i, or the security i.t., which my colleagues have put in, he couldn't be clearer. secure i.t. doesn't do it because it doesn't provide for defensive preparation by the private sector. look, i know private sector's lobbying against this. i think there's a terrible trap here. this is not just a question of regulation of business. this is a protection of our homela homeland. you've told us in response to senator mccain's question, general dempsey, secretary panetta, director muller, cyberattack is the main area of vulner ibilty we have today. shame on us if we look at this as business regulation. this is homeland security. and we have got to get together before too long and make this happen. i want to come to the particular difference between the two bills. there are two critical things that have to be done here, in my opinion. there are many important things.

one is an information sharing authorization section. the other is protection of most critical cyberinfrastructure, which is owned by the private sector, 90% of it financed, transportation, electricity, water, all of which is vul neverab neverabneve vulnerable attack by enemy. both bills have information sharing. the bill that senator colins and i have introduced as this provision for the department of homeland security to work with the private sector to require the most critical covered infrastructure, not every business, to take certain actions, to defend their network to defend our country. general alexander, i believe i heard you say, i just want to have you confirm it that you believe we need both of those authorities in government, that is, information sharing and a system for protecting and better

defending privately owned critical infrastructure, that is right? >> senator, that's correct. as you stated, that's the hard part, determining. how do you do that in a way not to burden industry? we have to set up some standards. we use the gold standard. >> right. >> the gold standard is one that we thought provided our networks the best defensive posture. we give that out free. we put it on the nsa.gov, here's set of standards. i think, as we work with industry, the issue is how do you make sure they are as defensible as possible without being overburdened? >> correct. >> i think we have to set that up. it's like roads, like cars. >> exactly. this is not regulation actually. these are standards for what we're going to ask them to do to defend our country. and they're going to then figure out how to do it.

incidentally, business is worried about the bottom line. we've got to be worried about the security of the american people. incidentally, i take it that from what you said earlier, that the fear of a cyberattack against the united states, i mean a major cyberattack, is not theoretical but real in your mind, general alexander? >> that's correct, senator. >> and it literally could happen any day. i'm not predicting that it will, but right now, our privately owned cyberspace, infrastructure, as compared and distinguished from d.o.d.s, is vulnerable to attack, is that correct? >> that's correct, senator. in fact, if i could add, it is my opinion that every day the pr probability of an attack increases as more tool are on the network, the internet. >> right. it's very important for people to hear that. i want to relate the requirement

on the most critical covered infrastructure to take some defense everybody action to your description, which i thought was excellent what you mean when you say you want to see an enemy cyberattack coming. you've made very clear that you don't want nsa into our private cybersystems. but you need to have the private cybersystems be able to tell you when an enemy attack is coming, right. >> that's correct. >> so you can act. to me, that's probably the most significant gain that we will have from the department of homeland security and formed by you, setting these standards for defense for the privately owned cyberspace, which is, look, i hear so many stories about critical infrastructure operating systems, using defensive systems that are 15 years old without even basic detection capabilities. i think one of most important

things that's going to happen, as a result of the system we're talking about, is that the most critical infrastructure, not every business at home everybody but the most critical infrastructure, will have to develop within itself or hire some of the private companies that do this, the defensive systems that will let them know -- which i lot don't now -- when they're being attacked immediately get to you so you can spring into action to essentially counterattack, is that correct? >> that's correct, and under what conditions is what the administration and the department is looking at on the rule of engagement. so when we actually do that, those will become rules of engagement that we're working on. >> let me just ask, finally, is your relationship under the memorandum that we codified into law with the department of homeland security working well, as far as you're concerned? >> it is. it's growing. and i think the key thing, secretary napolitano is

wonderful to work with. she came out to nsa and cybercommand and had a chance to sit down with all of us. absolutely her heart is in right direction. she understands what we bring to the table. she leverages that, not only in the cybermission but across the board, and i think we're making the correct strides. when you add fbi's tremendous capabilities there that's the team the government wants and needs in place. reality is we can put all of our manpower internal and it won't solve the problem. we have to work together as a team. i do believe that's the best way to approach it. >> sorry. >> i was going to say, to answer your question, dhs has been good to work with. they are growing cape ibilties. will take time. we provide a lot of assistance to that and we think it's a good relationship. >> that's exactly what they tell me, good relationship and they're benefiting enormously from your extraordinary expertise. thanks, general. >> senator lieberman?

>> could i add a comment? >> make it brief. >> it will be very brief. it's about balances responsibilities. when you look at balancing responsibilities between the military, the intelligence community, law enforcement, and the department of homeland security, if we weren't talking about cyber we know how to do that, we understand what that balance looks like. we understand that when dhs needs military support, we have what we call defense support of civil authorities. we have ways we can provide support to them. the question is, what happens when you add cyberspace to this mixture and that's the balance that we're trying to make sure that we are striking. i think that's an important point for us, as we go forward. the bottom line here is, all of us working to improve the protection of our nation and national security. the second point that i would make, quickly, is that there are three things we have to do here. one is protect ourselves better, related to cyberspace, for the very reason that you mentioned. the second is we've got to become more wry zil yent,

recognizing we're not going to be perfect at protection or defense, particularly the military side. lastly we've got to do better at an offensive cape ibilty and balance that in a better fashion as we go forward. >> senator inhofe? >> thank you, mr. chairman. the first question i'm going to ask, i know the answer, but i'm going to have to ask it just to get it in the record. in yesterday's "wall street journal," they talked about the president obama's meeting with russian president medvedev yesterday, monday, when president obama said, and i assume he said this without knowing that the mike was on, that this needs to be on the record, and i ask the record reflect this accurately, quote, on all these issues but particularly missile defense, this, this can be solved but it's important for him incoming

russian president putin to give me space. this is my last election, after my election, i have more flexibility. unquote. so the question is, do either one of you want to comment? i didn't think so. second thing that i'd like to mention is that general alexander, first of all, thank you for making the trip that you made out. just real briefly, kind of tell me what you found out during your visit to tulsa university. >> thank you, senator. first, there's two things. i am really impressed with the way the american people, especially in tulsa, have come together to help fund that university folks that go there. and from my perspective, one of the key things and i thould have thought about this earlier, in the information assurance area, coming up with better ways to defend networks. when you think that, that's what we're talking about on resilient

side. what the young people do they find problems in networks. they showed us some in the system and others that if we now made some slightcnges, i think those changes and upgrades in the security of networks would make them more secure. what i found was tremendous young people doing great things. some of whom we've hired and we continue to hire from tulsa and other universities throughout the country that are doing programs like that in the information assurance area. >> thank you for going out. one of the things that we do have, that you probably witnessed, was the community support behind that program, behind the university. so anyway, it's a good program. general kehler, the -- just a minute here -- back during the

time that we're considering the bill a year ago, we were talking about the fact that president obama's weighing options for sharp new cuts in the nuclear arsenal un lat rlry that was an greer agreement with russia to bring it to down to 1550. it was a month ago it was reported president obama is weighing the option of sharp, new cut to a nuclear arsenal unilaterally, potentially up, and these are figures they used, 80% proposing three plans that could limit the number of as low as 300. now, it was in '08, i always remember, and i carry this with me, gates stated as long as others have nuclear weapons we must maintain some level of weapons ourselves to deter potential adversaries and reassure over two dozen -- that's about 30 -- allies and partner whose rely on our nuclear umbrella for their

security making it unnecessary for them to develop their own. now i would like to ask if you -- what kind of implication this would come up with in terms of our outlies, those 30 other countries that are defending our umbrella if we would voluntarily bring it down 80%? >> sir, i make a couple of points. first thing i would say is, as i said earlier, we don't start with numbers. we have been starting with strategy, objectives, national security objectives, et cetera. the study that you referred to is still ongoing. there are no conclusions have been reached yet and so it isn't appropriate for me to comment on the study. stratcom has been a full participant in the study and i believe that as i said earlier, there are opportunities here for additional reductions. but that's -- >> unilateral reductions?

>> well, sir, all along here, going all the way back to the nuclear posture review, i think the viewpoint has been that it's best to do this with russia. the russian and the u.s. arsenal still really drive this conversation. so doing this with russia is certainly the previoused way forward. i think that the need to continue to deter and assure l allies remains. >> the point i'm getting the key word is unilateral and that's what concerns me. >> yes, sir. >> le let me quickly cover a couple of other things here. this general kehler, this was the triad that we -- i think it's about 2004, 2005 showing the cliff, you're somewhat familiar with that. now, i'm wondering if -- if we could get this updated, first of all, during the consideration of

the new start the president said i intend to modernize or replace the triad strategy, strategic nuclear delivery system, a heavy bomber, air launch cruise systems and nuclear powered ballistic missile submarine and slbm, and maintain the united states rocket loader industrial base. he goes on to elaborate on that. now, this statement was made after this chart. do you have an updated chart on this that would reflect what's happening today? >> sir, may i take that for the record and get the chart back to you? >> you may. it's very reasonable. last thing on that, something no one talks about but i've always been concerns and that is relating to the technical nuclear weapons. we made -- several of us on this side of the aisle and the other side of the aisle -- made an effort to include tactical nuclear weapons at the time that we were looking at the new s.t.a.r.t. program. and as it is right now, it's about a 10-1 advantage of russia

over ourselves. do you have any -- do you agree or disagree with plea that that should be a part of the plan? >> i agree it should be a part of the plan, yes, sir. >> all right. thank you very much, mr. charm. >> thank you, senator. senator nelson? >> thank you mr. chairman. thank to both of you for your service and for your kind remarks this morning. i appreciate that very much. general kehler, and general alexander, the comments today and all of the discussion for some periods of time has indicated the growing threat of cyberwarfare to the threat to the united states national security. as we engage in this discussion there is an ongoing restructuring of stratcom's headquarters with the new headquarters. general kehler, can you give us

some indication why an aging facility would not be an appropriate facility as we take on new responsibilities but particularly as it relates to the high-tech cybersituation? general alexander if you had some thoughts about that, it would be helpful, too. >> sir, the activities that go on at stratcom are unique activities. we perform those activities particularly the command and control that we have of our strategic forces, the planning that we do for our strategic forces, the intelligence support that's required behind our continuing need for strategic level deterrence and being able to command and control forces under high stress. all of those really come together at stratcom headquarters. the demand that today's systems place on that headquarters building have far outpaced the

ability of the building to keep up. not only do we have vulnerabilities because of the cyberconcerns that we've expresses earlier, but we have physical plant vulnerabilities there. you're well aware of some of the failures that we've had, catastrophic failures, in the building systems themselves that have threatened to take that one of a kind location and really make it inoperable for months. we barely averted that kind of a catastrophe a year ago in december with a flood, of all things, in the basement, a burst water line. and so as we looked at ways forward, given the unique nature of what we do, given the one of a kind responsibilities that are performed there and giving continued importance of all of that in our deterrence posture, the conclusion that the engineers reached was that you

could not modify the building, that basically what you needed to do was go and build a new command and control facility that houses all of the act tests that we're going to need to perform. that remains my assessment today, that we need to get moving on this. i think that it is proceeding well. i believe that we are headed toward contract aware. the corps of engineers has a responsibility in this regard and things seem to be moving forward, at least everything that i can be aware of, and much of this, of course, needs to be in the realm of the core and others. so from my perspective, senator, the bottom line is the recognition that we do something unique there, that it isn't about a brick and mortar building. it's about what goes on there in the computer systems, in the need for support systems, information technology, and the supporting networks that put all of that together so that we are

prepared to continue to perform this deterrence mission as far into the future as we can see. >> thank you. as you know, when it comes to the cmr replacement facility, nsa has deferred for five years construction of the chemistry, metallurgy, radiological or cmr replacement facility, es this delay in the cmr replacement facility a concern for you in not only meeting our responsibilities and obligations and commitments on the new s.t.a.r.t. treaty but in general keeping our arsenal current? >> senator it is a concern for me. i think of all of the items in the '13 budget, those items that would be associated with stratcom's portfolio of mission responsibilities fared generally pretty well. there were some delays arc justments, other things that were made.

i think we can manage risk across all of that. when i look specifically at the weapons complex, the ability of the complex to provide us the weapons that we need that have the appropriate life extensions provided, that give us the flexibility to manage the hedge and allow us to look at potential reductions as we go to the future in the stockpile, i think the thing that concerns me the most is our continued investment in the weapons complex. and so the issue with cmrr does concern me. i understand the '13 budget does provide for us to get moving in a number of areas. the secretary of energy and secretary of defense sent a letter to the congress that reminded them that we're not ready yet to lay out what happens in '14 and beyond. until we're ready to lay all of that out, i remain concerned. >> well, it could be appropriate to at least start the process as in the case of the stratcom headquarters which is going to be a phased-in funding over

several years, at least a start could be made on cmr in a similar fashion. otherwise, it looks like we've just put together bailing wire and maybe duct tape structure to get us through '13 budget-wise. >> senator, this is ultimately a do-out from the departments of energy and defense, and we owe you the alternatives. i don't have with me today because we don't have yet a set of viable alternatives that we can come and present. i do agree, though, with the main thrust here and that is i see no alternative as we look to the future aside from modernizing the complex. regardless of what happens, we have a fairly extensive backlog of weapons awaiting dismantlement that require the same kind of a modern complex to dismantle. so i think from both sides equa

weapons industrial complex that's highly unique and it is very specialized. we need that kind of a complex so that we have a safe, secure and effective deterrent. >> it's hard to draw an analogy other than to say that trying to put together something in a stopgap basis might get us through '13 but doesn't position us for what we might do years beyond, and particularly with an aging stockpile. >> senator, we owe you some answers, and the study to produce those is under way. >> thank you. >> general alexander, as you relate to the responsibilities with cyber, i think you made it very clear that there's a role for the d.o.d., a role for homeland security, a role for our law enforcement agencies, and continuing to find ways to work together is a reduction of

stovepiping that has been so predominant in the past. are you comfortable that the agencies that are all trying to work together understand that the important need not to stovepipe and to break down even with some comparable authorities that will go to different agencies, but to continue to work together on this important threat to our country and to our business which is also a threat to our country? >> senator, i do. >> thank you. thank you, gentlemen. thank you, mr. chairman. >> thank you very much, senator nelson. senator brown? >> thank you, mr. chairman. general, i was wondering, do you consider the global strike command a pretty valuable -- let me restate that question. i'm sorry. would you consider the air operations groups currently supporting the global strike command a valuable resource?

>> senator, yes, we sure do. >> and are they irreplaceable? are they such an integral part of what you're doing that really, if you didn't have them, we would be in trouble? >> the entire force, that global strike command brings to stratcom, in fact, that's one of our air force components, one of our major components, as a matter of fact, they bring us the entire dual capable bomber forcers the b-52s and b-2s. they also bring us the entire icbm force. they bring us an air operations center that allows us to manage all of our air activities in stratcom so what global strike brings and all of its subordinates are all very valuable to us. >> that actually provides real world time-sensitive planning support as well, correct? >> yes, sir. >> that's why, you know, when you're answering those questions like that, that's why i'm a little concerned with the otis air national guard base. i was there a couple months ago and they have a great mission in

their air operations group supports stratcom's global strike command by providing exactly what you've indicated, the irreplaceable realtime sensitive support, and yet i've heard that the air force wants to break up this very valuable, irreplaceable unit to save money. i was wondering if number one, you are aware of or were given the opportunity to comment on that proposal affecting that group and otis in particular. >> senator, if i could take that for the record, i would appreciate that. i don't know enough about the details about what's happened. >> it would be helpful. i agree with you, i agree with everything you just said in you questions, that it is irreplaceable, it is valuable and i know what these folks do there. especially being on the eastern seaboard of the united states and covering all of eastern united states in some respects, i mean, the air guard in particular, and army guard as well and reserves, they give you

great value for the dollar. i'm deeply concerned that we're cutting off our nose to spite w to -- it's kind of like the air force is saying okay, i'm going to keep all my toys here and by the way, the guard and reserves, we'll take away what you have and really, i think i have not been yet convinced that these cuts represent either an acceptable level of risk or an efficient use of the money. so i would ask and i will get you the very specific questions for the record and i appreciate that. i was wondering, i know we'recy. i know there's many proposals, we have one in government regs, administration, you and the military's working on a whole host of things. how are the rules of engagement actually working or being implemented or coming along with regard to the cybercommand operation? >> right now we're upgrading -- >> i meant that to you general alexander. thank you.

>> right now, we're updating, if you will -- the rules of engagement that the chairman has put out were dated in 2005. given where we are today, what the joint staff has taken on is to update those. right now, all our measures are internal to our networks, what d.o.d. is authorized to do. what we're looking at within d.o.d. and within the inner agency, what are the next steps that we should have and how do we take those steps. i think over the next month or two, the joint staff will complete those standing rules of engagement and then move those to the inner agency and share those. >> what role do you see, what segments of the private sector should fall under d.o.d.'s responsibility, if any? >> well, i think this is where the discussion comes in. first -- >> let me just extend on that, if attacked, what entities would be considered an extension of u.s. government facilities? >> i think those are decisions that you in the bills and the

administration would make on when we actually implement response options or response options to support or to defend against an attack. that's the first step. so let me start with technically, what we're doing, i think the first part of that, senator, is to have the information sharing, to know that an attack is going on. we discussed that a little bit previously. that is the ability for industry to tell us that something is happening, and that either fbi if it's domestic, dhs or if it's foreign, that fbi and its cybercommand in nsa would respond to. the issue and i think what we're going to walk our way through candidly is we've got to start some place. i think putting out where we are on the information sharing and having industry take the lead with dhs on providing us the insights of what's going on is the first right step. i think that's the best step that we can take. more importantly, i think we need to take that step.

what we can't do is wait. and i think your question and where you're going on this is absolutely right. we've got to take -- we've got to take measures now. i think those are absolutely important, because my concern and the statements that go to that is that if somebody is attacked, the way we find out about it today is after the fact. you can't stop it then. now you're in the forensics mode. so i think what everybody agrees is so we've got to get to a point where industry can tell us when something is going on so that we can help prevent it. then the options come up to what -- so what industry is included in that and those are parts of the bills that i know that you're all considering. >> you know, that's great, but tell you what, we don't have all the answers. i can tell you that first-hand. what i'm concerned about is that we create a bill that has so much red tape and so much overlap and duplication that it kind of -- you can't get out of your own way. so i would ask for your recommendations and guidance as well to be part