if i understand the budget correctly, the building has been slipped to the right five to seven years, i believe was the number. >> would that not be a broken promise from what was required by the 2010 ndaa and what was specifically contained within the 1251 plan? >> it's certainly different than the 1251 plan, yes. clearly. >> well, if my colleagues signed on to the s.t.a.r.t. treaty concerned about modernization with a commitment from the administration of a certain level of resources, particularly this facility that we've talked about, the cmrr facility is critical, is it not, to modernization? >> yes, it is. >> so no doubt that we need it to modernize. >> in the long run, there is no doubt we need it. >> okay. and so when you were being questioned by senator nelson, you said you owe us questions -- i mean, you owe us answers to this. is that true? >> yes.

>> i guess i would reframe it. i think what we need is a commitment from the administration to follow through on what they promised in conjunction with the ratification of the s.t.a.r.t. treat treaty because without modernization of our nuclear deterrent, what are the concerns that you have if we don't modernize? >> well, i have a lot of concerns if we don't modernize. i think you have to look at this in terms of there are four pieces to this from my vantage point. piece number one is the delivery systems, and i just mentioned that there are modernization plans in place for the delivery systems or there's a study under way to take a look at the icbm leg and what we might need as we go to the future. there's command and control, and the commitment to both of those. the real issue for me is the weapons end of this and the weapons complex that supports those. in an era that we are in today

without nuclear explosive package testing, where we don't do any yield testing, that puts a strain on the industrial base in a way that i believe hasn't been strained in the past. it strains the science and engineering skills that we have to make sure that as we do life extensions, that we have the appropriate science basis and understanding to be able to do those extensions without nuclear testing. we have issues with aging. most of the problems with the weapons that we have today is that they're reaching the end of their lifetimes in various stages, and so being able to have life extension for those weapons is also very important. at the end of the day, if you have a more modern complex, we think that we probably can have a smaller stockpile, because the way we would hedge against

failure would be different as we go to the future. >> but if we just reduce our stockpile and we don't modernize, aren't we taking on additional risk? >> i think that there are scenarios there where that can be additional risk, yes. >> okay. i certainly would like to know why as reflected in the d.o.d. '13 budget the administration has not followed through on its commitment to modernization, because i think that was critical, as i understand it, toward many individuals around here. they were concerned about that in the debate over the s.t.a.r.t. treaty, so it was a very important issue, and that's why it was specifically incorporated and tied to the s.t.a.r.t. treaty in the 2010 ndaa. i would hope you would take that for the record and get back to us on that. >> we'll certainly do that. fully understand the concern, recognizing that nothing was immune when we went through the budget reduction to include the nuclear force. i believe that we balanced the investments in much of the

portfolio. it doesn't look like the 1251 report but i think we balanced much of it. what concerns me the most i think is the industrial complex. >> okay. thank you very much. i also wanted to follow up with a question about russia, which is as i understand it, historically, general kehler, why do the russians not want us to improve our missile defense system in europe and expand it? they have been very concerned about that. why is that? >> i could give you my understanding of where i think they are. they are very concerned, at least in the informal context that i've had with some russian officials, they continue to say that they are concerned that our deployment of a missile defense system will tip the strategic balance in our favor, that it will render their offensive capabilities irrelevant. our contention is that's not at

all true, and therein has been the conversation back and forth. >> so my time is up. so when the president said that essentially he had to be given space to the russians the other day, what he was really talking about is their concerns about us expanding or enhancing our missile defense system in europe, and i'm -- and even on the continental u.s. it could be interpreted that way because the russians don't want us to do that. i'm really concerned about that statement that senator inhofe asked you about in the context of what it means in terms of what we would be conceding to the russians going forward in protecting the united states of america and our allies. so thank you very much for appearing today. appreciate it. >> thank you, senator ayotte. senator blumenthal? >> thank you, mr. chairman. thank you to you both for your service, your extraordinary service to our nation, in each of your commands and

responsibilities and to the men and women who serve under you. general kehler, if i could begin just briefly following up on a remark that you just made about the ohio class submarine which you have said is going to be of strategic vital importance as far as we can see into the future, i probably am paraphrasing you, not quoting you directly, but i agree completely, and i wonder if you could speak to the significance of the ohio class submarine replacement in terms of what its value is, how does it add value to our strategic force and why is it so important to continue building it without further delay, i should stress? >> senator, each of the elements of our nuclear deterrent force brings something unique to the

mixture, and the strength of the overall deterrent has always been in the sum of its parts. so as we look at this today, and as we go to the future, the inherent survivability of the submarine-based deterrent has been of great value to us. it continues to be of great value as we go forward at many levels, strategic stability is really built on survivability. the understanding that neither side possesses an overwhelming advantage to strike first, that even in the event of that kind of highly unlikely, the world is different today, and we understand that, but stability particularly in an unforeseen crisis as we look to the future, something that would arise that would put us in crisis with any of the nuclear contenders, having a survivable element of

our strategic deterrent is extraordinarily valuable, and we believe that that remains valuable as we look to the future. you can get survivability a lot of ways. an airborne aircraft, pretty survivable platform. if it stands off or can penetrate or has stealth, there are lots of attributes there that get to survivability. but we have looked at our submarine force as providing the bulk of our survivable deterrent, in particular the day-to-day survivable deterrent. submarines that are at sea are inherently survivable. the issue will be with ohio replacement is making sure it stays that way and making sure that we can deploy a platform that has those attributes that is perhaps lower in cost to operate when it's fielded, and we can guarantee as we look to the future that it can stay a step ahead of any developing technologies that might threaten t.fs >> so you would say that the commitment of our military, our

defense department, our strategic planners, is undiluted when it comes to the ohio place replacement? >> within the modernization efforts that we are undertaking in our strategic deterrent, this one and the long-range strike bomber are both at the top of my list. by the way, we don't talk much about the need, but the need for a replacement tanker is equally important to strategic command, and that's, of course, under way with the air force today as well. >> thank you. general alexander, i was struck by your testimony and extraordinarily insightful and helpful testimony about the wide-ranging breadth of potential cyber threats relating to industrial espionage and intellectual property theft as well as the potential

infiltration of social media, and it reminded me of a separate and perhaps unrelated but perhaps not aspect of problematic conduct involving social media that i have highlighted recently, which is the demands that employers have made for passwords, log-in information from prospective job applicants or from employees which enables them to invade the private communications, e-mails, g-chats, private accounts, of their employees and potentially people with whom their employees communicate, including potentially service men and women or loved ones or family or service men and women who are applying for jobs. i wonder if you could comment on

the potential security threats apart from the invasions of privacy that may occur from the demands for information from employees about their security accounts and also what the needs are in terms of background checks on the part of your agency. >> i think there's, senator, this is a great question. i think, first of all, asking for potential employees for their passwords and other things is odd, from my perspective, to say at a minimum. i think the issue that i see in here is a couple things. is one, how do you secure those so that somebody else doesn't gain access to all of them. one of the senators had a great comment about the theft of bank records and what was going on. i think senator hagan about what she's seeing, what microsoft and the authorities are doing, if you make that easier, i am concerned about that.

i'm not sure about the foreign threats to this as i am to what that means to the future. i think cyberspace -- we have some tremendous cape abilities in saipe space, we as a nation. the ipad, iphone, and i think our people should be -- feel free to use those and know that they're going to be protected in using them, both their civil liberties and privacy, and as a country. i think we can do both. i think we should push for both. this is a new area and you can see. you're hitting right on some of the key parts when you look at how the companies are wrestling with this, too. how do you provide maximum benefit without intruding? i think that's going to be an issue that we're going to wrestle with for several years. >> and when it strikes you as odd, i assume that odd -- and it's a very well-chosen word -- may be a euphemism for strange or unnecessary or invasive, unacceptable. >> senator, i'm not completely up to speed on all of it.

i did read it so i don't know all the facts that go with it. my initial reaction was this doesn't seem right. that's what i meant by odd. but i don't have all the facts. >> thank you. thank you, general. thank you for your great work on this issue. i hope you will give thought as well, and i may ask you a question in writing about it, regarding the potential uses of the national guard cyber units and how they can better assist you and the cost effectiveness of building those programs through our national guard. >> we are working with the national guard, and there are a number of those. i'll start right with the maryland national guard, the delaware national guard, go out to washington. there are some great ones. i'm sure connecticut, too. i don't want to miss that. but i do think this is an opportunity where the national guard has some technical expertise as civilians working in this area, especially when

you look at the high tech area. so this is something that we can leverage and we are working on that. >> thank you very much. >> thank you, mr. chairman. >> thank you, senator blumenthal. senator collins? >> thank you, mr. chairman. general alexander, i very much appreciate the attempts you've made today to clarify the roles of the department of defense versus the department of homeland security versus the fbi when it comes to dealing with cyber security. as the discussion today has indicated, i believe there is a lot of confusion over who does what and who should do what, and as you correctly said, this has to be a team approach, and d.o.d., dhs and the fbi have different but complementary roles, so what i would like to

do, since based on some of the questioning i heard today, i think there's still a little bit of confusion, is just take you through a series of questions in the hopes of clarifying who does what. first, let me say, do you agree that our critical infrastructure today is not as secure as it should be? >> senator, i do. >> and second, and related to that, several studies and experts have told us on the homeland security committee that critical infrastructure operators are not taking in some cases even the most basic measures such as regularly installing patches or software updates or changing passwords

from default settings, and those are pretty basic and known vulnerabilities. would you agree with that assessment? >> i think those are basic vulnerabilities. i would say -- i would add to that we see that in a number of cases in other areas as well. >> in addition to just critical infrastructure. the reason i'm focused on critical infrastructure is obviously if there's an attack on critical infrastructure, the consequences are so much greater than if there's an attack on one particular business, even though that, too, can have significant economic consequences and cause many problems. so third, my third question is to try to better define the roles. would you agree that the department of homeland security

has the lead role in interacting with the owners and operators of critical infrastructure to get them to strengthen their protections, harden their defenses up front as opposed to when an attack occurs? >> i do agree with that, senator. >> and the distinction that i'm trying to make is once there is an attack that has significant consequences, d.o.d. would become the lead agency just as you would if we were attacked by missiles. is that an accurate assessment? >> that's correct. >> and there is where i think the confusion lies. it is the role of the department

of homeland security under the current practice of this administration and under the legislation that senator lieberman and i have authored to try to strengthen the defenses of our critical infrastructure, and in our legislation, and in a collaborative effort with industry which is absolutely critical that it be collaborative, the department with industry would develop risk-based performance standards. is that your understanding? >> that's my understanding, senator. >> and the reason for that is to ensure that the owners of critical infrastructure implement these risk-based performance standards, but i

would point out to my would point out to my colleagues this isn't some new bureaucracy as we've heard today. it would be a collaborative effort, and the owners and operators of the critical infrastructure would decide how to meet those standards. it would not be dictated by the department. is that your understanding? >> that's my understanding. senator, if i could, i think that's a key point because i think the concern that i hear, that we all hear is just that key point. how do you do this in such a way that helps industry without i'll use the term overregulating and this is outside of my area of expertise, but how do you get them the standards and help them build a more resilient network, a more defensible network, if you will? that's the key to this. i do think that's the key issue that you're wrestling with, and i think that's where we can provide technical expertise to dhs and others, and i think that's where we've got to

partner with industry and just as you said, i agree with the way that you've stated it. i think that is extremely that extremely important that bringing the industry folks together to help decide, is what i get, because they want to be a player in this. because this is from their perspective important as well. >> in fact we need the expertise of industry, of nsa, of dhs, of everybody working together, the results of the investigations from the fbi, because this is a huge problem and it has consequences for our national security, and our economic prosperity. and it is so critical that we work together to solve this problem, and that's what you committing to doing and that's what you are doing.

that is the one final point that i want to make today, nsa is all right working with dhs, for example, at what's called the end kick, which is the 24-hour, seven-day a week entity that has been set up. there is an exchange of personnel, between dhs and nsa, is there not? >> there is. >> under the bill that senator lieberman and i have introduced to try to get that essential visibility that you have emphasized is so important. we would require mandatory reporting in the event of an attack. because this can't be discretionary, if in fact there is a significant attack on critical infrastructure, and

critical infrastructure is defineded as infrastructure, an attack upon which would cause mass casualties, a severe economic impact or a serious degradation of our national security. so do you support requiring that mandatory reporting in such cases? >> i do, senator, and i think i would add that as we discussed earlier, that in order for us to help prevent it, it has to be in real time i think that's absolutely essential to the defense. >> and bidirectional has become the latest way to prefer to this. even nsa, the capabilities of which are unparalleled can learn from the private sector, i think

you learned that in the study that there were some signatures that the private sector had that nsa may not have had. is that accurate? >> that's accurate and logical when you think about it. adversaries will do different things for different sectors of the government, we use different tools for the different sectors of the government. >> thank you very much and thank you mr. chairman. >> thank you, senator collins. senator udall? >> good afternoon, ladies and gentlemen. thank you for being here. we have some concern about the potential of cyber attacks on our electricity grid here in the united states and the potential effects that it could have on a critical mission, especially

during an emergency in the case of prolonged power outages, given the uptick in violence in the middle east, i would like to know our own -- and i'm thinking about this from the perspective of the u.s. military's reliance on fuel in the region, fuel that can't be produced without the electricity that runs extraction wells and it powers pumps for all floating fuel and storage and use. do we have a sense of how independent the electricity infrastructure is? and do we understand the constitution and the vulnerability of the electricity grid in the persian gulf well enough to measure the effect on the oil production transportation system, especially, but not limited to the oil refineries there?

thank you for letting me direct that trio of questions at you. >> senator, i thought you were going to ask me if i got the new ipad. and i did, it's wonderful. >> we're envious. that's a really good and complex question, so let me expand it if i could, not to make it harder, so the underlying grids that are in the gulf states and other parts of the region, the military will normally have backup power generally and other things to operate our critical capabilities. both through our computer networks and for our operations we have backup power for our critical infrastructure. that is not the same for the flow of oil and electricity throughout the region. i think the concern we have and

what everyone shares is what you were driving at, is that this is one global network, my concern is not only in the gulf, but here in the united states. >> so as we go forward, increasingingly the cyberable we have -- >> all the things you mentioned because those are the easiest thing to attack, they have some advantage to theed a her vary. it works great there, with senator colins, we just talked about critical infrastructure. and support of our ail ties.

. in the world's economy is affected by something in this realm of cyberattacks. and we need to be prepared for that in addition. it could be. >> i it all depends on floe and sufficient. we're vulnerable and we're also dependent on them for the asian oil markets as well. more attention needs to be paid to that. let me move to the question dealing with the computer network exploitation versus computer network attack, how do you exactly draw the line between those two and how does the government change legal authorities, finding personnel

and infrastructure and moving from cne to cna. so that would go to the excellence community and fall under the executive order, 12333. while title ten is normally where we would conduct the computer network attack. you could also do it under foe investigator action. and in timines of war, it would be -- so the deacon flickations have to do. the good part about getting or portions operating together. it flows back to the defense, an that's why i think the good part of putting the defense -- puts it as two different teams, which

is what we actually had up until 20 -- in 2008. >> so you sound as if we're well prepared to deal with those differences? >> i think we're well prepared to state, how, senator, we would deal with that. and that's the most important thing that we can do right now. i think the partnership with industry is pretty good. i think those are the right steps to make. i think all of these are in motion, i would just like to go faster. >> have we conducted, i say we, the united states government some exercises to get out the ncac and the handoff if you will in relationship to what you just outlined? >> we did have a great exercise out in las vegas, nellis. outside of las vegas, we ac