encryption standards and technology vital to protecting our war fighting capabilities and ensuring that key data systems remain secure to our adversaries today and well into the future. the department support for the use of strong encryption goes well beyond it's obvious military value. for example, commercial encryption technology is not only essential to u.s. economic security and competitiveness, but the department depends upon our commercial partners and contractors to help protect national security systems. research and development data related to our weapons systems, classified in sensitive information and service members and department civilians personally identifiable information and health records. second, we are concerned about adversaries, particularly terrorist actors using technology innovation including encryption to do harm to

americans. the cyber security challenges confronting the department are compounded by the pace and scope of change, not only in the threat environment, but also in associated technologies. our adversaries are constantly searching, looking, and adopting new and widely available encryption capabilities with terrorist groups such as the islamic state of iraq and isil, leveraging such technology to recruit, plan, and conduct operations. our concern grows as some parts of the communication technology industry move towards encryption systems that providers themselves are incapable of unincrepting. even when served with lawful government to do so or law enforcement or national security needs. this presents a unique policy challenge, one that requires that we carefully review how we manage the trade-office inherent in protecting our values which

include vings privacy as well as our support to innovate and compete if the global economy. and also protecting our citizens from those who mean to do us grave harm. third, the department is working with other parts of the government and the private sector to seek appropriate solutions on these issues now. we need to strengthen our partnership with the private sector, finding ways to protect our systems against our adversaries, cyber attacks, and at the same time, finding innovative and broadly acceptable ways to address nefarious actors, adoption of new technologies. including encryption. even while we must carefully avoid introducing any unintentional weaknesses in the protection of our security systems or hurting our global economic competitiveness. mr. chairman, the department is committed to the security and resiliency of our data and networks and to defending the u.s. at home and abroad. an ongoing dialogue with

congress as well as other departments and agencies and the private sector is critical as we work together to confront and overcome the security challenges associated with encryption. i appreciate the committee's interest, grateful for the dialogue and i look forward to your questions. >> chairman, ranking member reid and members of the committee, thank you for the opportunity to appear before you today to discuss the current communications a environment including strong encryption and cyber challenges. when we last met on the 12th of july in a closed session, i outlined several of those challenges to the committee and today i look forward to further discussion so the american people are provided the greatest amount of information are possible on these important topics. of course some aspects what have we do must remain classified to protect national security. so today i will limit my discussion to those in the domain. when using encryption, i'm referring to protecting data from any access accept by those

authorized to have it. encryption is usually done by combining random data with the data you want to protect. random data is generated by mathematical algorithm and using some secret information only called a key in the generation. without the key, you can't undo the encryption. nsa supports the use of encryption. it's fundamental to the protection of everyone's data as it travels across the global network. nsa through it's information assurance mission for example sets the encryption standards within the department of defense. we understand encryption, we rely it on ourselves and set the standards for others in the u.s. government to use it properly to protect national security systems. at the same time, we acknowledge encryption presents an everincreasing challenge to the foreign intelligence mission of nsa. easy availability of strong encryption by those who wish to harm our citizens are government and our allies is a threat to our national security. as you well know been the threat environment, both in cyber space and in the physical world is

constantly evolving. and we must keep pace in order to provide policy makers and war fighters of foreign intelligence need to help keep us safe. terrorists and other adversary tactics, techniques, and procedures continue to evolve. those who seek to harm us, terrorists or criminals use the same internet, the same mobile communication devices, the same software and applications, and the same social media platforms that law-abiding citizen around the world use. the trend is clear. the adversaries continue to get better at protecting their communications. excuse me. we are making investments designed to help us address this challenge and last year we started a process to help better position ourselves to help face these challenges. it is premise the in the area that as good as nsa as foreign

intelligence, the world will continue to change. and the goal is therefore to change as well to ensure that we will be as effective tomorrow as we are today. the nation counts on narks nsa to achieve insights. what should be of concern to our security and the safety and well being of our citizens and of our friends and allies. we have a challenge before us. we are watching sophisticated aer have sars change their communication profiles in ways that enable them to hide information relating to their involvement and things such as criminal behavior, terrorist planning, malicious cyber intrusions, and even cyber attacks. right now, technology enables them to communicate in a way that is increasingly problematic for nsa and others to require intelligence needed to protect the nation for or law enforcement individuals to defend our nation from criminal activity. the question then becomes so what's the best way to deal with this? encryption is foundational to the future. the challenge becomes given that

premise, what is the best way for us to ensure the protection of information? the privacy and civil electrics of our citizens, and the production of the foreign intelligence necessary to ensure those citizens protection and safety? all three are incredibly important to us as a nation. we've also asked he to talk about cyber deterrence structure. as i have said before, i do not believe that malicious cyber activity by adversaries can only be or must be deterred by cyber activity. and intrugtss or attacks. building our mission force d.o.d. operations to support worldwide and bolster the capacity and capabilities to defend the nation against cyber

attacks. i too ask that my written statement be apart of the record and i look forward to your questions, sir. >> thank you very much, admiral. is it still your professional military advice to maintain the dual hat at this time is in our best national security interest? >> yes. general dempsey stated that describer is one area we lack an advantage over our adversaries, do you still agree with that statement? mr. secretary? >> i agree it's one of the greatest channels we face. >> admiral? >> yes. >> i find it interesting that one of the two states there seems to be evidence of is the state of arizona. what can you tell us about the russian activity and reported hacking on our electoral process

and do you think it is acceptable? admiral rogers. >> sir, this is an ongoing investigation and the public unclassify formed, i'm not going to be able to provide you specifics as to what our current assessment is. i will say this, this continues to be an issue of great focus both for the foreign intelligence committee and generating insights as to what foreign nations are doing in this area. >> this is the first time we've seen attempted interference in an election in the united states of america. isn't it admiral? >> sir, we continue to see activity of concern. is it a foreign nation or not? >> do you have anything to add to that? >> senator, i just would underscore that these are activities that the government is taking quite seriously. and aggressive investigation under way so the government can form it's -- >> do we have a policy as to how to respond to this interference

in elections in the united states of america? do we have a policy as to what our actions be taken? >> in this particular instance, the government is intending to rely on the results of the investigation being led by the bureau. >> we have a policy and the answer is no. admiral rogers, there's a wall street journal article yesterday, new tricks make i.c.e. once easily track a sophisticated opponent. goes on and talks about how incredibly sophisticated some of their work was in preparation for these attacks electronic silences, when they did communicate, called or sent text messages. location, chief burner phones, et cetera. what would you think about this

kind of activity admiral? >> isil remains the most adaptive target i've ever worked as an intelligence profession, sir. >> so it was foot in a leecht imagination to think that this kind of activity and planning further in the united states is taking place as we speak? >> yes, sir. >> admiral rogers and mr. secretary, do you believe there's a legitimative solution that can address some of these challenges we're talking about? >> senator, from my view the legislative route is not something that we think is the best way to go at this time. new legal and regulatory approaches are not as potentially productive as a robust dialogue seeking corporation and collaboration

with the private sector. >> i agree. and unless there is a policy about what the united states's actions will be in the case of a threat, in case of actual attack, in the case of other aspects of this challenge we're on, then you're going to see legislation. right now there is no policy. there is no policy that you can describe to me as to what we would do about an impending attack or what we would do about an attack. and so there's a vacuum there. so if you don't act, then i guarantee you, congress will act. admiral rogers, it was recently reported that twitter bar dad that minder, a company searching across millions of tweets to identify unfolding terrorist attacks and political unrest from assessing it's realtime stream of tweets because of it's work for u.s. intelligence agencies. according to an article in the

"wall street journal". service gave the u.s. intelligence committee community an alert about the paris terror attacks shortly before they began to unfold last november in march, first notified clients about the brussels attacks ten minutes ahead. twitter will allow information to be sold. not just the government. help me out. >> i wish i could senator, i'm perplexed by their approach in this particular instance. >> so we have a situation where -- excuse me. we have a situation where we have the ability to detect terror attacks using organizations such as data minder and yet in order for us to anticipate these attacks, we have to have certain

information. and twitter twitter is refusing to allow to have information that could literally prevent attacks on the united states of america. is that the situation, admiral? >> yes, sir, and at the same time, still willing to provide information to others -- >> for sale. >> for revenue. >> what about exposing them for what they are? >> clearly i wish had better understanding. >> so that i mean on them. senator reid. sfwlaung very much, mr. chairman. and one of the issues on the last line of questioning is highlighted quite a bit is that what used to be the domain of

nation states sophisticated research development application of products are now done commercially all crass the globe. i mean some of these encryption devices were just adapted by isil. they weren't developed by isil, but they've been very effective. so we're in a race not just against another nation state, we're in a race against technological innovation that is widespread and relatively inexpensive in terms of the commitment you have to make to develop a product. is that a fair assessment? >> yes, sir. i often used a phrase cyber is the great equalizer. it doesn't take tens of thousands of dedicated individuals, and it use asset of capabilities that are readily available globally to host of actors. >> and so, i think it's incumbent upon us to approach it

not as we've done in the past, you know, a nation state and countering their technology, but we're much more, you know, innovative approach. so let me ask both you and the secretary what is this new innovative approach to counter this new decentralized, dising a investigated relatively inexpensive ability to upset our very kbensive and elaborate systems, both platforms and intelligence systems. >> senator, i just make a couple of broad points on this. the most important thing we need to do in the department of defense is a is reach out to any and all partners that can help us find solutions. for example, the department of senior leadership has invested heavily in conversations with leadership across the u.s. technology sector. to really seek a dialogue about how we can come up with innovative solutions to address

the dynamics you've raised which include a quick and agile set of adversaries being able to adapt to new technologies themselves. leveraging those technologies to conduct global messaging that advances their interests. we've got a find a way to outpace that. and we believe that we can do so by tapping into the best ingenuity that the american private sector has to offer. >> admiral. >> it's very important us to. the argument i'm trying to make is guys we're dealing with a whole new ecosystem out there. and we have to bore into this ecosystem and look at it in just that way. don't focus on just one particular application as use the by one particular target. think more broadly about the host of ak tors that are out there about how that -- i can't get on specifics in an open forum. looking at it more deeply, not

just the one particular app if you will used by one particular target. if we look at this more as an ecosystem, we will find vulnerabilities that we can access that the nation and allies is counting on. >> look, i think fundamental tool your approach and again touches on the issues raised by the chairman is that if these large technological players or civilian potential partners refuse to cooperate, then that is very -- could be detrimental in our security and we have to find a way either to convince them or otherwise get them to cooperate. my sense is without it that we will not be able to deal with this issue, is that fair? >> it is from my perspective. >> there's been some discussion about having sort of a key to

those so that government could get in et cetera, and opponents suggest that not the government could get in, but other bad actors could get in. is that a solution that causes more problems or a real solution. j from a policy perspective, we benefit it from ourselves. so anything that looks like a back door is not something we would like to pursue. the important thing is i think on a case by case basis for institutions like the department of defense and the federal bureau of investigation and other key stake holders to have a really rich dialogue, case by case with key industry players to see what kinds of solutions can be brought to bear, given the imperative to also balance privacy and civil liberties for our public as well as to be able to ensure the competitiveness of

our economic players. >> thank you, thank you mr. chairman. >> senator, let me plead ignorance on the electoral in the state of arizona. >> is there a possible scenario where they could disrupt the voting results in the upcoming election? >> i think there are scenarios where you could see capability applied in particular areas. again it's not -- i don't have strong knowledge across the breath of the 50 states and elections are run on a state basis. and it's not just one structure.

>> it is a concern? >> yes, sir. >> thank you mr. chairman and thank you you and the ranking member for putting this subject before us today. i have a number of questions concerning how we respond to a cyber attack on civilian infrastructure. and i'm just kurls you, i know that the chairman has already raised a question of a policy, but i'd like to go a little bit deeper and what i'm really curious about is what is the role of the department of defense with regard to an attack on civilian critical infrastructure? is there a preemptive responsibility that the department of defense has to protect civilian infrastructure in a cyber attack similar to what happens? >> senator from a policy perspective at d.o.d., we have

three main missions. one is to defend the defense department and it's networks. the second is to support our commanders and providing military options in support of their plans and operations that relate to cyber. and the third is when called upon by the president and the national command leadership to support broader efforts that might be brought to bear in the case of an attack on u.s. critical infrastructure. >> has that occurred? has that request occurred yet? >> well "typically would come in in a specific instance of an attack. >> so in the case of attack on civilian infrastructure, how long would it take from the time that the attack is initiated until the time that the damage is done? milliseconds?

it can be quick, yes. >> how can we expect to respond and protect critical civilian infrastructure if you already don't have a plan in place? or do you have a plan in place? >> right, and at the policy level, overall framework with how to respond with attacks -- >> either you've got one in place today or you do not? do you have a plan in place today to respond to an attack on critical civilian infrastructure? >> i believe we do have a plan in place. senator, in july, for example. the president approved something called the presidential policy directive on cyber incident coordination, ppd 41 compromise lays out a frame work for an effort to respond to attacks on the critical infrastructure from a cyber perspective. >> so you would not have to respond. you would shot from to wait for a presidential directive to protect critical infrastructure

today? >> that's right. now dollar whole host of operational implications that need to follow. each has worked through what capabilities to bear. each has been applied in the case of the department of defense. obviously we look very quickly to the capabilities of u.s. cyber command. >> admiral rogers, today, can we protect critical infrastructure if it is under a cyber attack? >> do i have the capability? yes, sir. >> thank you. let me go back. you know, in the news, you've all heard and we've all about heard about the discussions regarding secretary clinton's use of the e-mail systems and so forth. one of the things that concerns me, and i'd like for you to put this in perspective for me if you could. one of the ways in which we lose information or dm which da that that is private confidential, classified is released is not

necessarily through an unfriendly actors getting ahold of or breaking into our encrypted information, but simply human error. and individuals within government who have access to classified or confidential information, or information which is classified higher than that. could you talk to us about what the responsibility is and whose responsibility it is to actually train or to give information to individuals who are either elected, appointed, or hired by the government to make sure that they understand the differences between the categories, between whether a c mean it's an alphabeticaled or ore it is confidential or any classified setting. whose responsibility is within the governmental layout structure today to see that that information is appropriately disseminated and that instructions and remedial instructions are provided if

there is a break. where does that fit? >> senator, the questions around cyber hygiene essentially and how to properly protect yourself against i. tichlt intrusions and so forth is one set of policies and practices that typically the cios and soerkted i.t. security managers have responsibility for educa educating government plea employees at all levels. also aren't the handling that flows from procedures and those are typically handled by departments security subject matter experts. >> department by department? >> typically so, yes, sir. >> and who oversees the delivery of that information? your agency? >> in the case of the department of the defense, for d.o.d.

employees, my office oversees the setting of security policy standards. >> mr. chairman, thank you. >> senator nelson. >> admiral, i have often thought of our ability to protect ourselves in cyber as that we are really almost like the standoff in the nuclear. assured mutual instruction. it gets more complicated with this because we have non-state actors. but could you give us an example in this open setting and if required, then in a classified setting of where we have been attacked and we showed them that

the return hit is going to be so hard that it deters them from hitting in the future? >> um, again, i can't give any details in an open forum, but i would suggest the response to the sony hack by the north koreans in november of 2014 is an example of that. >> and is that in the public domain? that example? >> in the sense that we publicly acknowledge both the events. we publicly acknowledge who did it, and we publicly discuss the steps we are going to take in response to it. and we also highlighted at the time, and if that activity continues, we are prepared to do more at the time and place of our choosing. >> and the specifics of this will, that have to be in a classified setting? >> no, in the sense that in this case, we chose to use the economic lever goes to one of the comments i made in my opening statement. one of the things i'm always recommending. i realize i just work the operational piece as much of

this, but i always encourage people, think more broadly than cyber and thinking deterrence, think more broadly than broadly in the state group individual comes at us in cyber. that doesn't mean that our response has to automatically fall back on what we have to respond in kind. we have to go back from a cyber perspective. i have tried to make the argument as others we need to play to all of the strengths of our nation. so in the sony case for example, we electively perspective made a choice to play to the strength of the economic piece for the united states. and i think that's smart, off menu of things, but when you get right down to tit for tat, we could absolutely with our attacks shut down a number of things. >> we could cause significant challenges to an opponent. not in the specifics, but yes -- >> right, so with state actors, do we see that that is actually creating a mutually assured

destruction? >> i would argue not yet. because remember, part of the deterrence is both some aspects to deterrence, convincing someone to the benefit they will gain doesn't justify the cost. convincing the actor that they just won't succeed or convincing the actor that even if you were to do tood this and if you were to succeed. what we'll bring back against you in response to this just doesn't merit you doing this. you really ought to think hard and fast before you really do this. and i have said this multiple times, publicly before the challenge we have right now is i think for variety of reasons, some, not all, some actors have not yet come to the conclusion that there's a significant price to pay for some pretty aggressive actions on their part in the cyber arena. >> well, i'd like to follow with you in the classified setting. >> sure. >> how we might respond to some of those actors. >> sure. >> in the private sector do we

have the cooperation that we need to tackle these encryption challenges? >> um, at an operational level, my observation, this is much bigger than just cyber command or nsa, my answer would be no, in the sense that my sense is i look at those problems that i see multiple parties spending a lot of time talking about what they can't do or what can't be done, and i wish we spent more time thinking about bell what could we do. what is in in the realm of the possible? even as i acknowledge, i think there's multiple parts to the conversation. what can we do is not necessarily what should we do. and those are two important parts of the conversation that i think we could have. >> and the encryption thing does trouble all of us. aside from encryption, what other technology trends are shaping the way that the

department does business? >> from a cyber perspective? >> yes. >> very much interested in artificial intelligence, machine learning, how can we do cyber at scale, at speed? because if we're just going to make this a largely human capital approach to doing business. that is a losing strategy. it'll be both incredibly resource intensive and it'll be very slow. so i'd say that is a big area of focus for us. in addition, we're constantly reaching out, diux, the capability that's been created now the silicon valley as well as boston, u.s. kraber command has a separate but related that teams with the iux to try and harness partnerships in the private sector. overall, i'd say good, but as the chairman highlighted, every once in a while you just run into a situation where you go can't we just step back, sit down, and talk to each other than rather than these you can't do this, can't do that. we won't do this, we won't do

that. as i acknowledge, i have no issue with that at all. i certainly understand that. >> thank you mr. chairman. >> senator. >> thank you, mr. chairman. thanks to both of you being here. i always appreciate your commitment to protecting the rights that we hold dear as americans and our security. this issue of encryption cuts right to the heart of a lot of things. cuts right to the heart of the nature of the relationship between the american people and their national government and to the heart of number of features in the constitution, including responsibilities of the federal government to safeguard the people. and also to safeguard their rights. i believe it's an issue to congress and the executive branch have to approach with a great deal of prudence. in recognizing that we would as a national security issue or as privacy issue on the other hand, we have to view it hoe

listically, understanding that we've got to find a resolution to this that respects all the interests at stake. >> admiral rogers, i'd like to start with you. on august 17th, washington post reported that a cache of commercial software flaws that had been gathered by the officials was mysteriously released. causing concerns both for government security and also for the security and the integrity of those companies who i believe had not been notified by the nsa of the flaws discovered in their systems. so can you walk through this process with us, that the nsa uses to determine -- >> vulnerability -- >> well, to determine when, whether to what extent you should notify a private company of a security vulnerability that you've discovered. and whether nsa will continue to

withhold such information from the companies. when there are clear concerns about the security of your own systems. >> there's an agency started in 2014 that we continue to be apart of that nsa and other entities become aware of zero day vulnerabilities so to speak. those vulnerabilities we don't think that others are aware of that haven't been patched or addressed that we raise those through a process where we assess what's the impact of disclosing or not disclosing, i have said publicly before i think, over the last few years, overall, i think our overall disclosure rate has been 93% or so of the total number of vulnerabilities using this process since 2014. and we continue to use that process. >> okay. okay. so you do that on a case by case

basis. has therein been a security breach because of a cyber vulnerability that you were aware of that nsa had previously identified? >> i can't say totality of knowledge, sir, i don't know totality, i apologize. >> okay. >> it's understandable. >> on sunday, just this past sunday, the wall street journal published a report on the methods of isis. the methodists that isis is using in which there were some experts who concluded that low tech communications including things like face to face conversations, handwritten notes, and sometimes the use of burner phones have proven to be just as much of a problem for western intention officials as the use of heightened encryption by our adversaries. and mr. secretary, i was wondering if i could get your sense on this, are the defense

and intelligence communities investing enough into human intelligence and other activities to address low tech terror methods like those leading up to the paris attacks and if we continue, related question to that is if we continue focussing on combatting highly sophisticated encryption technology, do we expect to see a corresponding shift into these lower tech alternatives? >> senator, you put your finger on a really important point which is the need for a really diverse set of intelligence collection capabilities and disciplines. capabilities using the best available but also capabilities that draw upon individual case officers, area expertise, language exer pertise and quest

in a granular way pick up what's going on and identify threat actors who, as you note, may be using relatively unsophisticated mechanisms for planning and plotting attacks against the u.s. homeland and our allies. so with, with regard to the aspect to your question around human intelligence, we have been making some investments over the last several years to continue to improve the effectiveness and capacity of defense-related human intelligence working closely with cia and i think that is a very important set of investments to be making. >> senator, i have one comment, okay. i think what that article highlights is the fact that we're watching isil use a multi-tiered strategy for how they convey information and insight. that runs the entire gamut. and so i think for us as intelligence professionals, we've got to come up with a strategy and a set of capabilities that are capable of

working that spectrum. it can't be we just spend all our money focussed on one thing. i don't think that's a winning strategy for us. >> understood. >> i got a couple other questions, i'll submit those in writing. thank you very much. >> senator. >> thank you mr. chair. admiral rogers, i want to continue along that line of questioning and recently there was a worldwide survey actually of encryption products, looked at 865 hardware and soft weir commercial encryption products that are available worldwide. and about a third were overseas. it begs the question if congress were to act on this issue if congress were to compel some sort of built-in back door to those kinds of products, would that in any way effectively limit access to stronger encryption projects to our

enemies to foreign terrorist groups? as long as they're widely available on the internet? >> so i think clearly any structure or any approach that we come up with here with respect to encryption has to recognize that there is an international dimension to this. that encryption doesn't recognize these arbitrary bound ris on the globe that we have drawn in the form of borders with nation states. i don't know what the answer is, i certainly acknowledge we have to think more broadly than just one particular market so to speak. >> given how easy it is to just download an app on to your smart phone to do and encryption of texting and other communications, does it, and getting to really senator lee's question, does it beg the question of whether or not we've become overly reliant on signals intelligence generally? are we investing enough in human intelligence?

>> obviously it means that people work for the u.s. government as well as private citizens have data potentially exposed to nefarious actors. has the administration ever considered some sort of reward structure and standing structure for, for those sorts of vulnerabilities to be identified and therefore identified to different companies so that they can plug those holes as they come up? >> i can't speak for the administration as a whole, but we have done this twice now within the department of defense. you could argue about the program where we specifically tried to incentivize the

discovery and sharing of vulnerabilities both help the department as well as the sector and addressing that. >> have you found that to be an effective strategy? >> yes, sir, i in fact you'll see us in the coming months we're looking at the next it ration of the program as well. this is something we want to continue. >> do you think that's something we should be looking at as a more whole of government approach as well? >> i would only say our experience has been a positive one. and i would fully expect it would turn to be positive for others. >> with my conversations with the technology sector, that's something that's come up consistently over time. thank you both. >> senator sullivan. >> thank you mr. chairman and thank you gentlemen for the testimony today. admiral rogers, i know you've been talking about this in a more broad sense, what do you see is the three top threats that u.s. cyber command or the nsa have to plan or defend against top three?

and it can be a country or it can be an issue? when you're going to bed at night, what are the top three? >> broadly as i look out number one is just the day-to-day, d.o.d., we are a mass e department with a global lay down and a network infrastructure that was built in a different time and a different place in which redundancy, resiliency were not core defined characteristics. so my challenge at the cyber command side is i got to defend an imperfect infrastructure and give us the time to make the investments to build something better. that's challenge number one. i'm always thinking what are the vulnerables that i don't recognize yet that someone's exploiting. number two would probably be, i worry about most penetrations and networks to date have largely been about extracting information. extracting, pulling data, whether it's the general intelligence insights, whether it's so generate battlefield insights, whether it's to manipulate outcomes.

what happens when it's no longer just about data extraction, but it's about data manipulation and now data integrity becomes called into question? as military commander, if i can't believe the tactical picture that i am seeing and that i am using to make decisions that are designed to drive down risk and help me achieve the mission, if what i'm seeing is a false representation and in fact they are increasing the risk and in fact are not having positive outcomes, data integrity data manipulation concerns me. that's a whole different kettle of fish. and then the third one, probably what happens when non-state actors decide that the internet is not just a form to coordinate, to raise money, to spread ideology, but instead offers the opportunity to act as a weapon system? to employ capability on a global scale? >> let me ask about that last one. because i think one of the things that we continuingly hear in terms of our cyber strategy

and how this domain is that the attacks when they occur on us, seem to come in some cases without much cost. >> obviously a lot we have to have credibility. but how do we raise the cost? do you think we do need to raise the cost. do you think in this doe mags that our adversaries think they can take action and kind of get away with it because we're not going to respond? do we need to be more aggressive in signaling how we're going to respond and then respond? >> wing we need to show

adversary we have capability, the will to employ it -- >> have we done that though. >> as we've said, we've done it, the sony piece i would argue, you could also argue in the areas of hostilities, iraq, afghanistan, we're doing good things every day. the opponent says we're publicly acknowledged that we were doing that. i think in part that idea that publicly acknowledges and cyber as a cape to believe the counter isil was not just to signal isil, but was going to make sure others were aware that the department of defense is investing in these capabilities. we're prepared to employ them within a framework. >> do you think we're sending to state actors in cyber space? >> i certainly hope so, sir. >> you think we are. i don't know what -- you're in charge right, hope makes me a little worried. >> it varies by the actor.

>> did iranians fear about counteraction? >> yes. my sense is they have awareness of capability and they've seen us use it. >> let me ask this one final question, seems to me on a longer term, one of the biggest strategic advantages we have is our youth. a entheir capabilities which far exceed probably everybody in this room. given how smart they are in this space and how they've naturally grown up with it. what are we doing to make sure we were trying to recruit younger americans to, you know, be on the right side of the issue, to come serve their country in a really critical area where they in many ways have unique skillsets that a lot of us, no offense to my colleagues around the die yes, sir here that a lot of us don't have. >> yes, sir, i'll highlight a couple of examples. we have a conscious effort we've been doing for several years

now. >> across the united states. we have cyber acquisition, cyber academic and research excellence with over 200 universities. i mean, excited across the united states. because we've realized much of the work force in the future is going to come from these pools. so there's something to be gained we believe by interacting early with them and more broadly for the nation as a whole helping to encourage the acquisition of these skills, this knowledge, in a way that just wasn't necessarily the case in the past. >> thank you chairman. >> if you lock around the audience and now all of this coming to fruition, it's quite confusing and troubling and concerning. with all that being said, you know, we have concern over our

food supply, our energy supply, the average person in america right now is concerned over whether they have children or grandchildren cyber bullying, everything that goes on with the internet. we see the rise of terrorists, the great equalizer is the internet for them. they don't have an air force, they don't have a navy. they have nothing more than the will to do us harm or wreak havoc around the world. with all that being going on, the question i would like to ask best is, and perfect world without the politics involved. not politically correct, what can we as senators setting on this committee or in this body or no congress, 535 of us concentrate and do to allow us to streamline this to make this work. looks to me like you're going to take volunteers around the country that are smart and bright. also if people are hack us, are they able to see what's going

on? the way you collect this information of a and what can we do to help streamline this to correct it so something falls through the cracks. >> i'll take the first crack at it. the most important thing that i think we can do and this committee and you all as members are incredibly, powerfully well suited and seeded to be able to do this is to have have that dialogue, cat liez that with the public, with civic leaders, with industry leaders. about the shared nature of this challenge. both the cyber security challenge and the hacking that we all faced across from the individual to companies and

governments. and the acute threat from ongoing terrorism. toe recruit and persuade over the internet. so that dialogue with leaders to really impress upon corporate and civic leaders the need to be that at the share d. >> the situation or is it a lack of basically sidelined to where everybody's protecting their own territory? is there a way to break through it? if you're going to be that agent, it has to be one gathering point and basically one dispensing point. and i'm understanding that some agencies aren't talking to each other we have the situation to where they are corporating. san bernardino, apple and all

that comes in mind. >> this can't happen. if that's the great equalizer and we have people have nothing else more than the will to do us harm we have to have the will to do greater harm. i'm looking for a way to help. >> senator, i don't disagree with the statements. this is my take away having done this for a while now. using the same structures and the same project probably is not going to get us there. where we want to be. so i think the challenge particularly as we're looking in the future is can we take the opportunity to step back and ask ourselves what to do differently. the other thing particularly as senators among the leaders of our nations, these are serious hard issues. and we have got to get beyond this simplistic vilification of each other to role up our sleeves and figure out how we're

going to make this work. realizing there's multiple perspectives and a lot of different aspects that have to come into farm bureauuation. >> i speak to children as much as i possibly can, i don't think nowhere in the world can they challenge us? we have the greatest in the world. the economy, our economy is greater than anyone if the world. almost double the closest to china. i'm not worried about a takeover of the united states of america. i worry about the cyber security how they can hack and what can at us and come at us different ways. and if we're defending that if we're not giving you the tools and if we're playing politics and who's politically correct, this is not a time to do that. i think there's a group that would love to say how do we streamline and make sure someone says we do this or we don't do this? >> yes, sir. >> thank you.

>> thank you mr. chairman and thank you both for being here today. i want to follow up a little bit on senator manchin's questions which was referred back to senator mccain and the twitter example you used earlier. so how do we get the private sector companies to recognize that this is a shared challenge and that we've got to work together. do we need more legislation to address that and this is really a policy questions for you. secretary, so is it that or is it meeting with folks, what do you think we need? >> senator, our view at this point in the dialogue and debate is that legislation that forced to rear a regulatory solution is not preferred that the point.

and what we have found is on a case by case basis when leaders had been able to have a very effective quiet dialogue with leaders in industry that the nature of the conversation starts to shift in a couple of ways. one is, you know, industry and government for decades have worked together very proud ly projects that protect the nation. reminding ourselves of that rich history i think starts to put the conversation in a dialogue around solutions rather than being at odds with each other in an antagonistic way. if on the government side we're able to communicate. the problems we're trying to solve and ask for industry's best expertise and wisdom about the solutions that might be brought to bearer that we haven't even thought yet. often we find that we are able to come up with solutions that meet our law enforcement and

national security needs. the second thing i think is -- >> let me just -- sorry to interrupt. has that worked with twitter? in terms to allow us to scrub the information we have. >> as was mentioned earlier, to the best of my knowledge, twitter's position hasn't change the on it's level of corporation with the u.s. intelligence community so far. >> and we were not very successful with apple either. is that correct? >> that's right, yeah. >> so there are limits to that strategy. i appreciate what you're saying. i mean, i would always rather try and sit down and resolve the situation rather than pass legislation, but right now we've had mixed reviews of the opportunity to work collaboratively with the private sector to address this issue. >> yeah, that's absolutely fair

to say. now the industry and private sector is very diverse. businesses have different business models which leave them in different positions as far as their ability or willingness to work closely with government on working our way through some of these law enforcement questions. so the case by case approach is what is absolutely needed, but as you pointed out, we are not successful in every case. >> i had the opportunity earlier this year to visit a iowa stone ya, which as we know was the first state subject to a massive cyber attack from russia. are there lessons to be learned from examples like iowa stone ya who have experienced this or from other countries or businesses and are there lessons we should be taking from what's happened in other places? >> television not been chance i've been there twice this year.

not specifics, but we have talking about creating relationships to build on it. one comment i make also is what works necessarily in your construct may not necessarily scale directly to a nation of 350, 335 million in the largest economy in the world. but there are perhaps things to take away from this. you have to admire -- they sat down and decided this was a national imperative for them and consciously sat down and asked themselves, what do we need to do and how can the government help to be a primary driver in this? not the only, but how can we harness the power of the government and the structure to help drive that? and that aspect of it is very impressive to me. >> i would agree with that. i was very impressed with what i heard. but to follow up on what you're saying, do you think we've reached the point where we blaef this this is a national imparody for the united states?

>> most people induetively realize that and translating that into a series of specific actions to drive broader change than we have done. i think that is still the rub if you will. >> thank you, thank you mr. chairman. >> thank you, mr. chairman. mr. secretary, admiral. >> thank you for your service and thank you for joining us today on this vital topic before this committee. admiral rogers, during your testimony this committee in april, you indicated the department of defense was making significant progress towards establishing 133 cyber mission force teams with plans to be fully operational by the end of fiscal year 2018. my home state of texas, i'm proud of the air force cyber command and glad to see that the air force is taking advantage of the unique center piece between the academy industry and military. which exists in san antonio.

the combined efforts of the international guard and the active duty forces of line backland have played and will continue to play an integral role in modern cyber warfare. and i thank them for their hard work and you for your leadership to ensure that they have the right tools they need to train, fight, and win. would you provide an update on the cyber mission force and detail specific short falls that that matter congressional systems. the d.o.d. network. set for us providing cape to believe the help defend critical infrastructure against significant acts of cyber consequence if you will.

the 133 teams if you will break down into those three different missions. by 20 september of 2016, that's three weeks from now. two weeks or so from now. we will be ioc by 30 september 2016 of all teams and i would commitment the services. this one were quite frankly, i haven't been the nicest individuals at times about this is a goal and a standard, and we are going to meet this. so we're on track to do that. this is to be at full operational capability by 30 september 2018, because our experience is that it takes about two years to get a team from the time we stand it up until it's fully mission capable. so the teams we're finishing standing up this month at ioc, we expect it'll take us two years to get to full operational capability. the biggest challenges we continue to learn insights about tool's want cyber defensive side

that we need to continue to deploy more broadly and try to use a best approach to this. whereas we generate insagts from capabilities that the individual services have, nsa, other elements, let's pick the best and apply it more broadly. let's not waste money trying to do it here. investment in the persistent training environment. our ability to actually simulate in garrison, the networks we're going to find. we just cannot afford a model where we do these major exercises, we try to bring everybody together. it's just a cost intensive approach to doing business. that's a part of our strategy, but it shouldn't be the fundamental backbone. cyber situational where it's another area where i would argue we have got to be able to visualize this battle space. right now, we just don't do that well. i have prioritized it as a lower level and i'm the first to acknowledge that. we've had to identify where can we take risks and i tend to prioritize it lower. >> but it's an area where i

remain concerned. we need to increase the level of investment we're taking too much risk. those are probably -- i don't to want give you a long answer. i know you have limited time, senator. those will probably be the three biggest areas i would focus on, invest on. >> okay, thank you, admiral. left me shift to a different topic. nbc news article claims that despite evidence that russia is behind a number of cyber intrusions in the american networks that the administration failed to respond because they determined we need russia's help in syria. if true, the obama administration will have effectively ignored the threats from a adversary that is actively trying to influence the election process and will set a terrible precedence for our country going forward. mr. secretary, are these reports

true? and is this in fact what the administration said? >> i'm not aware of the details of that particular nbc story, senator, but i'm not aware of any linkage of these issues that i've seen in the policy discussions. the incidents you've described around the apparent hacking of relate ed related related to our electoral systems is under an aggressive fbi investigation so that the u.s. government can compose it's own conclusions about what has occurred there and what are the appropriate actions to take in response to the discussion that the committee has been having this morning around cyber deterrence, it'll be very important to look at the facts around that investigation and the conclusions from it in order to form a policy choices about what kind of acts to take in response.

>> thanks mr. chairman. thank you both for your service pen r and the excellent dlax you're making to our national defense. i want to return to the chairmans questions about our electoral system. isn't there a pretty powerful argument that our systems of elections and voting ought to be declared critical sfrur? >> senator, that's an important question. i think we look at critical infrastructure across the country, we do need to consider the possibility of attacks on infrastructure causing significant consequences to the u.s. and if there were scenarios where we could envision attacks having significant consequences in our electoral context, we really do need to consider that. >> well certainly we've

invisioned those potential consequences. admiral, your response to the chairman's question was in part that this electoral system is -- i think you used the word december pretty by which i took it to mean decentralized, dispretty meaning divided and localized. >> yes, sir. >> which is true, every state has it's own system, but as you well know, in our presidential elections, the electoral college is the critical decision-maker. which results from elective systems within states and of course elections have consequences at the state and local level as well and now many are driven or directed by some

kind of computer collection of information. so they are vulnerable, maybe not at the ballot box, but at some point in the chain of collecting and assimilating that information. is that not troubling to you? and i don't know the circumstance of arizona, you're not familiar with the circumstances of connecticut, but -- >> right. >> this is a common thread in our elective system and we've seen from some of these hacks that they can have very severe impacts on these systems and they are largely unprotected right now. >> i think it raises a broader question of what is truly critical in the cyber world? you know, we've tended to think, i think my sense, we've tended to think along very traditional industrial in many ways, you know, kinds of lines. and one of the things i think that the events of the last few

years are highlighting to us is that, for example, we need to think about data in a whole different way. and what are the implications from a security and a critical infrastructure -- >> admiral, wouldn't the selection of our leaders, of our system of government -- this should be no discussion about that. >> senator -- >> if you attack that, and succeed in destroying that, you've destroyed democracy. why are we equivocating here about this? >> i'm sorry to interrupt. >> no, mr. chairman, you took the words much more eloquently out of my mouth. i think there is not only a powerful argument, it's virtually incontra veritable, and i understand that you're approaching it from a more abstract standpoint and i don't mean to interrupt because i'm here to listen to you, but i would hope that there would be a

move to designate the systems as critical infrastructure. and why don't you -- i know you were remarking on the remarking on the nature of data. >> so my only point is, if you look at critical infrastructure from a data perspective, what are the key data-driven decisions that tend to shape us as a nation, you would come to a very different conclusion than if your perspective was critical infrastructure to us is primary industry. that's my only point to you. this leads us, i think, to a different set of conclusions as to what is truly critical. an election system is a good example of that. >> well, my time has expired. but i think that we really need a national consensus that our electoral system, our system of choosing our leaders, as the chairman has said very well, our system of choosing leaders at he every level, not just the

national level but state government, state legislators, all of these systems are going to be increasingly involving the collection of -- you refer to it as data. the data are votes. the votes are individual citizens, deciding who their leadership is going to be, which is going to determine who sits in the chair you occupy right now. and these chairs here and who makes these critical decisions. nothing is more fundamental. our financial system, our utilities, our system of health care all are critical infrastructure. and i think our system of electing and choosing leaders is no less so. thank you very much. >> thank you, mr. chair. gentlemen, thank you very much for coming in today and talking about cyber security and its impact on our national security. i'd like to address some

situations from the national guard perspective. i'm a former soldier in the iowa national guard. and i have been tracking the increasing cyber capabilities that both the army and the air national guard are bringing to the table even in my own home state of iowa. but unfortunately it appears that the dod has not been tracking this as closely as i have. a report from the gao last week stated that, "d on od does not have disability of all national guard units cyber capabilities because the cyber department has not maintained a database that identifies the national guard near that cyber related emergency responsibility capabilities as required by law." this is a little bit alarming to me because in the national guard, we do have some tremendous capabilities. and we're able to pull a number of those private sector cyber warriors into the guard. that's their part-time job and

full time job. so they are very talented. and we want to see they are being used to the fullest of their capabilities. admiral, how close is the dod to the having a database of all the national guard cyber capabilities as required by law? >> senator, i can't answer the specifics of the national guard. i'm the son of a guardsman. this is the only world i knew as a child growing up. so the guard and the reserve are personally important to me. i sat down with a team last week and we were just reserving the planned mission for the piece. i will take action to pull the string on this. i apologize. i haven't seen that report. and i don't know the specifics. but it is reflected -- we have always maintained as we build the department for cyber, the

structure has to go the way beyond here. the guard and reserve have got to be a critical piece of what we do here. which is why if you look at what the air force are doing, they have guarded reserve. the army is bringing online an additional 22 cyber protection teams from the guard purely associated with guard and state missions, not necessarily the cyber mission force. because they realize the importance of this investment. marine corps. and navy. their approach is different on the guard structure. they're approached slightly different. i apologize. >> no, i certainly agree with that. one team, one fight. there are capabilities we're not utilizing or considering when we look at that big picture. so i do appreciate that a lot. and are there steps that you think that you can take that would tie together better our reserve component, our national

guard component? what kind of efforts can you assist with, what can we assist with. >> i feel good overall with the cyber mission force. what additional level on of investment as a department and in the state structure do we think is appropriate over and above that? that's probably the biggest focus area for me. what should the future be. whatever investments we make in the guard and reserve, how do we make sure they are tied in and aligned with the broader department effort? so we're working this as one team. we just can't afford everybody out there doing their own thing. that will not get us to where we need to be. >> i agree. gentlemen, for both of you, the government accountability office found the cyber guard failed to focus on emergency or disaster scenarios concurrent to cyber incidents, app area where the national guard would be very

helpful. and what efforts -- and, again, you may not be be tied as much into national guard. but what effort could you take to improve cyber guard for the upcoming year. >> i haven't seen the specifics of the report. i can tell having read it i am in disbelief. we call it cyber guard for a reason because it's focused on how we exercise the integration of the guard reserve and the active component with industry. i spend time at that exercise every year. we just did it in june in the thai waters. some committee members came down and observed it. so i'm a little bit perplexed by the basic premise. but i apologize, i haven't seen the specifics. >> okay. and my time is running out. but, again, i think that demonstrates where we do need to put a little more emphasis on our reserve component forces and

tie those into active duty component he as well and take advantage that exists out there. make sure we are exercising capabilities. so that you can very much, gentlemen, thank you. i recognize senator mccaskill. >> i came from missouri and had the opportunity to see the guard unit at jefferson in st. louis and the 139th wing at rosecrans. i'm not aware and i'm not sure you're aware all of these units and what their capabilities are and what they're doing. what was remarkable about the guard unit in st. louis was who these people were in their day jobs. we're talking about the very top level of cyber security at a fortune 500 country that has huge needs in this area.

huge need. i mean, this guy knows more, i would bet, than a huge number of people that you are commanding within the active military in terms of both cyber offense and cyber defense. and i realized that this is a great opportunity for our guard to recruit some of the most talented and technically capable people in the private sector since the vast majority of the networks that we are supporting in terms of protection in this country are in fact, private networks. so i wanted to bring that up for you and ask your opinion about that integration and particularly as it relates to the linchpin within the department of homeland security. because the beauty of the guard is it is is busy with domestic security as part of their

mission because of the tag and the involvement of state governments, whether it's a natural disaster or other kinds of problems. and so it seems to me that utilizing the guard is the linchpin between the department of homeland security and department of defense would make a great deal of sense, admiral rogers, and i want your opinion on that. >> the reserve brings a lot of capability. that's one idea to bring it all together. not just active. not just guard. it's the ability to bring it together. in terms of who should be the fundamental linchpin, before i get into publicly endorsing a particular strategy or solution, this is just one i want to think our way through. there are challenges if you do it over guard or reserve only or active only. one of the other challenges i found so far in my time, we have to work our way through -- and

this is where the i think becomes incredibly critical. what's the difference between using dod capability to work federal large infrastructure versus the capability by extension of the guard to bring forward in a much more localized state and local level. that's area of the guard clearly optimized for piece not as readily optimized for. >> one of the problems in this space is retaining active personnel. if they become skilled in this area, there's lots of lucrative opportunities. is there any thought given to active recruitment of these folks into the guard as they move into the private sector for a lot more money and people not being able to tell them where they're going to live 24/7. is it possible that we are losing an opportunity in terms of retaining some of the talent

that we have by not directly recruiting them into the guard. >> so knock on wood it it has exceeded our expectations. doesn't mean it won't change tomorrow or next month. i will since it is a concept, they talk about how do we make sure we are watching workforce transition out of the separate, retire. is there a way to tie in the guard piece. senator cruz mentioned san antonio. i have seen several instances because there is a large concentration. this is working very well. i'm not sure how well it is working in those areas where we don't have this large guard and active -- >> right. >> -- force if it will. i don't know off the top of my head. >> this idea has been discussed openly. there is a lot of pros and cons. one of these talented cyber

warriors at the guard unit that i visited with i was told one of them almost was removed because of sit-ups. what about the p.t. requirement and what fall is there to forming an elite cyber squad that is civilian as opposed to, you know, losing a really talented guy because of sit-ups. >> remember the longhorn conflict specifically prescribes what civilians and uniforms can do in some particular applications. i generally remind people what would the mission be that you gave that entity. there are some that the law abiding could not do. >> right. >> application of force and capability. to date, are there numbers where that is an issue clearly? i'm not going to pretend for one

minute. but we have been able to retain people and still meet the requirements associated with a broader military without decreasing capability. it's one of the things i have talked about. we need to be mindful that as circumstances change we need to look about changing the rules we currently operate. if the situation would change, those are the things we need to say, we need to look at a different force, balance, or mix. do we need to look at different standards or requirements associated with individual. i don't know if we're at that point now. if the situation were to change, we would definitely need to do that i think this is going to be a growing part of our national security. >> right. >> thank you. on behalf of the chair, i recognize senator kaine. >> thank you, mr. chairman. it seems to me the good news is we're the most wired society on earth. it gives us fantastic efficiencies and productivity and advantages in many ways. but the bad news is we are the

most wired society on earth, which means we are the most vulnerable. admiral rogers, you're familiar i'm sure with the ukraine hack of the grid in december 2015. one of the things we learned from that is that hack was much less serious than it might have been because of some retro technology, analog switches, old dimitri who had to go through a switch somewhere at a relay. do we have some lessons from that that we ought to be thinking. think about elections. it is hard to hack a paper ballot, those kinds of things. should we be examining that area? >> we certainly are. one of the lessons from the uk, for example, is not only the analog, the physical piece, but also the way the grid was broken down into components. it's lead to go some things, for example. as a naval officer, we're

teaching celestial navigation. we said we have automated processes now. >> you can't hack it. >> yes, sir. there are things we need to look back in the current world we're living in and say some of the assumptions we made are not going to be accurate. what do we have to train differently? what skills do we have to have? >> we also need, as i think you've saided, we need to question the basic assumption that digital is always better. >> yes, sir. >> senator rich and i have a bill in to ask the national labs to work with the utilities to look at the ukraine situation and see if there are places. not to dedigitize but where there could be other devices put

in to deal with just this issue. let me turn to encryption. while this hearing was going on. literally in a minute and a half i downloaded telegram. telegram is an app, as you know, that is en crypted. i looked at what it -- how it works. it is fully en crypted in english, korean, portugese, dutch, spanish. it was started by two brothers from russia. it is based in berlin. this is the reality, mr. ledger, that we can't stop this. the idea of somehow being able to control encryption is not realistic. >> we can't stop this. you're right. all of us benefit from strong

encryption. i personally am in favor of strong encryption that helps me protect my personal data. the challenge is and yet we need to find our way -- think our way through how we can continue to fulfill our responsibilities to enforce the laws and protect the nation. and i think what we do find is there are a number of instances where government leaders have been able to strike a very collaborative and cooperative dialogue with key sectors in the tech sector, individual players and executives have been able to focus on finding solutions. >> that worked well in the '20s when you were talking about the telephone system, which was only within the country. we can deal with apple or with microsoft or sisco or whoever. but if you have a cloud-based app and the headquarters is in

berlin and who knows where the data is, as hard as it is for us to believe, there are places our power doesn't reach. we can't regulate something that's over in berlin or swazi land. >> that's right. there are always players in the technology solutions that we may not be able to find a way forward. the solution may be elusive. it does require us to think innovativelily beyond encryption how we can go after national security challenges. >> this is the word history of conflict, is invention, reinvention, reinvention. and i want to associate myself with senator lee's questions. we need to get back to old-fashioned human intelligence. and i think it was easy in a sense that you can pick up conversations. now it is no longer as easy.

we need to think about what are the other techniques we may use. it may be old-fashioned intelligence or high-tech satellite or other things. but we can't -- i think innovation is going to be absolute key to this. >> that's absolutely right, senator. in particular, i think as you pointed out, we do need to build innovation across a range of disciplines and collection capabilities. even in the human intelligence arena, we know how effective it can be. we also know technology trends are changing how we do humit and how we conduct our human intelligence as well. >> my time is up. i would suggest big data analysis is one of those tools. >> absolutely. >> thank you, senator king. on behalf of the chairman, let me thank you for your testimony today and your service. since there are no other

colleagues here, i would call the hearing adjourned. thank you.

c-span brings you more debates this week from key u.s. senate races. tonight three debates starting at 8:00 p.m. eastern on c-span. first from pennsylvania, republican pat toomey faces democrat katie mcginty. then florida senator marco rubio seeking reelection challenged by patrick murphy. from ohio, senator rob portman and ted strickland. that's at 10:00 eastern on c-span. tuesday, live coverage on c-span2. a debate from indiana to succeed republican dan coats who is not seeking reelection. republican representative todd young faces former democratic

senator evan bye. that's live at 7:00 eastern. after that, another debate to succeed a retiring member of the senator, louisiana republican david vitter. self candidates will take the stage, including republican state treasurer john kennedy, republican congressman, charles bustany and caroline fayard. that's live on c-span2. auto thursday, the candidates in ohio senate race meet for another debate. senator rob portman and ted strickland live at 7:00 p.m. eastern on c-span. from now until election day, follow key debates from house, senate, and governors races on the c-span networks, c-span.org and c-span radio app. c-span. where history unfolds daily. >> president obama getting ready to host the final state dinner of his presidency. the guest of honor, the italian prime minister. we have complete coverage of the

event tomorrow at 6:30 p.m. eastern on c-span. we got a chance to talk to a fashion critic about the state dinner fashion style of the first lady over the years. >> robin, describe michelle obama's style. >> her state dinner style? >> yeah. her state dinner style. and state dinners in general. >> well, i think when mrs. obama dresses for the grand state occasions, the thing that really distinguishes her sensibility from that of first ladies who have come before her, is i feel like it is much more rooted into a very contemporary hollywood idea of what is tpwhrapl rouse. by that, she's not wearing anything that's particularly revealing or high slits or anything like that. but there is a certain kind of modern edge to it that really taps into what we're used to seeing coming down the red

carpet. it is less regal and more glamorous. >> has it changed over the last eight years, her approach to the state dinners? >> well, i think her look has gotten to be in some ways a little more relaxed if that makes sense. within that framework of glamour, when i think back to the first state dinner, which was for india, the dress was gorgeous. her hair was up. and she had bracelets, the whole shebang. and she looked wonderful. but then to some of the later dinners when she wore a dress by carolina herrera. even though it was still quite a grand dress, there was i think an infinite ality to it. it felt like glamorous sportswear instead of a full head to toe look. >> what do you think the impact

has been of her choices for the state dinners on the role of first lady by also on some of us called them diplomatic art on diplomacy. >> well, you know, i think the first thing is we all want to be proud of people that are in the white house. we want to be proud of their hospitality. we want them to put their best foot forward. she's presented herself in a way that i think makes most people feel like, yeah, we can stand up on the world stage alongside of folks from france and italy where the notion of fashion is really something that's imbedded into their culture. the other part of it is that these are really moment us moments. the photographs are going to go into the history books. and for any design house, that is enormous.

it also puts them in the history paobgs. so it lends a certain i think gravity to what they do. the american fashion industry is just as important of an industry as the food, the auto industry, all the things, all the other things that go into creating that state dinner. >> how does she go about choosing her dress and choosing the designer? >> well, when we paint each other's fingernails and brush each other's hair, she stels me -- i'm kidding. my sense is that the first thing is she wears what she loves. she wears what she is comfortable in. that says said, i do think there is some attention to the country

that's being haurpbd, a desire to acknowledge either that directly by working with the designer who perhaps has, you know, that sort of ethnicity in this their background. sometimes it's just a matter of paying tribute to a particular color or flower or something that is important to that country. >> last fall you wrote, when you were covering the state dinner for the chinese premier, she chose a vera wang dress. she said by choosing that, it wasn't an apology but a diplomatic clarification. can you explain. >> i'm trying to remember what the dress looked like. >> the black dress that she wore, the vera wing black mermaid style dress as opposed to the one she chose for the first chinese state dinner. >> right. the first chinese state dinner it was a beautiful dress. it was red. it had been designed by sarah

burton from alexandra mcqueen, a british fashion house. and vera wang is a very well-known american-chinese designerment the first go round mrs. obama got criticism from the american fashion industry, particularly oscar de la renta who felt this was one of those occasions when she had the opportunity to elevate american design and to wear a dress by an american designer. and he felt -- many in the fashion industry felt that she had missed an opportunity. and i think in many ways we felt hurt that she looked outside of 7th avenue for a dress for the occasion. so this was a bit of a do-over. and i think there was a little bit of an acknowledgment that perhaps the first time was a misstep. >> do you have a favorite dress

from these past eight years of these state dinners? >> you know, i thought the carolina herrera was particularly elegant. in many ways it was rather traditional. but i'm also fond of the last one she wore by brandon maxwell. in part, that is simply because it was such a surprise. you know, i think one of the things that she does quite well and that one of the reasons why people are sort of eager to see what she's going to wear is because she doesn't just go with design houses that have been around for decades. she doesn't go with sort of the tried and true vetted designers. brandon maxwell hasn't even been in business really for more than a year. jason wu, who she wore twice for her inaugural gowns had not been in business very long when she first reached out to him. so i think that's really nice to the see. because she really is supporting

small businesses in the true sense of the word. >> robin, thank you for your time. >> my pleasure. >> again, watch the state dinner for the italian prime minister tomorrow starting at 6:30 p.m. eastern on our companion network c-span. >> c-span. created by america's cable television companies and brought to you as a public service by your cable or satellite provider. now treasury secretary jacob lou testifies before the house financial services committee about the u.s. economy and the stability of financial systems. secretary lou provides an overview of the financial stability oversight counsel's annual report. from last month. this runs just under three hours.

>> the committee will come to order. without objection, the chair is authorized to call a recess at any time. this is for the purpose on of receiving the annual testimony

of the chairperson of the financial stability oversight council. i now recognize myself for three minutes to give an opening statement. with today being the official start of fall, it's disappointing that the financial stability oversight council has delivered the equivalent of a summer rerun, its 2016 annual report is basically identical to its 2015 annual report, breaking little new ground and adding little new value. fsot charged with risk to our financial stability continues to mention only in passing housing reform and the substantial risk that fannie mae and freddie mac, institutions at the epicenter of the last financial crisis, pose for precipitating the next. further more, since the advent of dodd/frank we are losing on average one community financial institution a day in america as they are crushed by federal regulatory burden.

the big banks have only grown bigger. banking system consolidation can clearly contribute to heightened risk, yet there is absolutely no mention in the report of federal regulatory risk by dodd/frank, a glaring emission. yet the most scandalous remain's the conspiracy of silence regarding the existential threat posed by america's unsustainable national debt and our staggering unfunded obligations. since president obama came to office, the national debt has increased by a mind boggling 84%. the congressional budget office noted in a recent report that the president's 2017 budget would add nearly $7.5 trillion to our publicly held debt, equivalent to $59,609 for every american household. cbo recently won such high

rising amounts of debt have serious negative long-term consequences for the economy and could strain future budget policy. on this, again, fsot remains silent and thus its annual report loses credibility. although the annual report is disappointing, this committee's focus must remain on fsot's frightening and unlikely constitutional powers. fsot open-ended and standardless sifi designation process clearly gives federal regulators broad license to concentrate immense economic power in their own hands. the designation authority is taking our financial system regrettably one step closer to the a government-controlled utility model, a model where it will allocate to classes at the cost of our freedom and prosperity. this must change. finally, the highly a little bit sized structure are emblematic

of a shadow regulatory system. it is so important that last week this committee favorably reported the financial choice act. it will help bring about economic growth for all in bailouts for none. it will end bailouts once and for all by removing fsot's ability for too big to fail firms and replaces bailouts with bankruptcy. it would protect our financial system with high levels of loss absorbing private capital and impose the strictest fines on financial fraud and focus its mission on the sole task of monitoring emerging threats to our financial system. it is up doubtedly a better way forward. and now i yield five minutes to the ranking member for an opening statement. >> thank you very much, mr. chairman. secretary lou, thank you for

joining us today to discuss the financial stability oversight counsel's 2016 report. last week, the u.s. census reported median household income by 5%, the largest increase in percentage and dollar terms since the government began tracking this data nearly 50 years ago. the census bureau also reported that the poverty rate declined by 1.3% points and that the number of people without health insurance in the united states declined by 4 million. all told, our progress is rather remarkable compared to where we were eight years ago. when during the last days of the bush administration we were shedding more than 700,000 jobs per month. and millions of people were being displaced from their homes. but make no mistake, we need to be doing more, especially to

address the wealth gap and particularly for african-american and hispanic households whose spheubg security was devastated by the financial crisis. unfortunately, however, there's an unnerving sense of amnesia from my colleagues on the other side of the aisle about the dark days of the crisis. here we are eight years after that devastation and more than six years after dodd/frank became the law of the land considering the same harmful reregulatory proposals that would undo the critical progress we have made. just think about this. two weeks ago one of the largest banks in the united states, which was supposedly one of the most well run was found to have opened more than 2 million unauthorized deposit and credit

accounts for unsuspecting customers. this is a massive of historical proportions which begs the question, what further reforms may be needed. yet in this committee the answer is deregulation and more opportunities for wall street to right the rules of the game. and like the consumer financial protection bureau, fsot is on the front line of those attacks with wall street reform, we created the fsot to look across the entire system, identifying gaps that may exist between regulators and action to prevent another meltdown. no longer would we allow banks to shop around for the weakest regularity or move money around the globe to escape regulation. we saw how effect i the fsot can be in preventing companies from

going too large. general electric tore rat capital vol agreed to shrink itself and sell off its consumer financial business returning to its roots as an industrial company. it is now smaller, safer and less likely to cause risk to the rest of the financial system if it becomes. it will share its important designation and the higher regulatory standards that came with it. what this means is that wall street reform is working as it should. the system is creating incentives and shrinks itselves and ensuring companies like ge renew their focus on creating jobs in the real economy. yet despite this progress, my colleagues on the opposite side

of the aisle are intent to dismantling the fsot. the bill received bipartisan opposition last week. this harmful legislation would strip the fsot of its ability to designate nonbanks for heightened sprgz, repeal large complex firms like aig. this bill and others will put wall street back in the driver's seat and leave consumers and investors to fend for themselves rather than continuing this commit its focus on harmful rollbacks. we should be exploring how we can do more to prevent scandals like the one at wells fargo. so i look forward your testimony, secretary lew, on the state of our financial markets and what we need to keep doing to prevent a repeat of the financial crisis.

thank you, mr. chairman, and i yield back the balance of my time. >> the chair recognizes the gentleman from mr. texas, chairman of our financial institution subcommittee for one minute. >> thank you, mr. chairman. ensure the stability of the u.s. financial system and to identify future risks to the system. it was given authority to designate banks and nonbanks alike for high regulation. i believe, however, it also has the responsibility to ensure that the recommendations and designations are appropriately calibrated and provide sufficient clarity to the marketplace. today it has failed to live up to its duty to be a responsible federal agency. it has failed to exercise its authority under section 115 of dodd/frank. in the office of financial research, $50 billion banks

aren't systemically important. and to implement fair, transparent and measured process with nonbanks is statistically important. the determination process is fatalitily flawed. yet fsot created uncertainty by appealing this legal ruling. third and finally, the fsot regulatory protectionism has failed to identify market concerns like those scene with liquidity traits in the bond markets. i hope today we will hear answers to policy questions stay of the usual talking points praising dodd/frank. >> the time of the gentleman has expired. the chair recognizes the gentleman from tphplg injure, mr. garrett. chairman of our capital market subcommittee for one minute. >> thank you, mr. chairman. mr. secretary, good to see you again. i understand that you are a tough man to nail down to get to this hearing today even though

it is the rule of law. i guess i would be too if my job was to come here and try to defend fsot. so, you know, we're starting to get a point of a tenure where people turn to talking about legacy and what you all will be leaving behind. the obama administration's legacy will be remembered by what? secrecy and continued refusal by the administration and especially you, to answer the most basic and simple questions to provide transparency so this committee, to congress, and most importantly, the american people. it is not just the legislative branch. the recent court decision invaliding metlife is a reminder to all of us we live in a system governed by the rule of law, mr. secretary, and not by the law of bureaucrats. i look forward to some of his answers today. with that, i yield back. >> time has expired.

we welcome the testimony of senator jack lew. he need no further introduction. without objection, your written statement will be made part of the record. and you're now recognized for five minutes to give an oral presentation of your testimony. thank you. >> thank you, chairman, ranking member waters, members of the committee. i appreciate the opportunity to testify today the regarding the 2016 annual report of the financial stability oversight council. we just passed the eighth year anniversary of the collapse of lehman brothers. this date provides a grim reminder of the most severe financial crisis of our lifetimes. but it measures the tremendous progress we have made to make a safer is and more resilient system to support long-term economic growth. we worked together to put in place the most far reaching system since the great

depression. wall street reform consumer protection act put in place new consumer investor and tax payer protections and restoring confidence in our nation's financial system. today the success of these reforms continues to be reflected in a long and stable economic recovery. we have cut the unemployment rate in half. our economy is more than 10% larger than its prerecession peak. u.s. businesses added a total of 15.1 million jobs since job growth turned positive in 2010. and our financial system is safer and more resilient, providing the critical underpinnings for a morin collusive long-term growth. recent census bureau data demonstrates that significant strides have been made. the nation's poverty rate is down hispanics and african-americans. household incomes are rising with 2015 seeing the fastest

one-year growth since the census bureau began reporting on household income in 1967. recent enforcement also remind us of the yon going need for robust protections and that that need is very real. without a strong consumer watch dog, the financial system can be dangerous for consumers and businesses alike. indeed, one of the most important lessons of the crisis was the need for financial regulator dedicated to looking out for and protecting consumers. the last financial system had at its core abusive practices that should have been prevented. the only regulatory agency focused solely on consumer financial protection. it is designed to ensure that products and services are fair, transparent, and competitive. and it has been fulfilling this mission actively and well. the conduct that led to recent enforcement actions, again,

underscores the importance of finalizing strong, sensible, executive compensation rules, a central component of wall street reform. moving forward, it is critical we continue to build upon the success of wall street reform and create a framework for responding to risks that arise in any part of the financial system. rather than regulating purely in reaction to crises, they established a forward looking approach looking for risks presented my markets as a whole and by types of activities whether they're conducted. . the financial stability exemplifies this approach. previously, financial regular gators too often operated in silos. there was no agency or group specifically charged with collectively monitoring and maintaining stability. for the last six years, fsot brought the entire community together to be on watch for signs of vulnerability and to respond to emerging threats to financial stability before they

turn into crises. today the council continues to benefit from the diversity of expertise and perspectives of its members. council has been open-minded and deliberate in its approach, regularly engaging with stakeholders, frequently updating the public on its views and actions and remaining careful to avoid a one size fits all approach. and always asking important questions and looking to the data and analysis for answers. before i discuss the couple's finding in the six account annual report, it is worth noting the report's significance. the appal report serves as a key mechanic kitchen for accountability and trance seurpbt i issues outlining the counsel's priorities and a road map for the year ahead. it is the product of extensive data analysis, key risk areas, recommendations to mitt goes the risks. it includes a statement signed by each of the counsel's 10 voting members that affirms all the issues and recommendations

in the report should be fully addressed. the counsel's 2016 annual report focusing on 12 key areas, the topic of discussions the past year. these areas include cyber security, risks associated with asset management products and activities, reforms to wholesale funding markets and global economic and financial developments. each year it cites progress made and if necessary the need for further action on the part of members and member agencies. cyber security remains a key area focus for the council. in response to increasing threats presented by cyber attacks, the u.s. foreman sector will improve security across the system. efforts to include greater information sharing, and analysis and establishing private sector best practices for assessing risks. the report makes several recommendations for building on this important work. the administration remains committed to staying ahead of this issue. we look forward to working with both the council and congress as we continue to address it.

the council is focused on potential risks to financial stability opposed by asset management products and activities. as these products and activity thes represent an increasely important part of the u.s. financial sector, council will continue to evaluate their implications for financial stability. that end in april of this year, we published an update regarding the roux of potential risks in this area, in particular focusing on liquidity, redefinitely sun and liquidity risks. analysis and engagement with key stakeholders. our work in this area is yon going. we plan to provide timely updates as our analysis continues. let me close by saying that in the ahead, it is vital that we remain sreupblg tapblt to ensure we do not return to the precrisis way of doing things. looking narrowly at jurisdictional lines by the kin