staff and osd will do is say okay, what makes sense. being extremely candid on this, it really comes down to so what are those actions that make the sense that we can do defensivdey analogous to the missile shoot-down. if you were to go after a computer in foreign space or some other thing, that might be a response option that would now take i think the president and the secretary to step in and start making decisions versus taking that on. i think that's probably where we'll end up and that makes a lot of sense from my perspective. >> first, thank you very much both of you. this is an issue that deeply concerns me and many other members of the committee. i will be submitting some questions for the record just -- or maybe we can speak offline. i don't want to have you reinvent the wheel, just some areas i think i need a better

understanding of. thank you very much. >> thank you, senator brown. senator hagan? >> thank you, mr. chairman. thank you both for your testimony today and certainly for your service to our country. thank you. general alexander, the administration believes that it's crucial for critical infrastructure companies to carefully diagnose their cyber-vulnerabilities and the risks posed to the american people should these vulnerabilities be exploited and to take steps to eliminate these vulnerabilities. the administration has proposed legislation to ensure that industry stands up to these responsibilities as a matter of national security. the administration's also seeking to extend the signature based defense that the nsa and u.s. cybercommand have developed for d.o.d. critical infrastructure. since the administration seeking to implement both approaches, the implication is that neither one alone is seen as sufficient to meet the threat.

others, however, take the position that information sharing in conjunction with the national security agencies defensive solution would be enough, that it's not necessary to require critical infrastructure companies to build up their own defenses. do you believe that nsa's signature-based defense deployed recently in the defense industrial base pilot program can defend our nation's critical infrastructure against nation state cyberthreats or do you believe that the critical infrastructure companies also need to close their vulnerabilities? >> senator, first, i think it's the latter. we need both. but i'd like to take it one step further because i don't think what we're talking about is having nsa deploy capabilities out there. rather, what we're talking about is nsa providing technical capability to others to run so we don't want, nor do we want to run stuff within -- i want to make that part clear. it's not us putting stuff out

there for us to operate. what we're really saying is industry has a bunch of signatures that can detect foreign actors that are coming against them. government has some of those. nsa, dhs, fbi. all of us need to work together to provide the best set of signatures to protect that critical infrastructure. industry can actually operate that and tell us when that occurs. i also think that you need to set a set of standards for how those systems are operated to give you the best and i'll call that, the general mentioned it, it's in there, resilience. we need resilience in those networks to ensure they can operate and be defensible while we're trying to defend the country outside. does that make sense? >> um-hum. you know, just last friday, i read about it yesterday, microsoft was accompanied by u.s. marshals and they raided office buildings in pennsylvania and in illinois to disrupt a group of computers, a botnet that was harvesting bank accounts, passwords and other personal information from

millions of computers, and microsoft's actions show what's possible and some say is certainly necessary now to stop cybercrimes. what are your thoughts on these actions, just taken recently, and should they serve as a model for other private industries and is there a take-away for the department of defense on this recent raid? >> senator, i think it shows how we can work together, industry and government, to do what's right here and by bringing both of those together, we're better off for it. i think what we've got to do is we've got to come up with that solution in this area, too, and i know both bills are looking at that. i think that information sharing is critical. >> thank you. general alexander, it's often argued that terrorist groups and rogue nations such as north korea, for example, do not yet possess the sophisticated and extensive cybercapabilities to effectively cripple our nation's

critical infrastructure. for example, general cartwright, former chairman of the joint chiefs, has publicly expressed doubt that this class of actors could carry out such attacks today, however, we are aware of what's described as a thriving international black market, where it's possible to buy or to rent cyberattack tools in large scale supporting infrastructure such as thousands or even millions of compromised computers that are deemed to be effective against almost any type of network or information system. this black market has developed to support the vast cybercriminal activities that have been estimated by some to now yield more revenue than the global legal narcotics trade. this criminal money then obviously fuels research and development of modern and up-to-date cyberattack tools. could this black market or rogue nations -- sorry, could this black market and cyberattack tools and infrastructure now or

in the future enable terrorists or rogue nations to acquire ready-made capabilities to inflict significant damage on the u.s. economy and our critical infrastructure? are you worried about that? >> senator, that's my greatest worry. i would go beyond that group. i think the proliferation of cyberweapons, if you will, grows, that we cannot discount the actions that one smart person can do. from my perspective, when we see what our folks are capable of doing, we need to look back and say there are other smart people out there that can do things to this country. we need to look at that and say how are we going to defend. from my opinion, that could go from as you described accurately, and i agree with that, could be non-nation state actors all the way up to nation state actors like north korea. i wouldn't discount any of them. we have to be prepared for all of them. only one of them could do

tremendous damage to this country. >> thank you. last july, general cartwright also speaking as the vice-chairman noted the challenges of recapitalizing all three legs of the triad with constrained resources. general keller, you have raised a similar point, that we are not going to be able to go forward with weapons systems that cost what weapons system currently are costing today. in the search for a solution to these challenges, options seem to take the form of delaying the current programs or reducing the size of the planned programs. what are your thoughts on the pluses and minuses of each of these options? >> senator, first of all, i continue to support the need for a balanced triad of strategic deterrent forces. i think the triad has served us well. i think it continues to serve us well. i think that as we look to the future, there are attributes that are spread across the triad that continue to make sense for our national security.

having said that, i am concerned about the costs and so i think there are a couple of things that we need to keep in mind. we need to phase these programs appropriately. we need to make sure that we have matched the investment with the needs. we need to control costs. i think there are a number of programatic steps to take as we go forward. when i look at the ohio replacement program, i know that we are making decisions here today that will be with us for decades to come. the ohio replacement program as far as we can see into the future, we believe that we see the strategic need for and the strategic value of a submarine based part of our deterrent so moving forward with that, even though we've had to delay the program some, is going to be important. that's also important with our allies, the brits. it's important we have a dual capable long-range bomber. it needs to be nuclear capable but it won't just be used for

nuclear purposes and if we do our deterence job right it will never be used for that purpose. it may very likely be used to employ conventional weapons which is what b-52s and b-2s and b-1s have done. the final -- and that program is under way. i think controlling cost is going to be a big issue in both of those programs. the next question then becomes the future icbm. we have begun an analysis of alternatives to look at what shape, form that might take. and then as we go to the future, i think we will get to a number of decision points on all of these systems that will allow the future environment to shape what the ultimate force outcome becomes. >> my time is up. thank you, both of you. thank you. >> thank you, senator. senator ayott? >> thank you, mr. chairman. thank you, general alexander and thank you, general kehler for being here today and for your service.

general kehler, the senate support for the new s.t.a.r.t. treaty was tied to modernization of the united states nuclear complex and strategic delivery system, and specifically during the senate confirmation, the president committed to modernization in what became known as the 1251 plan that was incorporated in the 2010 ndaa, isn't that right? >> senator, yes. >> okay. and if you look at that commitment in the 1251 plan, there was an initial plan submitted in may of 2010, and then a month before the ratification of the senate treaty, there was $4.1 billion added over five years to the plan. isn't that right? >> yes. you're talking about the d.o.d. -- >> yes. but that was specifically reflected a month before the ratification of the s.t.a.r.t. treaty put into the 1251 plan as

incorporated in the 2010 ndaa. >> senator, i think that's right. that's a little before my time but i think that's right. >> the reason that was done is because modernization was such an important issue to getting that treaty through the united states senate, because modernization is very, very important for our nuclear program, isn't that correct? >> yes, it is. >> okay. well, the 2013 budget request underfunds the commitment made that was expressly made in conjunction with the ratification of the s.t.a.r.t. treaty by over $4 billion over the next five years. isn't that the case? >> it is not -- it is lower than the level of the 1251 report. yes, it is. >> it's $4 billion lower. roughly. >> i think that's right. yes.

>> okay. which the president a month before ratification, to get the senate to sign on to the reductions in the s.t.a.r.t. treaty added $4 billion because we were so worried, i wasn't here at the time, but i know many of my colleagues were very worried about modernization of the program if we were going to make the reductions required by the s.t.a.r.t. treaty, and if the president is not following through, why didn't we include the $4 billion in the n elieveto the right five to

from what was required by the 2010 and what was require specifically contained within ad the 1251 plan. >> it's different than the 1251 >> fean, clearly. dif >> if my colleagues signed on to the treaty concerned about >> if ization with a commitment from themy administration of a certain level of resources, particularlyment from the administration of a certain level of resources, particularly this facility that we've talked about, the cmrr facility is critical, is it not, to modernization? >> yes, it is. >> so no doubt that we need it to modernize. >> in the long run, there is no doubt we need it. >> okay. and so when you were being questioned by senator nelson, you said you owe us questions -- i mean, you owe us answers to this. is that true? >> yes. >> i guess i would reframe it, i think what we need is a commitment from the administration to follow through

on what they promised in conjunction with the ratification of the s.t.a.r.t. treaty because without modernization of our nuclear deterrent, what are the concerns that you have if we don't modernize? >> well, i have a lot of concerns if we don't modernize. i think you have to look at this in terms of there are four pieces to this from my vantage point. piece number one is the delivery systems and i just mentioned that there are modernization plans in place for the delivery systems or there's a study under way to take a look at the icbm leg and what we might need as we go to the future. there's command and control, and the commitment to both of those. the real issue for me is the weapons end of this. and the weapons complex that supports those. in an era that we are in today without nuclear explosive package testing, where we don't do any yield testing, that puts

a strain on the industrial base in a way that i believe hasn't been strained in the past. it strains the science and engineering skills that we have to make sure that as we do life extensions, that we have the appropriate science basis and understanding to be able to do those extensions without nuclear testing. we have issues with aging. most of the problems with the weapons that we have today is that they're reaching the end of their lifetimes in various stages, and so being able to have life extension for those weapons is also very important. at the end of the day, if you have a more modern complex, we think that we probably can have a smaller stockpile, because the way we would hedge against failure would be different as we go to the future. >> but if we just reduce our stockpile and we don't modernize, aren't we taking on additional risk? >> i think that there are scenarios there where that can

be additional risk, yes. >> okay. i certainly would like to know why as reflected in the d.o.d. '13 budget the administration has not followed through on its commitment to modernization, because i think that was critical, as i understand it, toward many individuals around here, they were concerned about that in the debate over the s.t.a.r.t. treaty so it was a very important issue. that's why it was specifically incorporated and tied to the s.t.a.r.t. treaty in the 2010 ndaa. i would hope you would take that for the record and get back to us on that. >> we'll certainly do that. fully understand the concern, recognizing that nothing was immune when we went through the budget reduction to include the nuclear force. i believe that we balanced the investments in much of the portfolio. it doesn't look like the 1251 report but i think we balanced much of it. what concerns me the most i think is the industrial complex. >> okay. thank you very much.

i also wanted to follow up with a question about russia, which is as i understand it, historically, general kehler, why do the russians not want us to improve our missile defense system in europe and expand it? they have been very concerned about that. why is that? >> i could give you my understanding of where i think they are. they are very concerned at least in the informal context that i've had with some russian officials, they continue to say that they are concerned that our deployment of a missile defense system will tip the strategic balance in our favor, that it will render their offensive capabilities irrelevant. our contention is that's not at all true, and therein has been the conversation back and forth. >> so my time is up.

so when the president said that essentially, he had to be given space to the russians the other day, what he was really talking about is their concerns about us expanding or enhancing our missile defense system in europe, and and even on the continental u.s. it could be interpreted that way because the russians don't want us to do that. i'm really concerned about that statement that senator inhofe asked you about in the context of what it means in terms of what we would be conceding to the russians going forward in protecting the united states of america and our allies. so thank you very much for appearing today. appreciate it. >> thank you, senator. senator blumenthal? >> thank you, mr. chairman. thank you to you both for your service, your extraordinary service to our nation, in each of your commands and responsibilities and to the men and women who serve under you.

general kehler, if i could begin just briefly following up on a remark that you just made about the ohio class submarine which you have said is going to be of strategic vital importance as far as we can see into the future, i probably am paraphrasing you, not quoting you directly, but i agree completely, and i wonder if you could speak to the significance of the ohio class submarine replacement in terms of what its value is, how does it add value to our strategic force and why is it so important to continue building it without further delay, i should stress? >> senator, each of the elements of our nuclear deterrent force brings something unique to the mixture and the strength of the overall deterrent has always been in the sum of its parts.

so as we look at this today, and as we go to the future, the inherent survivability of the submarine based deterrent has been of great value to us. it continues to be of great value as we go forward at many levels, strategic stability is really built on survivability. the understanding that neither side possesses an overwhelming advantage to strike first, that even in the event of that kind of highly unlikely, the world is different today, and we understand that, but stability particularly in an unforeseen crisis as we look to the future, something that would arise that would put us in crisis with any of the nuclear contenders, having a survivable element of our strategic deterrent is extraordinarily valuable and we believe that that remains

valuable as we look to the future. you can get survivability a lot of ways. an airborne aircraft, pretty survivable platform. if it stands off or can penetrate or has stealth, there are lots of attributes there that get to survivability. but we have looked at our submarine force as providing the bulk of our survivable deterrent, in particular the day-to-day survivable deterrent. submarines that are at sea are survivable. the issue will be with ohio replacement is making sure it stays that way and making sure we can deploy a platform that has those attributes that is perhaps lower in cost to operate when it's fielded and we can guarantee as we look to the future, that it can stay a step ahead of any developing technologies that might threaten it. >> so you would say that the commitment of our military, our strategic planners, is undiluted when it comes to the ohio class replacement?

>> within the modernization efforts that we are undertaking in our strategic deterrent, this one and the long range strike bomber are both at the top of my list. by the way, we don't talk much about the need, but the need for a replacement tanker is equally important to strategic command and that's of course under way with the air force today as well. >> thank you. general alexander, i was struck by your testimony and extraordinarily insightful and helpful testimony about the wide ranging breadth of potential cyberthreats relating to industrial espionage and intellectual property theft as well as the potential infiltration of social media, and it reminded me of a separate

and perhaps unrelated but perhaps not aspect of problematic conduct involving social media that i have highlighted recently, which is the demands that employers have made for passwords, log-in information from prospective job applicants or from employees which enables them to invade the private communications, e-mails, g-chats, private accounts, of their employees and potentially people with whom their employees communicate, including potentially service men and women or loved ones or family or service men and women who are applying for jobs. i wonder if you could comment on the potential security threats apart from the invasions of privacy that may occur from the

demands for information from employees about their security accounts and also, what the needs are in terms of background checks on the part of your agency. >> i think there's, senator, this is a great question. i think first of all, asking for potential employees for their passwords and other things is odd, from my perspective, to say the minimum. i think the issue that i see in here is a couple things. is one, how do you secure those so that somebody else doesn't gain access to all of them. one of the senators had a great comment about the theft of bank records and what was going on. i think senator hagan about what she's seeing, what microsoft and the authorities are doing, if you make that easier, i am concerned about that. i'm not sure about the foreign threats to this as i am to what that means to the future.

i think cyberspace, we have some tremendous capabilities in cyberspace. we as a nation. the ipad, iphone, and i think our people should be -- feel free to use those and know that they're going to be protected in using them, both their civil liberties and privacy, and as a country. i think we can do both. i think we should push for both. this is a new area and you can see, you're hitting right on some of the key parts, when you look at how the companies are wrestling with this, too. how do you provide maximum benefit without intruding. i think that's going to be an issue that we're going to wrestle with for several years. >> and when it strikes you as odd, i assume that odd -- >> very well-chosen word. >> may be a euphemism for strange or unnecessary or invasive, unacceptable. >> senator, i'm not completely up to speed on all of it. i did read it so i don't know all the facts that go with it. my initial reaction was this

doesn't seem right. that's what i meant by odd. but i don't have all the facts. >> thank you. thank you, general. thank you for your great work on this issue. i hope you will give thought as well and i may ask you a question in writing about it, regarding the potential uses of the national guard cyberunits and how they can better assist you and the cost effectiveness of building those programs through our national guard. >> we are working with the national guard and there are a number of those. i'll start right with the maryland national guard, the delaware national guard, go out to washington. there are some great ones. i'm sure connecticut, too. i don't want to miss that. but i do think this is an opportunity where the national guard has some technical expertise as civilians working in this area, especially when you look at the high tech area. so this is something that we can leverage and we are working on that. >> thank you very much. >> thank you, mr. chairman. >> thank you, senator blumenthal.

senator collins? >> thank you, mr. chairman. general alexander, i very much appreciate the attempts you've made today to clarify the roles of the department of defense versus the department of homeland security versus the fbi when it comes to dealing with cybersecurity. as the discussion today has indicated, i believe there is a lot of confusion over who does what and who should do what, and as you correctly said, this has to be a team approach, and d.o.d., dhs and the fbi have different but complementary roles so what i would like to do, since based on some of the questioning i heard today, i think there's still a little bit

of confusion, is just take you through a series of questions in the hopes of clarifying who does what. first, let me say, do you agree that our critical infrastructure today is not as secure as it should be? >> senator, i do. >> and second, and related to that, several studies and experts have told us on the homeland security committee that critical infrastructure operators are not taking in some cases even the most basic measures such as regularly installing patches or software updates or changing passwords from default settings, and those are pretty basic and known

vulnerabilities. would you agree with that assessment? >> i think those are basic vulnerabilities. i would say -- i would add to that we see that in a number of cases in other areas as well. >> in addition to just critical infrastructure. the reason i'm focused on critical infrastructure is obviously if there's an attack on critical infrastructure, the consequences are so much greater than if there's an attack on one particular business, even though that, too, can have significant economic consequences and cause many problems. so third, my third question is to try to better define the roles. would you agree that the department of homeland security has the lead role in interacting

with the owners and operators of critical infrastructure to get them to strengthen their protections, harden their defenses up front as opposed to when an attack occurs? >> i do agree with that, senator. >> and the distinction that i'm trying to make is once there is an attack, that has significant consequences, d.o.d. would become the lead agency just as you would if we were attacked by missiles. is that an accurate assessment? >> that's correct. >> and there is where i think the confusion lies. it is the role of the department of homeland security under the current practice of this

administration and under the legislation that senator lieberman and i have authored to try to strengthen the defenses of our critical infrastructure, and in our legislation, and in a collaborative effort with industry which is absolutely critical that it be collaborative, the department with industry would develop risk-based performance standards. is that your understanding? >> that's my understanding, senator. >> and the reason for that is to ensure that the owners of critical infrastructure implement these risk-based performance standards but i would point out to my colleagues, this isn't some new bureaucracy as we've heard today. it would be a collaborative

effort and the owners and operators of the critical infrastructure would decide how to meet those standards. it would not be dictated by the department. is that your understanding? >> that's my understanding. senator, if i could, i think that's a key point because i think the concern that i hear that we all hear is just that key point. how do you do this in such a way that helps industry without i'll use the term overregulating and this is outside of my area of expertise, but how do you get them the standards and help them build a more resilient network, a more defensible network, if you will, that's the key to this. i do think that's the key issue that you're wrestling with, and i think that's where we can provide technical expertise to dhs and others, and i think that's where we've got to partner with industry and just as you said, i agree with the way that you've stated it. i think that is extremely

important, that bringing the industry folks together to help decide is what i get because they want to be a player in this, because you know, from their perspective, this is important as well. >> and in fact, we need the expertise of industry, of nsa, of dhs, of everybody working together, the results of the investigations from the fbi, because this is a huge problem, and it has consequences for our national security and our economic prosperity, and it is so critical that we work together to solve this problem, and i know that is what you're committing to doing and that's what you are doing. that is the one final point that i want to make today. nsa is already working with dhs,

for example, at the what's called the nkick, the 24 hour, seven day a week entity that has been set up. there's an exchange of personnel between dhs and nsa, is there not? >> there is. .. >> and under the bill that senator lieberman and i have introduced to try to get that essential visibility that you've emphasized is so important. we would require mandatory reporting in the event of an attack because this can't be discretionary if, in fact, there is a significant attack on critical infrastructure and critical infrastructure is defined as infrastructure, an attack upon which would cause

mass casualties, a severe economic impact or a serious degradation of our national security. so do you support requiring that mandatory reporting in such cases? >> i do, senator, and i think i would add as we discussed earlier that in order for us to help prevent it, it has to be in realtime. i think that's absolutely vital to the defense. >> and the reporting and information sharing under our bill is bidirectional as has become the latest phrase to be used in this. in other words, it's in both directions. even nsa, the capabilities of which are unparalleled, can learn from the private sector. i think you learned that in the dibbs study where there were some signatures that the private

sector had that nsa may not have had. is that accurate? >> that's accurate, and logical when you think about it. adversaries will do different things for different sectors of the government, will use different tools for different sectors of the government. that's one of the great things that we learned on it and how we've got to go forward on the defense industrial based pilot. >> thank you very much. thank you, mr. chairman. >> thank you, senator collins. senator udall? >> thank you, mr. chairman. good morning, gentlemen. thank you for being here. general alexander, let me turn to you first. i've been concerned as we all have for some years about the potential of cyberattacks on our electricity grid here in the united states and the potential effects that such attacks would have on critical missions, especially during an emergency or during periods of prolonged power outages. given the uptick of tensions in the persian gulf and the presence of our military in the region, i'm interested to know

about our potential vulnerabilities of our own military to cyberattacks in the gulf on that electrical infrastructure that our military depends on, and i'm thinking about this from the perspective of the u.s. military's reliance on fuel in the region, fuel that can't be produced without the electricity that runs oil extraction wells and refineries and that powers pumps for offloading fuel for storage and use. do we have an assessment of how dependent u.s. military in the gulf is on electricity infrastructure? do we have a backup plan if there were to be a prolonged grid outage and do we understand the constitution and vulnerability of the electricity grid in the persian gulf well enough to measure the effect on the oil production transportation system, especially but not limited to the oil refineries there? thank you for letting me direct that trio of questions at you. >> senator, i thought you were going to ask me if i got the new

ipad. i thought that's how we were going to start this out. so i did. i got the new ipad. it's wonderful. >> we're envious. >> that's a really good and complex question so let me expand it, if i could, not to make it harder, but so the underlying grids that are in the gulf states and other parts of the region, the military normally will have backup power for military operations, generator power and other things to operate all critical capabilities. so both from our computer networks and our operations, we have backup power for critical infrastructure. that is not the same for the flow of oil and electricity per se throughout the region. and i think the concern that we have, the concern that i think everyone shares here, is what you were driving at. note that this is one network, one global network with a lot of little pieces but all interconnected so you can be anywhere on the network.

my concern is not only in the gulf but here in the united states. so as we go forward in a crisis, no matter where it erupts, is that increasingly, the probability that cyber will be part of that crisis grows. we've got to be prepared for it. it will cover all the things that you mentioned, because those are the easier things to attack, and have some significant advantage for the adversary. >> so you're saying we've got more work to do here to understand the potential threat and to prepare for it. >> we do. and senator, i think we're looking at it both from how do we defend the d.o.d. networks, great progress there, with senator collins, we just talked about defending the critical infrastructure and support to our allies. i think all of those have to come -- have to be laid out and discussed. and it's growing. >> also, what i was saying, i think you agreed with, was the flow of oil on which the world's economy depends could also be

affected by something in this realm of cyberattacks, and we need to be prepared for that in addition. >> it could be, yes. i would not put that highest on the list. i would think the electricity and other. but you can see where it all depends on flow and things opening up. >> so systems in that part of the world are vulnerable and we're also dependent on them, the far reach of the u.s. or europe or the asian oil markets as well. thank you for that. obviously more attention needs to be paid to that. let me move to a question dealing with the computer network exploitation versus computer network attack. how do you exactly draw the line between those two and how does the government change legal authorities funding personnel and infrastructure when moving from cne to cna? >> cne, computer network exploitation, is largely done

under title 50. i say largely, not solely, but largely done under title 50. so that would go to the intelligence community and fall under the executive order 12333. while title 10 is normally where we would conduct computer network attack, you could also do it under covert action, and in times of crisis and war, our forward operating elements would operate computer network attack and exploit under title 10, and it would be done in conjunction with title 50. so the deconfliction would have to do. the good part about training our forces together and operating together is to be sure we deconflict those type of things and it flows back to the defense. same thing on the defense. i think that's why the good part about putting the defense operate with the exploit and attack puts it as one team, not two different teams which is what we largely had up until

2008. >> so you sound as if we're well prepared to deal with those differences. >> no. i think we're well prepared to state how, senator, we would deal with those. i think there's a lot that we have to do. that begins with grow the force and training. that's the most important thing i think we can do right now. i think the partnership with industry is critical, on learning and protecting critical infrastructure. i think those are the right steps to make. i think all of these are in motion. i'd just like to go faster. >> have we taken -- have we conducted, i say we, the united states government, your command, exercises to get at this cna, cne handoff if you will in relation to what just outlined? >> we did have a great exercise out in las vegas, outside las vegas. we actually never got to las vegas. let the record state that. >> ipad would have been handy in las vegas, by the way.

>> i think what we did learn is just some of the things you say. i can't go into all of that here. it was a tremendous exercise and i'll give air force credit for helping to set it up there. they did a wonderful job and we brought in all of our capabilities and our components, and some tremendous lessons learned. i think at a classified level, we could go into those and when you see that, you would say okay, so you're headed in the right direction and i think, senator, we are. >> i assume i will see you in a classified setting at some point in the near future and we can discuss this further. >> i think this afternoon, senator. >> yes. my time's about to expire. long term, you may want to take part of this for the record, how do you see the relationship between the nsa and cybercom evolving and changing? >> i think, senator, they are inextricably linked. i would put it as a platform. you do not want any more than we want dhs to recreate an nsa, we don't want cybercommand to recreate an nsa so we need these

two components of d.o.d. to work closely together. nsa's got the technical talent, got the access, got the capability. cybercommand will have the forces to deploy and the capability to leverage that platform and work with the intelligence side of nsa to further support the combat and command. so i think that relationship is growing, is headed in the right direction. i think that's one of the things that we have talked about and we both strongly agree is something that we've got to maintain. >> thank you for that. general kehler, i know my time's up. if you want to reply further for the record, i would certainly appreciate it. thank you for your service as well. >> thank you, mr. chairman. >> thank you, senator udall. senator chambliss? >> thanks, mr. chairman. gentlemen, thank you for your service. general alexander, i thank you particularly for your recent trip down to fort garden, where you gave a pat on the back and a morale boost to some of the smartest, hardest working, most

committed americans who are doing a great job of helping protect our great country and i thank you for doing that at nsa fort gordon. general alexander, cybercom, you said, had 13,000 employees. let me make sure i get this right in my mind. it's actually, you have 13,000 personnel under your direction. cybercom itself has, what, maybe 1,000 or so personnel? >> little under 1,000 authorized, about 900 some. that does not only cybercommand staff but also operates and directs the defense of the d.o.d. networks. but that's correct. what i counted in that other 12,000 is our cyber, army cybercommand, air force cybercommand. >> various forces. >> that's right. >> okay. i want to make sure i understood that.

nsa today does a pretty good job of intercepting and protecting the dot-gov, dot-mail networks. in fact, i heard you say you have the d.o.d. information systems are probed as many as a thousand times an hour, over six million times a day from criminals, terrorist organizations, including 100 foreign intelligence organizations, and even with that huge magnitude of hacks into the system, general, nsa has done a remarkable job of protecting that system. are you satisfied with where you are in that regard today? >> actually, i'm going to answer this twice and contradict myself. we're making progress and i think we're doing a good job on it but we're not where we need to be, senator. and there's two reasons i say that.

i do think we have the best defense right there, but it could be better and i think for the future for military command and control, it must be better. so i think the i.t. modernization that the defense department is looking at is a key part to even make it better. >> and the legislation that we are talking about whether it's the administration's or lieberman/collins, one and the same, or the alternative legislation, neither one of those really address that issue. this is work that you're doing protecting dot-gov and dot-mail, right? >> that is correct in part. if i could say the slight difference is the information sharing of those things that we do to protect our networks that go beyond what you would normally do for a civilian network are the things that we should be -- think should be included in the information sharing parts that both of those have. >> okay. i'll get to information sharing in just a minute. now, going one step further

there, nsa also monitors the defense industrial base and there have been numerous attempts and it may be within those numbers that i've heard you use before, hacks into the defense industrial base have happened and nsa does a good job of protecting those -- those scenarios where that has happened, you've been notified and you're able to respond to it. am i correct? >> not quite. there's a little -- an innuendo here that i think is extremely important. the internet service providers operate that. we provide them signatures, as do the other industry players and the internet service providers actually do the work. the reason that that's important is that i believe that's how we can scale in protecting other critical infrastructure in the mechanisms that homeland security and others are working

with so the key part, what we bring to the table and what fbi and others would bring is specific things that we see going on in in the network that may be sensitive or classified. so we bring that, but they actually operate it. we -- the part that we're able to work with the dib is to understand that they will protect and safeguard classified information. that's a key element of this approach. >> okay. my point being that, your relationship with the internet providers today allows that, the defense industrial base to have that protection. >> that's correct, and now it's been taken over by dhs. so they actually lead. they're the lead interface for the -- the now they've been doing it six weeks. we're at the table and provide technical support but they're actually the lead on that as well. >> okay. looking at another, what i would assume you consider critical infrastructure, our electric

grid. if the electric grid is hacked into today there is a mechanism in place developed by industry where if they see something unusual, then they notify nerc and they immediately go to u.s. cert and notifies them about it. homeland security and they're able to provide protection to the grid under voluntary standards that it industry put forth. am i correct? >> yes, but i think, senator, that's slightly different, if i could. because in those notifications you've gone out in realtime to now a, a part where actually we're in the forensics mode. they're telling you something occurred and by the time it gets to you, a cert. what u.s. cert could do not prevent it only help them understand it. >> okay. >> so i think the information sharing part of what you and others have proposed would take that to a more realtime capability or at least allow

that where they could say, i see x happening and the industry could tell the government that that is occurring so you could take it from the forensic side to the prevention side, which is, i believe, hugely important for the protection of the country. >> okay. and now coming back to what you just alluded to, and stated earlier that is on information sharing. this is really the key, as i understand it, from the standpoint of being able to provide blanket protection to virtually every segment of the economy and every industry that wants the protection out there that needs the protection. if they have the capability of sharing proprietary information with both the government as well as with other industries, like industries, then isn't that the crux of what it's going to take to be able to protect all of the industrial base from a cyber attack in the short run as well as in the long run?

>> not -- not actually. from my perspective, senator, the issue in this part really lies in two great capabilities. the one that we provide, i agree they want that -- they want to know what are the sensitive things that could attack them. industry brings together the symantecs and the mcafees, bring a wealth of knowledge to operate your not wsetwork. it's our assumption they would operate to a standard. if not operated to a standard what happens is, you have other ways of getting into the internet we are probably not looking at. we assume that the doors are locked. if they were not, somebody would get in. or if the window was open. we would be looking for other types of nation states threats

and assume what i'll call the stuff the anti-virus community generally sees and is working on today is taken care of. what that means, as you put all that on the table we all have to work together and share the information. we have to have some set of standards. that's where working with the industries, just as you said, how do you get to the that standard and how do you have the industry players work with the government and say, so what's the right way to approach it? as you may know, we had a meeting a few years ago with a number of the electric company whose asked just that question. how do we do this and who's going to tell us how to work it? that's the approach we have to take. help them get there in a way that's not burdensome but helpful. >> well, i think that part of both pieces of legislation is about the same with respect to getting voluntary participation versus mandatory. that's a little bit different, but the fact of getting the industry to set the standards is the key in getting the industry

to shart informatie the informa other piece of that that both legislation, piece of legislation is a critical part of it. my time is up. i wanted to say i didn't vote for the s.t.a.r.t. treaty. one reason i didn't i was apprehensive about the administration not being able to do what they said they would do on modernization. i thank you for your specific comment on that, that, about the fact that you're concerned about it, and that is a critical aspect of this that we look forward to working with you as we go forward. it's got to be done. thank you. >> thanks, mr. chairman. >> senator. >> thank you, senator chambliss. senator session. >> thank you, senator, chambliss, for that comment, and general great to be with you yesterday and talk about some of the issues that you just mentioned, because the understanding that senator kyl

had, senator chambliss, about the start and what kind of funding would be laid out for the next decade to modernize our nuclear weapons has not been funded. and the numbers, senator kyl, is deeply disappointed about that, and -- mr. chairman, i am troubled today about this little overheard conversation between the president and mr. medvedev where president obama said, of all of these things overheard conversations but particular missile defense, this can be solved but it's important for him to give me space and medvedev said, i understand. i understand your message about space, space for you. this is my last election. after my election i'll have more

flexibility. understand i'll transmit this information to vladimir. this is not a little matter. i'll tell you why it's not a little matter. we had a long debate over the missile defense. the left has never favored missile defense. president bush was preparing to place a system in poland out of the blue it was cancelled. the polls were de polls -- po disappointed, so were the czechs, and told, don't worry about it. we'll have another system. i thought they were changing the course of things and we were going to have that, something that wa not eve's on the drawing board then but we about to implant in poland a system which we've proven. the dmg system that we'd already placed in the united states. so i guess what i say to me, the

president, makes his assurances. we're going to implant a new system, albeit an sm-3 system to protect america, sure we cancel that one, but we're going to build this new one. but the russians object to the new one. they've objected steadfastly for no good reason that i can see, other than maybe domestic russian politics, or used leverage against the united states. and so now it looks like the president's saying, we're going to take care of those concerns, too. we're not going to build the new system. not going to place it there, because -- and now you have, after the election i'll take care of it, vladimir. but that's not what he told us the american people. what he told congress. he told the congress we were going to build this system. so i'm worried about it. i can read -- i know what the significance of this little conversation, and it concerns me. now, i'm also concerned that the policy of the defense department

of the united states, when it comes to the nuclear weapons you control, general keeler is that to modernize the aging nuclear weapons that we have. we insisted on that and it came up as a part of the new s.t.a.r.t. debate and the presidents sent a letter to us. but it is not occurring. the money is not there, so we are at a time of great danger. the defense budget is under great stress. we are looking to save money

wherever we can save money and it appears to me that the administration has, does not have the kind of rigorous intellectual support for missile defense, or nuclear weapons necessary to ensure that we keep this program on track. so with regard to that system, let me ask you a few questions. and if you have answered these, let me know because i was ranking member on another committee that i had to attend. tell me about the nuclear weapons that we have for the submarines, aircraft, and so forth and explain to me several of them were being delayed under the budget plan that you had. would you just tell us what the

budget has caused you to delay? >> senator first let me make a point that the stockpile and the deployed force that we have today, i am confident is safe, secure and effective. those are the three watchwords that we tend to use when we talk about this so today i believe that force can meet its objectives and it's safe, secure and effective the submarine weapon is not classified information. our life extension program is underway as we sit here today. i am very encouraged by that in the program seems to be moving forward successfully. what the budget rejection did was slow the delivery of those weapons.

all of these budget reductions in it perfect world we would say we would really wish we did have to do with budget reductions but the fact is they are there and it nuclear program is not immune. i believe they can manage that delay in the w. 76 because toward the end of the program we can manage this. i think that is manageable. the aircraft delivered weapons are also reaching a critical point in terms of their age. the b-61 and particular needs to go through life extension. the fy13 budget begins that life extension effort, although it will give us the first unit, what we call the first production unit, most likely in 2019 instead of 2017 which is what the 1251 report had suggested. i believe that is a manageable risk as well. >> how is that a political risk when you push things out?

you are assuming congress will act gradually and predictably in the future but the more things are pushed out and they are not done when you plan to do them, the greater the danger is that somehow they won't happen. but go ahead. >> in terms of operation a risk i believe we can manage operational risk on both of those. wewe are beginning a study to lk at the icbm and remaining submarine warheads to see whether or not we can get commonality out of those as we look to a future life extension program and we believe that there are some possibilities there. so, in terms of the weapons for the fiscal 12 budget we are executing now that you all a procreated for the fiscal 13 budget laying on the table i believe we can go forward with manageable operational risks. the issue is what happens beyond

13 and that is where the two secretaries of energy and defense have said that we do not have the complete plan in place for what happens beyond 13. that concerns me. when i look to the infrastructure, the industrial complex and as i mentioned earlier to another questioner, the very unique highly specialized industrial complex, the plan to upgrade the uranium processing facility remains in place. they plan to upgrade what we call cmrr or the chemical and metallurgical building that allows us to process plutonium is not in place. that has been slept fairly far to the right, five to seven years depending on which of the documents you look at. i am concerned about that. i'm concerned about our ability to provide for the deployed stockpile and that is my number one concern here.

so i have some concerns. we owe you answers. the two departments are working together to look at what alternatives might exist. we are participating in that review and as the customer if you will for all of this, at the deterrence end of this street, i will be concerned until someone presents a plan that we can look at and be comfortable with and understand that it is being supported. i'm not saying there isn't a way forward. i am hopeful that there is. we just don't have that yet and until we do as the customer, i am concerned and i will remain concerned until we go a little farther down the road. >> thank you. you are the customer. you are the person for whom these weapons are delivered and you need to share with us and i believe you have honestly both good the good and the bad news and i think it's up to congress

to make sure that out of all the money we spend on national defense, they make sure that we have sufficient funds to maintain a credible nuclear stockpile, so thank you. >> thank you senator session. senator shaheen. >> thank you mr. chairman and thank you gentlemen for being here this morning and for your service and hopefully i won't keep you too much past lunch. i wanted to start general taylor if i could was talking about new s.t.a.r.t. treaty implementation as you know, the treaty was an extremely difficult and contentious debate here in the senate and your predecessor, general chilton as well as seven of the last 10 voice their -- and getting it done but can you tell us a little bit about how the implementation of the treaty is progressing? >> senator, i can. there aren't number of segments

in the implementation of the new s.t.a.r.t. treaty that have to move forward together. the first segment is that we need to eliminate those launchers that count against the overall treaty limits and have not been in use for a very long time. for example we call them phantom simply because they count on the looks but they have been deactivated a very long time ago. a number of bombers, and d50 twos need to be dismantled. there are 100 icbm silos that have been empty now for a number of years and don't have any plans to go back to it that need to be eliminated as well. not converted from nuclear to nonnuclear but completely eliminated. these processes are underway. these wheels are turning and they are about to finish the environmental studies at

eliminate those silo so i'm comfortable with those pieces moving forward correctly. the second thing is we have to get ourselves down to the central limits of the treaty and that is 1550 deployed warheads, 750 deployed launchers and up to 800 deployed in non-deployed structures. in the meantime we have begun reconfiguration activities. we are removing all the icbms. that work is done it is going to continue and we are reconfiguring the numbers of warheads on submarines so we can get our warheads down to the cert limits so all of the steps

are underway, senator. i will tell you that we know there's a clock running care. it has to be absolute central limits not later than the fifth of february, 2013 and the goal we have set for herself as a year advanced in that so we have time. the icbm fields for example we know we'll have to make adjustments in the icbm force and we know we have to make adjustments in the submarine force. there is a lot of lead time. >> based on that you are comfortable that on the central limits that we will meet the deadline? >> yes, i am comfortable we are going to do that. >> and the russians are also meeting their requirements under the treaty as far as we know? >> they are. >> thank you. i want to switch now to the

refueling tankers, because general taylor, i know you have commented, one of the important support elements of long-range bombers is obviously a refueling capability. we have seen that where they have the 157 mission and i've had a chance to ride along on some of those planes. so i appreciate the skill and the importance of having that component. so can you talk very briefly about how critical it is for the air force to modernize that refueling capability and how important it is that we have the new kc 46a tanker for those long-range bomber operations? >> senator, one word that we can describe stratcom is mobile.

that word has been used for stratcom since the stack. we appreciate the value of what makes us a global command. in large part what makes us a global command is their ability to project power. in large part our ability to project power is based upon our tankers. it isn't the only thing that allows us to project power and by the way i think the big advantage the entire united states military has is our ability to project power which is why anti-access counter strategies against us or so concerning. in that mixture, i think there is probably, when i look at my friends in the air mobility command and our colleagues and u.s. transportation command, i think there is probably no more valuable military assets than we have, then our long-range aircraft that can move and give

this strategic mobility in the tankers that make it so. so when i look at important things or us in the future, a modern tanker fleet is irreplaceable and is crucial for our success. i think that the united states ability to project power relies on that as well. by the way it relies pretty extensively on space and cyberspace for us to be able to project power. all of these pieces go together and anymore it's almost impossible to say that one platform only exist in the air. they are connected by cyber. they are relied by -- relayed by space. they are truly global in nature and being able to move a lot of fuel to power projection forces is critically important. >> and i know it goes without saying that in addition to the equipment that is required for all of that, the skill of the

human talent that is required to do that is also critical. >> that is the most critical part. >> given that, one of the things that i have worked on in my civilian life before he came to the senate was the importance of education and obviously one of the things that we are struggling with both in the private sector now and the public sector, and i think it's particularly true in the defense arena, is making sure that we have the trained engineers, scientists, mathematicians and technicians that it is going to take for all of these jobs in the future. so could i ask maybe if both of you might comment on what your commitment is to making sure that we have the stem trained people that we are going to need for the future and whether there are any particular efforts that

you see that the military is involved in to help make that happen? >> senator, again, having people who are stem people, who have that set of skills, is irreplaceable for us. anything we can do to support the development of our young people in that regard we need to go do. i would say it this way. and all of our combatant commands, you can look and you can see who the warriors are. typically they are someone with a set of warfighting skills that you would recognize on television. they carry a rifle. they fly an airplane. in stratcom, and general alexander can speak to the cybercommand that across stratcom whether it is space or any of these other things it we that we do, the engineers very often are people with that kind of background. those are our warriors so it is

even more magnified i believe with stratcom because the value of the people that it may be in another in other places. >> senator i would just add, nsa is a program with over 100 plus universities and cyberrelated stuff. we do that in conjunction with the department of homeland security and now we go into cybercommand so that offers us a well. there are many others as you know, but i think the issue with science, technology engineering and math, this dumb program is critical for our country and we the military need more scientists and we need to start that in the fourth grade. the things that we have absolutely got to push. i have 14 grandchildren. maybe one could be a lawyer but the rest --

>> thank you for leaving us a little room here. >> i would go for a doctor i self. thank you. i think as you point out this is an area where the military and the civilian sector really need to work more closely than we have in the past. i think as we talk about what we need to do in our education system, think it's important to point out that this is a national security issue as well. thank you all very much. >> thank you senator shaheen. i happen to agree with senator shaheen about her efforts in the stem skills and this void -- despite i am a lawyer married to a lawyer with your comment about engineers. we need a heck heck of a lot more of them and i won't be negative about whether we need more lawyers. i will just be positive about needing more engineers. we are very grateful for your comments. the only think i would add probably general alexander is that you make repeated reference

to what we need to do in the area of the cyberin terms of working with industry and i obviously agree with that. in terms of meeting performance standards, they are going to work to try to come up with performance standards. i think it's important however to emphasize that even though they will be adopted, that they are going to have to be followed. deciding how to meet those standards but there will be standards. i don't think you should shy away from that. i think we are talking about national security here and this is not a question of pro-business or antibusiness. this is a question of the security of the united states we are talking about. we want to work with business but we can't allow business to take with the security of this country is by saying that they

oppose standards. instead we would hope that they would work with us on those standards and understand that there is plenty of flexibility in deciding how to meet those standards but not whether to meet those standards. are you with me so far? bim, senator and i agree. also the other piece and that is the information sharing piece. as you point out, you want them to get to the point where they can tell us about an attack, and the bills make it easy for them to tell us because i guess we are addressing some of the issues about proprietary information for instance so that they will be protected on that. but i think it's also clear, as your answers to senator collins made clear, that whether or not they share, and we are talking

here about the major infrastructure of this country, whether or not they share information with us is not a question of whether they agree to it or not. at some point with major infrastructure, there is going to be a requirement that they share information relative to attacks with us. we will protect them in terms of proprietary information but they have got to help protect the country by understanding that there should be, and i believe hopefully will be requirements that they share information of attacks on that major infrastructure with us. and i would just urge that you not be reluctant about talking about their obligation. only that they will get to the point where they will share but that there is a responsibility which needs to be placed upon

them and again talking here about major infrastructure and responsibility that will be placed upon them to share that information of major attacks with us. would you agree with that? the chairman, i do. >> okay, senator shaheen anything further? we thank you vote. it's been a very helpful morning and we will stand adjourned. >> i'm sorry, i saw you out of the corner of my eye and thought you were another senator. [inaudible conversations]

[inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations]

former senator ted stevens was convicted on ethics charges

as this they know what is going to happen but we don't know what's going to happen. we don't realize what is going to happen ourselves but they

sure do because the crowd is with us now. the momentum is behind us and they are pushing us. >> these stories and others from c-span's local content vehicle and little rock this weekend on c-span2 and three. >> the american university law school holds an annual celebration on freedom of information day. where legal scholars assess government transparency and the freedom of information act. they also give an annual award to an honoree who promotes government openness. this year they honor the codirector of the transactional records access house. this part of the event is an hour. >> good morning every one.

we see the sun trying to poke out from behind the clouds at the washington college american university. i am dan metcalfe of the collaboration on government secrecy government secrecy or cds for short, and i'm very pleased to be able to welcome both our auditorium audience and our viewers remotely, both on the washington college webcast and i understand c-span will be broadcasting us as well. this is freedom of information day, and i believe everyone here on site and many folks in our viewing audience know that is the day of the year that we celebrate openness in government, transparency, sunshine, call it what you will. that date is chosen and has been traditionally used because it's the birthday of james madison who is regarded as the founding

father of freedom of information. this is the fifth freedom of information day program that we have had here at the law school and is the 18th one of the collaboration of government secrecy has been able to hold in the last year and a half. i'm very pleased to say -- pardon me, the last four and a half years. i'm very pleased to say that we are continuing to hold these programs with great regularity and again this is the 18th and for those of you more mathematically inclined, that means that since her second program in january of 2008, we have now held 17 for exactly three per month, which is their record in which we are quite proud. we also celebrate international right to know day in september. our audience here knows what freedom of information dais but worldwide the international rice community knows that his on

september 8 -- 28 that we will be having our sixth annual celebration, this coming september 28. so that is something to look forward to. but today we continue our tradition here at the washington column of not only holding a program and we also have the tradition of presenting the robert vaughn boyd award. this is one that we now have presented, this is the fifth time and we are very pleased that we have an honoree who came in from out of town as a matter of fact, to receive the award. she is the first lady to receive that award of the four others who have received it thus for in the last four years, and we are

very pleased also that we have last year's award recipient, allen morrison, the associate dean at gw law school to make the presentation. we do things academy award style here. if you win best actor when you have to present the best actor the next year and the like and i'm very pleased that professor morrison has agreed to continue that tradition. professor morrison i will introduce you first. everyone should know that you are the founding director, together with ralph nader for the public citizen group which is fair to say over the decades has been that we just openness in government litigation group, and then he you retired in 2004, where you wednesday then teach at a number of law schools, stanford, nyu, harvard, georgetown, tulane, a university

in china and even here at the washington college of law. professor morrison has argued 20 cases before the supreme court including some particularly significant ones, and he was a well deserved recipient of this award last year. i'm sorry to say that professor from himself was unable to be with us this morning, but are besser morrison will present the award to professor long. we have all professors here, very insular i suppose and a small community is it not? and then professor long will be giving you the benefit of her long years of wisdom in this area, that is for sure. so, without anything further, we will try to stick to the time as best we can.

let me pass you over to professor allen morrison. >> thank you diana and welcome. i did not teach at all of those law schools in that short period of time in 2004. i'm fast, but not that fast. since we are celebrating foia day today, i made a resolution on filing at least one foia request to make it a perfect day. unfortunately i have a client who i need to have him sign some papers before he can file a request so it will be deemed to be filed today although it actually won't be filed today. dean is my favorite word i tell the students. it's the meaning of let's pretend as it didn't really happen but we will pretend that it did happen so when you see dean's and all of these opinions you know it's really not true but they are pretending it is for other reasons. there is an old saying that i am

from the irs and i'm here to help you. today we are going to turn that around a little bit. say today is i am sue long sue long and i'm here to help the irs, and the department of justice, and the fbi and the dea and just about everybody else in the government. she is merely here to help them. they haven't quite figured that out yet, that she is really there to help them but we all know that she is. of course, she is really there to help the american people understand what their government is all about, which is after all the purpose of the foia or indeed that is what everybody has always said it was. when most people think of foia, they think of it in terms of exciting revelations, scandals, abuses, abu ghraib, colintelpro, fraud, waste and abuse and those

are important because scandals and misuse of the government are always important to the american people. but they occupy a very small portion of what foia is all about and why we have open government, and they don't focus on why ordinary citizens should be concerned about what their government is doing and not doing on a regular basis. and that is where sue long and her late husband phil and her current sidekick who was unfortunately unable to be here today, david vernon, are doing for the american people. be truly appreciate the value of data, small bits of really important information. but they also realize that this data is meaningless unless it can be accumulated and put together in some sensible fashion. and they understood far before me and almost everybody else,

how important computers were going to be in figuring out what the government is doing and how important electronic records were in being able to take the information that was there, run it through a computer and come up with new ways of looking at information which nobody understood had any significance at all for the public before. so they understood the importance of computers and electronic data and the importance of combining the two of them together and to produce information that was interesting and important and it told us things about our government we could never figure out with that kind of combination. and of course it was available because those were not really secrets that were being hidden. it was just information that it was an inconvenient form and was useless unless somebody like sue long could figure out a way to put it together.

and that is what she and her colleagues have done. but of course, before there was all this data collection, there were the manuals she got out of the irs. these were really important because although they didn't have to work -- the word blog written on them they were all about the law and with the government thought the law was and what the government thought the law was not, there was never a reason because that is what we are supposed to know about our government. there was of course no basis and she prevailed at getting these manuals released. the one thing you have to say about the irs manuals is that they're really not very. can you imagine being a public relations person, irs enforcement