>> anyone else on the panel want comment on reasonable and what that means, the context of what you do? there is a whole custom and practice of the trade that you want to look at based on the risks you identified. >> is that a good starting point? >> i believe so. >> did you have something? >> yes. the word reasonable was what caught my attention. section two of the bill. reasonable measures and procedures by information security. even though it is only been five weeks since her major data

the estimated cost have reasonable defenses, and protection of sensitive information. from a few million dollars to as high as $50 million. these figures from other studies get saved. approximately $100 for every identity stolen. we have 310,000 stolen. is 310,000 times $100. the question i think mr. maldon raised, an excellent question, whose shares in the responsibility for protection? it will bankrupt most universities to spend 20-30,000,000 dollars when there

is no guarantee any way. it is something that should be shared worldwide laying -- worldwide. take one example. social security numbers. social't we do you value security numbers? why not require financial institutions not to use social security numbers? so there is no incentive to steal them? if one doesn't do that, one shifts the costs to higher education institutions. it is a balancing between risks and costs. all i can tell you is that the cost can be staggering. even then, all of the experts we have retained are telling us there is no 100 person guarantee. >> i want to add a few words from the perspective of the

federal trade commission. we believe reasonableness is the right approach. given the different types of companies that we have jurisdiction over, we think it is critical to have flexibility and a fact specific approach. we understand the challenges that dr. low has identified. going back to your question, one area where we have is a connection with identity theft. that task force was set up under the bush administration. we have made a number of different enteral agencies recommendations about how to deal with issues and things such as social security numbers, minimizing the id theft. i think it is a complicated question. there are many things the government can play an important role. are other things

that need to be examined in the way personal information is being utilized. lex thank you. -- >> thank you. that philosophically and realistically was an interesting discussion. it gets back to something i talk about as often as i can. country is willing to get serious about infrastructure, cyber security, to 200,000 pound water tankards 75,000 max pound bridges so they can build a platform.

if we don't have the infrastructure, which is research, nih, alzheimer's, everything. roads,e hard stuff, the we have been through five lines in west virginia. nobody knows where they are. they carry gas. somebody goes into building house, and breaks through five layers of five line nobody knew were there. at some point there is no sense of forgiveness. to be a serious country, continue to be a serious country, we have to do infrastructure. we have no choice. said are you for raising

the gas tax, i would say yes. i believe in user fees. i always have area and if you have an objective you want, you want to bill rhodes, then you do that which is necessary to make it happen. if you choose not to, your ideologically pure, you win your next election, and you decline. or people make the conclusion as spill foron our water which there was no federal regulation whatsoever, of which i was probably responsible because i was governor for eight years. but did nothing about it. responsibilityke , you have no future. bottom ofto the very

what divides this country. it is not republicans and democrats. roy blunt and i have been friends for years. he likes me, and i like him. things work. but, you have to be willing to raise taxes. to pay for things where we are eons behind. modern bridge structures. the list is endless. you want a good way to find out where a good standard is, you go to nist. he will do it fairly and at low

cost. to dr. low, who runs a university, which does not have endless amounts of money, i am full of sympathy. away as a senator from being part of a solution to his problem. that is what we are doing here. we are walking away year after year from being part of the solution. if you want good infrastructure, you have to pay for it. if you're going to pay for, you have to raise taxes. the question is how do you raise taxes? then you get into the one percent versus the regular. then that becomes a lot of talk. you get the infrastructure, or you don't. if you don't, your future is dead. it is interesting when the

president called rush an important regional power. angry at must've been that. it was accurate as of the size of his economy. because of what they have not done over the years in projecting power and toughness. they have not build things up. my son-in-law lives there. he knows. dukakis gave that. that is my editorial. we improve this country. the way we help dr. low. the way we help everybody. we're in this together. we have to share responsibility. we are all to blame. we are in the habit of being comfortable. we are in the habit of thinking the world is as it was 30 years

ago. it is totally true. make it tougher on us. i'm not running for reelection. it is easy for me to talk like that. i shouldn't run for the job. so, that is just my thought. i've got over my time. senator markey has been here. he doesn't like if i go over. i'm just going to ask my roy and, and hope for eggs forbearance. this is for you. according to press reports, attackers game access to the thing we have discussed already, does target required any particular level of security of

its third-party vendors? >> we do assess the inherent risks of our third-party vendors. process for doing so. >> i'm not sure what the answer is. >> we do. we have standards. we have an audit process to ensure they are meeting them. , not all ofevil them are in force question mark -- >> a lot of people, not all of them are enforced? less often.te but to any third party vendors have access to point-of-sale systems? >> anyone who has access to her point-of-sale network has the same standards that would apply.

anyone, our old team members, or technology contractors, they would apply similarly. rhetoric ofthe attention and auditing. but not necessarily the fact of it. one can still get away with rhetoric in this country. one can get on the evening news with brilliantly sculpted rhetoric. it doesn't mean you are doing anything. i just threw that your direction. you are not a media hound. i'm not accusing you. --ould've i knew my obvious i would've i knew my audience better. at the same time, who had target was ultimately responsible for the company data security? >> we have multiple teams at work upon data security.

at the time of the breach, various elements reported to several executives. >> that worries me. former cio. i want to make sure she doesn't get run over by a bus in this discussion. it is true that target has been divided up as you indicated to a variety of staff. not under a cheap information officer. what i'm getting at in the future is that at some point, the ceo and the spurs have to accept responsibility of what has happened. that is why i mentioned with data breaches, they reported to the fcc. there was no law.

i did the same thing both call minds. we have a lot of coal mine disasters. killed, itmebody is has to be reported. it is helpful to investors and shareholders about their decisions. i believe in responsibility. i think it has to come down to a point. be the ceo. has to wherevercan scatter you want. i have talked too long. now i have to figure out who got here first. roy was here first. senator blunt, i'm sorry. the thing he talked me into doing was codesharing with him and effort to be sure we understood what the alternatives

are out there. i wanted to know it or not, i needed to know it. once again, he figured out something that was better for me than i probably thought it would be. thank you all for being here. long afternoon. hasn't been said it is ok to repeat it. set this hearing up, there were 46 different requirements to comply. there may have been more than that. there were at least that many. , a yes orn is simply no question. do you believe that a uniform for datastandard breach notification would benefit consumers? yes or no is all i'd like to have. >> es.

-- yes. >> es. -- yes. >> yes. >> that's what i think. hopefully we can figure out how to do that. i think the attorney general recently called for the uniform standard as well. hopefully the congress can accomplish. at the time of the breach, was there more than multiple data in what happened in target and the last part of laster? >> two types of data was removed early in december. 19, 40ember, december million credit card account numbers have been removed from our systems.

providedon january 10, notice that certain personal information included names, address, e-mail and phone number , and various combinations, had also been removed. this, youher stand had all the information for all 40 million people? >> that is correct. it would be relatively simple process. there was at least 12 million of the records, and likely more than that. know who that related to, is there a new -- who could you have notified if he wanted to notify an individual customer that the

card had been shared in ways you wouldn't have wanted? , we have thenature best way to notify customers was broad disclosure. we did so on december 19. again related to the personal data. we augmented that public disclosure. we e-mailed 17 million guests. in the second case, 47 million guests. >> how did you know who they were? >> we had their e-mail addresses. >> for everybody in your particular file? >> is for the 70 million records

. >> for the 47 out of the 70. what did the chairman saying? set, a of security was does about the company -- your company require any level of security for the merchants who use the sub? are you changing with that level of security is? >> yes, we do require a level of security. it is the level embodied in the pci standards. we require large merchants that provide a validation by an independent security assessor. that is what we have in place today.

the pci council administers the standard and would review it periodically. >> have you given notice of a new level of standard you want merchants to have by sometime in 2015? >> there are two different things going on. one is the security standard. how they cure the data in their environment. theother is the d value of data in their environment so they would no longer have valuable data be targeted by fees. the standard for october 2016 is for these emv chip cards. the card actually sends a one time use signal. even if you steal all of the data, relative the card, it can't be read used to commit fraud. the standard for 2015 is to implement the emv standard by placing emv terminals in the stores. and outfitting them with the proper technology on the back end. failing which, the merchant would be liable for the fraud if

it is used in the terminal. >> my last question to you. do you believe there is any benefit in congress in the law trying to specify exactly what the card standard should be? law, you would have to have a chip in the card. is that a good thing or unhelpful? >> generally speaking, i would say that our success across the world has been through the liability shift mechanism. it allows flexibility in the different merchant environments to move in that direction. lex liability shift means that no secure things, they would have a higher liability as a merchant. >> that allows them to set the pace of their transition. >> we believe that should be effective.

we have seen over and over again across the world. i hesitate. we would like to get out of the the few ourselves, but governments that have tried to mandate technologies and other parts of the world, they tend to have unintended consequences that make it more difficult to move forward with new types of technology that can leapfrog current technology. >> anybody disagree with that? was the thieves, the hackers would always be more nimble than the congress. we prove that on a regular basis. if you are too specific in law, all you do is create a roadmap as to what you have to do if you want to break the code. agree.s going to we believe that a flexible

approach is the right way to get through. >> thank you. have made it back. >> i have made it back. i have a reprieve on my presiding. i felt this hearing was important. >> so i had the pleasure of putting you in front of senator markey. senator blumenthal was here. >> thank you. leadership inyour convening this hearing. thank you to the panel. i feel this afternoon is in a certain way and missed opportunity for all of us. we've been bouncing in and out due to the votes and our schedules. this panel contribution has been very useful. i think it could be even more useful. i'm going to submit additional questions for the record that perhaps you can address.

speaking of missed opportunities, the report done staff performs extraordinary service and backdropan excellent and summary analysis. opportunities,m missed opportunities. unfortunately, they were failed here. me one of the to truths that senator blunt was alluding to. the best technology in the world is useless unless there is good management. blunt, there were multiple warnings from the company. a were missed by management. maybe because of lack of

a sense of confidence, complacence. theautomated warnings of signals that should have an indication not only of intrusion but the need for action were missed. cost.as created enormous better management has to come with better technology. take it by your silence you are agreeing. the other area that has not been too star far is the notification. breach occurring on 11-12, november 12, happened well

notification to consumers. was in a lot of timelyrs, was there enough notification here? what can be done to improve that in the future? ms. mulligan first. and press the others by what you think about the timing and the notification. first, we identified malware honor system on this ar-15. >> should you have discovered it earlier? >> that is a reasonable question.

it is asking a lot of hard questions. simply thatst state there should have been earlier discoveries. whether you could have prevented the intrusion and stopped it a subjecthat may be of debate. it should've been discovered. and notified. >> we are understanding that. our team assessed them. they assess hundreds of alerts every day and may judgments based on those. given the circumstances we identified the malware on december 15 and provided public notice four days later. we were very focused. on speed, and doing so quickly. >> thank you.

perspectives, prompt notices are critical. we understand it is important for companies who have been victims of a breach incident to assess what transpired. receiveitical that they accurate information. it should be 60 days at the upside. of course, it is critical consumers have an opportunity to protect themselves if their cremation has been exposed. >> i want to thank you for your answers. my time has expired. i'm going to yield. i want to follow-up on this question of notification. ofbody can be a victim hacking.

or intrusion. should in any way delano codification -- in any way delay notification.y the ultimate cost often is borne by those consumers. >> in terms of the suffering and the pain, even if they are told monitoring, or they get insurance. target has cooperated with my office and with this committee. i want to thank you for the comment you made today. >> thank you.

i don't how you pulled it off. that.t you clearly care. we are grateful you are coming back. markey.reated to edward >> the university of maryland decided to provide five years of credit protection at your school. how did you determine five years was an appropriate time? >> we announced within 24 hours. quickly, the way most it is communicate is by social media. >> why the five years? that wewere complaining initially offered one year. they said one year is not adequate. >> what was your conclusion? >> i think they are right.

it will cost more money, but it is the right thing to do. >> why? >> why is it the right thing to do? because it did happen. it is our responsibility to provide protection of our sensitive data. senses --ry strong but they were penetrated. that is no defense. we decided to up to five years. they have offered one year credit services. my concern is the same. one year is to brief a time given the compromise of this information. why did you choose one year and not have a longer time? consistent with the risk

consumer now runs. >> we certainly evaluated this. entitiesd out to other who had some role -- similar instances. one year would provide appropriate coverage. we have not received the same feedback. we have not received that feedback. if we did we would reconsider that. importantly, part of our coverage is that you have access to a specialist ongoing. that goes on for ever. >> my concern is the situation has been compromised. one year is just an arbitrary time to select that it can be if it comes back to haunt the individuals whose information has been compromised. time makes more sense.

i also understand that credit [indiscernible] maintaineddit files by trans union and aqua facts. with free monitoring of all three reports provide consumers with better protection following the breach? >> we reached out to several other entities when similar situations. they had a product that would work well for our consumers. it offered identity theft production, identity theft insurance, and the ongoing fraud access that was particularly important. we will with their particular product. wax i would suggest you look into a broader group of

companies here. credit monitoring may provide consumers with a false sense of security. these services open new lines of credit. they do not watch for day to day on authorized charges on your credit card. tol us what target is doing help consumers with that problem? >> that is an excellent problem. this is impacted them. we try to provide tools, communication. we have one spot on our website that provides all the information to them. all with the focus to keep them informed about the information we have. >> ms. mulligan, what steps are

you taking today to ensure that better ways of ensuring data keep up with new payment technologies? the dmv technology is a major improvement for repayment security. that is something that data guard is interested in. our commitment is to help our customers have the identity technology they need to provide strong layers of security in a mechanism. one of the things that is key to understand is that the malware has changed the way it operates in the last several euros -- several years. networkel to overtake a administrator, and move freely is a very different security risk than what we are dealing with 4-5 years ago.

trying to educate the industry, that help companies understand risks, that is what we're trying to do. >> what we suggest is this. that it doesn't make any sense for the congress to mandate specific technologies. do ist does make sense to to say to industries that you have to keep up with the changes. if you don't keep up with the changes, you are liable. to say that any of this is a surprise, it is just to say you're not keeping up. so, the chairman to call a hearing of the 5-6 smartest young geeks in america and make it explained to this committee. 5-6 inth is that the each one of your companies should be having that meeting

right now. these are the changes, these are the recommendations. up.law requires us to keep we'rei keep saying surprise of the changes, you haven't kept up. it doesn't mean that younger people in organizations have kept up. it should require a standard. if you don't have a radio on boat in 1900, you're not derelict. in 1920, now you have a problem. you can't say i didn't have one. that's not an excuse.

you have to have known that a .uy named marconi came along young people have these devices now. there was a storm coming. you just can't exempt yourself from liability. that is the challenge here. that is why senator blumenthal and i introduced legislation to give the federal trade commission greater authority. they can acquire these security measures to be put in place. that consumers receive immediate notification of any breach that occurs. it is important for us to act this year. this has been occurring over and over. t.j. maxx is in my old congressional district. they had a similar breach in 2007. it is not as though this doesn't keep happening over and over

again. we keep treating it as though it is a huge surprise. inator blumenthal and introduced the legislation to help accomplish that goal. we'll really have to deal with the issue. i think you. >> good questioning. i would like to be part of the bill. >> your staff was the first to receive a copy of the bill. >> good. important point. we measure everything based upon what it was. us from thesolves responsibility of saying what it might become. important question, whether you're talking a national security, anything, what it might become.

that is why we are constantly .urprised the painful memory of the boston marathon, i'm not sure what the teaching of that was. act.was a traditional we have something we should've known that there have been advances in technology. this job is not to say exactly what it should be for this month , next month to be. that will reach many people who will object. it is a good example. where the russians have given information about the suspects. the technology had worked. of what to doment

with the information. the technology is something that .ow is available younger people of course are familiar with it. to spend the money? do you want to spend the money to keep up with the technological arms race that you necessarily have to because it in the electronic era that each of these companies are embracing. you can think of that as a loss. you now have to suffer because you have to build security. you have to think of as a necessary investment. we are not accustomed to that pattern of thought. what it is there for. you missed my speech on spending money on infrastructure. i will not paying you with

repeating it. you already agree with it. >> we are passing a transportation bill? >> don't tease me with that. this is been an interesting and frustrating hearing for a couple of reasons. it is a complicated subject. the ftc. the president university of maryland. staff.er chief of and, you all have great experience. but we are under the structure of time is running out on us. are we going to have the time to peoplee people, young

who are already knowledgeable. will it be in a jays to go -- will they be energized to go into the fields? to help you. it also makes the point that i made earlier. there is more reason there for it to happen. ultimately, whether you're a and -- or the present the president of a company, it is not just holding on to your job. it is how you do it. how people assess it. somehow america always muddles through. it is not a pretty sight.

you have been fantastic. you have been alert. you have been help will. you put up with our absences. we have nine votes. that is not fun for us. we have nine judges. that is a wonderful thing. for america. you,t profoundly thank each one of you, for being here this long. i'm feeling guilty about you. would you talk? [laughter] >> i will decline your kind invitation. >> it is a perfect opportunity. nobody will get up and leave. [laughter] say something on your heart that you want to say. government has been out front of the bulk of

industry and the nonpublic sector in identifying the significant laces and cyber security, prodding the non-sector to accelerate the pace of them and they are showing. you have done in this committee. >> we have to get iraq together. no question. we are all part of it. part of the future. part of the past. i have nothing wise to say. i will in this hearing. i don't tend to bang a gavel. i think that is kind of showmanship.

it is at an end. you are free. [laughter] you have our great gratitude. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2013] lewoman from california, ms. speier, for five minutes. ms. speier: madam speaker, thank you. last week, as the world watched in disbelief, the trial of brigadier general sinclaire concluded much as it began, flawed and unjust. even with the world watching, the military once again demonstrated its outright incompetence at administering

justice. brigadier general sinclaire walked out of the court a free man even though he had plead guilty to these charges. he plead guilty to an inappropriate relationships with his accuser, an inappropriate relationship with another female army captain, an inappropriate relationship with a female army major, possessing and displaying pornographic images and videos on his computer in afghanistan. he plead guilty to using a government-issued travel card for personal purposes for a trip to tucson, arizona, and a trip to fort hood, texas, to see his mistress. he plead guilty to attempting to start an inappropriate relationship with a female army lieutenant. sexually explicit communications with a female army major, requesting and receiving nude photos and a

sexually explicit video of her. he plead guilty to vulgar language to describe female staff officers, impeding an investigation and adultery with his accuser. again, these aren't the charges the judge found sinclaire innocent of, but all of the charges sinclaire plead guilty to. his punishment, no demotion in rank, no forced retirement, no jail time. instead, a small fine that he will pay with his generous taxpayer-funded pension and a potent message to those that are thinking of coming forward. you will be dragged through the mud and you will be punished, not the perpetrator. a civilian would have been fired. the misuse of government funds and the gross misconduct by general sinclaire, who plead guilty to all of those charges, should have been more than enough to fire him.

you know, i would like to say i was shocked by this unconscionable decision, but after working on this issue for three years, i have learned this pattern is the rule, not the exception. whether the army intended it or not, this was a high-profile test case for whether the military can hold its highest officers accountable for committing serious offenses. it failed. the military seems to be determined to make our point for us. the current military system of justice is incapable of meeting out justice in an impartial and effective way. when sinclaire was challenged his staff for his conduct and remarks towards women, the general replied, i'm the general. tiff, de-- er, exme

epletive, deleted, i want. he's right. even violent crimes against women are condoned and at times even celebrated. in 2010, a skit was performed for general sinclaire's benefit where a soldier wore a wig and dress as a female officer and offered to perform oral sex for the general. this skit was performed in front of the general's wife and more than 500 people, and yet this gross performance of general sinclaire's sexual misconduct was no cause for concern at the time. until these cases are taken out of the chain of command, the reality and perception will continue to be that the military justice system is tainted under command influence and is inherently unjust. the american people look at how this case was handled and see

that a commanding officer, without legal expertise and a built-in conflict of interest is not competent to prosecute serious crimes. it should now be clear to everyone in congress that the military is incapable of holding perpetrators accountable. it is our duty to reform the system, which we created in the first place, not the commanders. whose legal training and built-in conflict of interests have proven to be so ineffective. this case is an embarrassment to the military, but frankly it's an embarrassment to congress. when will we be willing to say enough and do our duty to protect our service

oversight committee questions the irs commissioner about the treatment of applicants for tax exempt status. a senate hearing on security breaches at retailers that compromise consumer data. >> one thing that didn't become known until the late 1980's, through some file in the freedom of information act, something that had taken place from 1940- 1966. the fbi had a formal relationship with the american legion. acted as informers for the fbi in their communities.

and regulate file reports with the f b i. the americans had no idea that kind of informing was taking place. they were untrained informants. >> 1971, a group broke into and if ai office in pennsylvania and still every document in the building. the story sunday night. >> dear congress. our names are shelley ortiz, hannah could. we attend an art school. throughout the years we have encountered a handful of friends -- emotional distress for those individuals. >> when i look back on the incident that took place in tucson, the tragedy where i was

shot, the young man who did them,shootings, who shot had the symptoms of mental illness for at least two years before that time. >> the winners of the student cam. watch the top 21 videos starting tuesday. see all of the winning documentaries online at student cam.org. >> a government panel has completed a report on how the energy department handles nuclear stockpiles and works to prevent nuclear proliferation. the office of that report testified about its findings and the proposed reforms at a house armed services subcommittee hearing. congress mike rogers shares the hearing.

it makes a big difference. we appreciate you. the topic, are hearing is a topic over the past several years. the national nuclear security ministration. workuld hear the ongoing on the nuclear security enterprise. this was created by the fiscal year 2013 national authorization act to take a look at the long-standing problems within our nuclear system enterprise system of management and oversight. eyewitnesses today are the distinguished cochairs of the panel.

i want to thank you for your service and for being here. i understand your testimony will focus on the panel fact-finding efforts today. and provide us with a comprehensive illustration of the challenges we are facing. the subcommittee has been looking into these problems for a long time. i believe you help us clarify and assess the problems as to why efforts to remedy them have failed. there is a widespread recreation of thee current system nuclear security enterprise is broken. as the conferees stated, congress believes the status quo is not working and must not be continued. changes in the margins are not a solution. recognizing the nuclear security enterprise is broken, and pray wes efforts have failed, look to your report for innovative solutions to these

long-standing problems. importantly, solutions must not personalitiespon to be successful, and must repeat the mistakes of the past. let's assure we all leave here with a clear understanding of the magnitude and complexity of the issues facing the enterprise him and the national security imperative of getting this right. thank you to the witnesses. and look forward to your discussion. mr. cooper. >> thank you. i would like to welcome our distinguished witnesses. i appreciate their service to our nation. in particular, they're chairing of this important commission figure out how to improve the work of the nsa. i have no opening statement. i would like to have unanimous consent for backer material on the hearing record. thank you.

i ask each of her witnesses to make an opening statement. mr. augustine. >> [inaudible] >> go ahead and deliver the whole thing if you would like to. your mic is not on. >> i never was good engineering. for theu very much opportunity to present the findings to date of congressional advisory committee on the government's nuclear security enterprise. i have served as a cochairman. lettuce state that the current -- letter state the outset is not in question. at the same time, the existing

government structures and practices are most certainly in addition in some instances ineffective. putting the entire enterprise at risk. the panel has focus attention on the nuclear security administration. both in the headquarters of the field, including laboratory in nevada national security side. we've examined the current situation from the perspective of the national leadership legislative and executive branches, the perspective of ,ustomers such as the nsa intelligence community. we have benchmarked the nsa against proven management approaches used by high-performing high-technology organizations in the private sector and in government. the panel's work has relied on our 12 members -- decades worth

of experience dealing with nuclear in a prize issues. we have revealed pages of previous studies we have , and wed on-site visits have benefited from the testimony of a dozen expert witnesses. we particularly we appreciate her colleagues on the panel as well as the candor of those we have interviewed. we will summarize our panel's findings on the current health of the nsa and the root causes of the challenges we will cite are only now beginning to formulate our recommendations our finalll provide report. unfortunately, the unmistakable conclusion of our fact-finding, as implemented, the nsa experiment involving the semi autonomous organization has failed.

has notent structure established the effective operational system that congress intended. this needs to be fixed as a matter of priority. these fixes will not be simple or quick but they need to recognize the systemic nature of the problem. that we havelaws found, there are numerous examples of success in nsa adventures. they have succeeded in our nuclear deterrent and advanced on behalf of nsa scientists and engineers and produced and dramatically increased understanding of our aging nuclear weapons stock higher. are providing a solid support through nonproliferation efforts and unique expertise to the intelligence community. the naval reactor organization continues to provide world-class and the development

of the support of the most capable nuclear propulsion systems to be found in the world. as a whole continues to struggle to meet fundamental commitments. to the point it has lost credibility in the trust of the national leadership, customers and dod to deliver weapons and critical nuclear facilities on schedule and on budget. simply stated, there is no plan for success with available resources. nsa's on a trajectory towards crisis unless trying leadership arrests the current course and better focus is on mission priorities and deliverables. at the root of the challenges our complacency and loss of .ocus the national leadership has provided strong policy statements and substantial sums ismoney, the enterprise

evident that follow-through has been insufficient. opus is ass current welcome development. over the decades, this has changed and translated into the absence of a widely except did understanding of and appreciation for the role of nuclear weapons and nuclear technology in the 21st century with the result of well documented and atrophied conditions of lance for the strategic deterrent future. that is at the dod as well as the doe. this has been reflected as a lack of urgency and a respect for the compelling mission that they face. the earlier reviews have concluded and this panel endorses that this is no time for complacency about the nuclear deterrent. america's deterrent forces remain of the utmost importance to provide the ultimate

guarantee against major war and coercion. our allies depend on these forces and capabilities for extended deterrent and to pursue their own nuclear capabilities if they perceive the u.s. commitment or competency is waning. our countries carefully measure resolve and technological might making their own decisions about proliferation and nuclear core sizing. something wece is cannot afford to lose. we, along with our allies, are in a complex nuclear age modernizing the arsenal with withtechnology emerging new potential actors as well as regional challenges raising significant concerns.

the technical work is rocket science but the management and cultural issues or not. in the case of the latter, the situation is not easily rectified. what is needed is to issue clear plans, provide sufficient resources for success, assign responsibility along with the ,ecessary authority consequences and provide strong and accountable relationship at all levels focused on the mission. the panel believes such reform demandible but it will determined and sustained high-level leadership. the changes we recommend will undoubtedly be difficult to implement regardless of where the enterprise is located within the government structure. problems areal cultural more than organizational. organizational change, while not unimportant, is only a small portion, the easy portion of the

revisions that must be made. previous efforts to reform and previous studies calling for action have largely failed due to the lack of leadership follow-through, lack of accountability, lacking change. we might add the lack of sustained top-level demand for change from the national leadership. the department of energy by itself would be challenged to oversee radical steps in what we needed. success is imaginable only with the knowledge of a secretary supported by the white house and the congress. removes thee that mission priority, the panel believes that the enterprise today benefits the political leadership of an engaged secretary of energy in the strong science and engineering of the national laboratory system. administration since president eisenhower has reaffirmed the need to maintain a credible nuclear deterrent

with a safe, secure, and reliable commitment focused on the entirety of the nation and the enterprise charged with this execution has been lacking since the end of the cold war. as evidenced by the condition that the enterprise finds itself in today. the nsa will fail to act with systemicnd five disorders have taken root that we found to be a part of the program. >> chairman rogers, ranking , let me add my thanks as well for being here today. my remarks are intended to provide some specifics on the panel findings within the

context of my cochairs overall characterization of the health surrounding the enterprise. we have identified five systemic disorders which results from the fundamental causes outlined in norms preceding testimony. the causes and the disorders are inseparable. all, can be traced back to national complacency. the lack of a compelling national narrative and a widely accepted understanding regarding the role of our nuclear deterrent in this century. today, i would like to offer a synopsis of the panel's key findings specifically focusing on the five systemic disorders we have identified. , the loss of sustained national leadership focus. since the end of the cold war, we have experienced significant erosion of our abilities to

sustain nuclear deterrent capabilities for the long-term. the atrophy of our capabilities has been well-documented in numerous reports over the past decade. the fundamental underlying cause of this erosion has been a lack of attention to nuclear weapon issues by senior leadership, both civilian and military, across both past and present administrations and congresses. this lack of attention has resulted in public confusion, congressional distrust, and a serious erosion of advocacy, expertise, and proficiency and the sustainment of these capabilities. absent strong national leadership, the nsa as well as the whole national security enterprise has been allowed to muddle through. first and foremost, we must consolidate and focused national level support. second, applaud doe and nsa

governance model. the semi-autonomy is fundamentally flawed. the nsa has not established effective leadership, policy, culture, or integrated decision-making. indeed, the design and implementation of governance has led to numerous redundancies come a confused authorities and weakened accountability. third, a lack of sound management principles. nsa and the associated policy organizationsght reflect few the characteristics of successful organizations and bureaucracyk averse lacks a shared vision for and unified commitment to mission accomplishment and hence they do not act as a team. both the doe and nsa lack defined discipline of roles,

responsibilities, authorities, accountability aligned to the nsa mission deliverables. too many people can stop mission essential work for a host of reasons and those two are responsible for getting the work done often find their decisions ignored or overturned. not well command are defined and resources are micromanaged. personal management and development programs issue processes and the budgets are not efficient. cost estimated are well documented and acute. there is a dysfunctional relationship between nsa, the theirl workforce and management and operation partners. the trusted partnership that historically existed between the laboratories, doe, and nsa headquarters has eroded over the

past two decades to an arms length customer to contractor adversarial relationship needing to a significant loss in the benefits of the federally funded research and development centers . the trust factor, essential to this model, underscored by a recent national academy study results from unclear accountability for risk, a fee structure and contract approach that invites detailed transactional compliance-based oversight rather than a more strategic approach with performance-based standards. , the budget and reporting lines also can find effective program management and further erode any sense of trust. additionally, there is no enterprise-wide approach. there are examples of where the relationship has improved, such as the kansas city plant,

overall this government and partnership remains highly inefficient and, in many cases, severely fractured. is an and finally, there even collaboration with customers. primarily withs issues we have identified mainly with the dod weapons customers. there is no affordable, executable joint dod-doe vision or program for weapons capabilities. this is at once a cultural and communications divide. there's also a fundamental lack of mechanisms to ensure that requisite collaboration and consensus to address core mission requirements. other customers appear to be satisfied but here is a more strategic approach that could strengthen capabilities and the services provided.

conclusion, it requires aggressive action and sustained implementation and all five of these areas the national leadership engagement is really the common theme. itrovement is possible, but will demand strong leadership and proactive implementation of the panel's recommendations and the president, the congress, and an engaged department of energy secretary. thank you for your time and we look forward to your questions. >> thank you both for those remarks. staffl, did you and your get the impression when they were interacting with people at various levels that they have a i get theblem? impression they are cognizant of they have problems but does it affect morale in a serious way?

>> across the complex, you see a number of morale problems and it is reflected not just within nsa and the contractors, but you also see that on the dod side and in many cases you are witnessing a number of investigations associated with morale problems within the force. that clearly is not part of our charter, but yes, certainly there are morale issues. we did receive a copy of a recent cultural study that was done within doe and nsa. that identified a number of morale and cultural issues that, i think, affected the performance of the organization. >> you are the ceo of a very large corporation. if you were to give some advice, if you were to take the reins, what sort of initial actions should the new administrator

employee to demonstrate the seriousness of his or her approach to this new endeavor that would send the message up and down the food chain within the organization that you are serious about changing the culture. i'm hearing it's really a cultural problem there. give us an organizational lesson. years in thent 10 government, let me say that it is much, much more difficult to manage in the government than it is the private sector. nonetheless, the same principles of management in my experience apply. people also watch the people at the top and how they behave. it's terribly important that the people at top set an example of what is expected and they walk the walk. the first thing that needs to be done is to gather people and say times have changed. whoe will be some people

view that as an opportunity, an exciting challenge, some who say that we can live with that and some who will resist it. those who resisted either have to find new work that they can deal with or be put aside so that they do not interfere. i think there needs to be examples set very quickly that the accountability is expected. were i to start out, i would have a conversation like that with the organization and i would travel the field for a few weeks. i would then make clear what our goals and expectations were. i would do my very best to have our resources and so those expectations. if there were people who were not up to the job, they need to find something new to do. >> i think you are exactly right.

think whoever takes the reins, assuming the senate will soon confirm somebody, has the latitude to make those corrective changes in leadership listening towas the five points and he made the observation that the bureaucracy was risk averse and a lot of the people in middle management either don't want to make decisions or if they do, they are overruled by somebody. i'm wondering how difficult it is to take a middle-management person and replace it with someone who is not risk averse. did you even look at that? >> many of the members of our group have experienced it. as you know very well, civil service was set up to protect employees from political pressures. in so doing, i think my view it to make ittoo far difficult to remove people who

are not up to their job. i work with many very, very capable people and government, particularly people in uniform. at the same time, i have encountered a situation where people directly reporting to me were really not suited for the job they were in. it's very difficult to do anything about that. >> and the government are? -- in the government sector? i should have been clear, yes. >> to my knowledge, nobody has been terminated. >> i was one of three people the theetary asked to do o investigation and it's very hard to find out what happened to the governmental employees. we tried very hard for what is clear is that the three intruders went to jail. the people working for the contractors, the contractor was

contractor employees, some were fired and some are transferred laterally. as best as i know, people in government service were transferred laterally or no action was taken. i qualify that by saying as best as we've been able to find out. >> the head of the security did not shoulder any responsibility for that and that is what i find most amazing. we heard your five systematic disorders. would you both please provide some specific examples, if you can, about where we have seen the erosion of attention to nuclear weapons issues and what impact it has had? if you could think of one or a two specifics? if you cannot, that is fine. >> i would say at the height of the cold war, we had a very robust infrastructure that was capable of producing nuclear in significant volumes,

significant quantities. today, we are dealing with a footprintsscent within the nsa complex. 54% or somewhere around there of the infrastructure is over 40 years old. much of it is a legacy of the cold war and there is a need to streamline. we are struggling right now with a lack of any significant production capabilities because we do not have two major facilities, the cmrr and upf. poorhave been troubled by project management and efficient cost estimating. again, that is one significant

example of an erosion of our infrastructure capabilities. >> i will cite two quick examples. there are many. when a nuclear weapon council met to approve what is known as the three-two plan. within a month of the time that was approved and widely agreed upon at a very high level, they came back and said that we could not carry it out. the system basically stopped at that point in terms of proceeding as planned at the higher levels. a second example was the facilities being allowed to age and the people working in them are well aware of the highest levels of that and there was no action in many cases. over 50% of the facilities within the nsa are over 40 years old and 25% are over 60 years old. not only does some of that raise

a safety issue, it's certainly impacts morale. thehe chair recognizes ranking member for any questions you might have. >> i thank the witnesses for being here, for their long government and public sector service and also for their expertise and leading this very important panel. i want to complement members of the subcommittee here. not only in my side but across the aisle. it's great to have senior member mr. thornberry here who is even willing to sit below to find out about the governance of the nuclear security enterprise. this is one of the few hearings in which the attendance of the subcommittee compares favorably with the attendance in the audience. the public has not tuned into these issues as they should and congress, as you gentlemen have pointed out, has not focused on these issues as we should so hopefully this process starts that correction.

i know this is just a preliminary report on your findings of the governance of the national security enterprise. are you on track to deliver the final report sometime this summer? we lookieve we are and forward to delivering a full and comprehensive report. >> when i went through your testimony, i was struck. you tend to view things as half glass full or empty and i would like for each of you to look at your testimony. for example, you starts off by saying the current viability of the nuclear deterrent is not in question, glass half full. he points out some qualifying things, improving existing becausece structures they are inefficient or ineffective. we will not die from that. later on the testimony, it says the experiment has failed. fixed as a matter of priority, presumably a

national priority. i thought the admiral's testimony had a similar glass half-full or glass half empty look at things. he starts off by saying that there has been a significant erosion in our capabilities to sustain our nuclear deterrent capabilities. weapons of attention to issues by senior leadership, both civilian and military. again, we will not die from that. later on in your testimony i thought if there were to be a headline for the meeting it would be this single sentence. no affordable joint dod-doe vision, plan, or program for the vision of nuclear weapons capabilities." wow. that is a big sentence. that is a devastating sentence. that would be in the glass half empty category.

i know you are just at the preliminary level and you have but, as the gong through our hearings and we learn just to sustain current capabilities is probably $355 billion, that is assuming no further cost overruns, delays, erosion of scientific talent, bad relationships with contractors, whatever. we are in an environment of sequestration, how are we going to do all of this? not is a central challenge only for congress but the nation. nuclear issues are not necessarily in fashion so it's easy to just dismiss them. i hope that this is the beginning of a process where we can focus in a mature way on sustaining and possibly even enhancing our capabilities.

this is the only great nation on this earth and that is our obligation. i also think it's important to put this in a historical perspective because there's never been a perfect time to manage all of this. of theread the history nuclear enterprise, there's always controversies, problems. the pass has never been smooth. there is not one glory age, not one camelot. hopefully we can do better than it has been doing because i the experiment has failed. i look forward to her panel's recommendations on the fixes. >> i recognize my friend and colleague from texas for any questions you might have. >> thank you, mr. chairman and thank you for letting me sit in. there is some advantage to

having been involved in this issue for 20 years. one does see a progression of reports that largely reach the same conclusion y'all do. it was not anything you said this morning that i don't believe is new versus -- we've been literally grappling -- grappling with this for 20 years , but i have to say at the same time, as soon as the secretary was confirmed, i sent them a letter saying i had never been more concerned about the nuclear complex. part of it is the morale and part of it is a lack of leadership at the top. part is the continued aging and deterioration of our weapons, which we are not addressing, just a host of things. that's a long way of saying that i appreciate the efforts you are putting into this. i guess one question that keeps coming up in my mind is to what extent any recommendations are

going to affect the culture and the basic leadership issues that you identified. this, basically we took a report from some very distinguished people and we took the more conservative option. we did not create an autonomous agency like the nuclear regulatory commission. we tried to do a semi autonomous. had an autonomous agency, if you do not have attention from the president, the secretary of defense, would it matter? legislate cultural leadership focus, the number one issue that the admiral identify? >> i don't know where to start. first, to the minority

members concern about half-full or half-empty, i certainly think at the present time that the glass is half full but i think as we look to the longer term in the future, if germanic action is not taken then the concern is .ore half-empty i think you have to appreciate that there has been numerous studies, as you well know, that have preceded our panel. we inherited about 50 past studies focused on the department of energy and to some nnsa.e all of them have reached similar findings regarding the cultural personnel or organizational policy, procedural challenges that those organizations face right now, that exists within

the nsa. are of our panel findings going to be necessarily new or original. i think you have to appreciate that many of these problems existed before it was created. it was created out of recognition that some of these problems existed and the semi autonomous model has not and, in a sense, we view it as a failed experiment. the that standpoint, creation was basically an organizational change. organizational changes are not the main solution to the problem. the main solution is cultural, not organizational. you have to approach it from a doe wide basis, not just an nsa.

have agrateful to secretary who is very engaged to has a passion and an understanding of the mission and is clearly committed to making some cultural changes. the challenge that i think he will face, that we will all face, is can you institutionalize those changes so that they endure long beyond his tenure? >> may i comment on his question? first of all, i would strongly agree that you cannot legislate culture. you cannot dictate changes by putting out memos. i think what is required is to set an example of what a new culture is and to be totally intolerant of deviations from that. the firm i happen to work for, we combined 17 different firms in five years to make it, to

build it. we have 17 and sometimes i thought we had 18 different cultures. came together very well because we were very tolerant of individuals who just could not deal with the new way of doing business. says, we arel fortunate today to have a secretary of energy who understands. neednderstand that we these that are not personnel or human dependent. we need to have secretary of .nergy , im listening to you all

was preparing what i was going to ask can say. that me first say that i appreciate the study that you all have conducted. to thinkeed sobering of all of that nuclear power that is in a dangerous state of maintenance and management. our nuclear enterprise has been yearsted from years and of a lack of focus, lack of is whend leadership, you have said, from both civilian and military sources.

quite aaken place over time, since the end of the cold war. erosion of this nuclear enterprise is morass that of the congress finds itself in. we are still doing business the same way that we have done for centuries. right now, this body is not functioning. thatbody needs a study would provide us with some guidance in terms of where we are, what we need to do to move forward. that thisbmit congress, while it's great that

we are looking at our deficiencies right now, i also think that we need to be looking at what our future direction should be. it is not to be assumed that we should go back and correct everything, to sustain what we had. i think the discussion should be what do we need as we move forward? in my mind, the president, this president like previous presidents having worked on nuclear disarmament congressand such this would be well advised, i think -- i don't want to say follow -- but we should explore this

disarmament issue. ,e cannot unilaterally disarm to have aal should be world without nuclear weapons. if we start from that premise and work from there, i think we would do ourselves a whole lot of justice. $355 billion would get us back to where we need to be and that is unrealistic. i don't think that's going to happen. how much will it take for us to get to where we need to be in order to continue our efforts to eradicate nuclear weapons from the face of the globe? i think thatshould be something congress, through its committees and subcommittees, should be about. we need to be about it quickly.

the status quod both from a security standpoint, especially from a security .tandpoint as we make sure that we do not allow other nations to acquire nuclear weapons, we need to be about this kind of study but you and your statement said that several nuclear powers are modernizing their arsenals. which ones are those? how much >> letre they spending? me say very clearly that both russia and china are modernizing their nuclear arsenals and we have good indications of that.

they are developing new capabilities. i do want to go back and reassure you though that despite our testimony and our comments about erosion in the enterprise, i want to reassure the theommittee that because of strength of the stockpile stewardship program and with the going on in the national laboratories, we still have a safe, secure, reliable stock file. that is not an issue today. it might be an issue for the future if we do not continue to invest and pay attention to those issues, but i think for the foreseeable future we have a safe, secure, reliable stock pile.

>> the terrance is about our ability to project force. world, we would love if we did not have any. everybody loved each other, there would be no need for a deterrent, but that's not the real world. we live in a place that is becoming more dangerous, not less dangerous. we see the actions of china, russia, particularly what we have just seen with russia's encouraging -- moving into the ukraine much less what they did in georgia. they are still there. it would be great to live in this fantasy world, but what bothers me the most is the fact that one of the last sentences in your testimony was reform

requires aggressive action, sustained implementation of all five of these areas mentioned in the report, but national leadership engagement is the common theme. improvement is possible, but it would demand strong leadership and proactive implementation of the panel's recommendations by the resident, congress, and an engaged doe secretary. at least from the congress shownoint, we have leadership and we are trying to give direction but everything that we've talked about here is about interpersonal skills, the ability for management to make sure that people stay on task. that startup highest level. been going on for years. i've been here three years and it disturbs me the fact that we cannot get administrators to actually do their job and they are not held accountable.

in reading through all of your testimony, it is about accountability. a sheriff and we had 500 employees. we held people accountable. there were ways to deal with those in the civil service system but you had to hold people accountable and you had to let people know what your mission was and what you would not tolerate. endeavor,rticular nuclear deterrent and this really falls to those people. as a whole bunch of other things going on, but that is their only mission it is very central. you mentioned that it takes .ocket scientists to do this i don't know how to know much about constructing a nuclear weapon but how i construct a

management team to get across the goal line. we can have studies commissions. does it take the president saying to you that the doe secretary, this is unacceptably and you have to get this done? doesn't start their? where does it start? >> i think you said it exactly right. the president is the principal person to provide leadership in and there is strong support from the congress that is required. probably most important individuals in today's organization is the secretary of did not have a background at all within this arena in the past. i was thinking that

i had tried to figure out how i would summarize in one sentence what i think i have learned. it would be with regards to the nuclear enterprise that the whole is less than the sum of the parts. there are some very capable people and organizations, but the leadership to bring them together, to set goals, you referred that the focus should be very clear, what their job is. one of the laboratories within the nuclear enterprise, the contractor that runs the itility, they have a fee and did not have to do is the primary mission the peripheral issues. very important peripheral issues, i emphasize, but 20% had to do with maintaining the stockpile and so on.

>> as a citizen of the united states, people should be concerned, i think. the message is that we expect our leaders to actually lead, not just hope things get better and hope that process improves. we can have all the commissions we want but until there is actual leadership to force the issue, i don't see how this ever gets better. i yield back. >> i understand the gentleman's concern and i hope he's wrong. >> i really enjoy being a testimony. mr.r. two percent -- as cooper said, there are some real pearls of wisdom in there and

some very difficult problems that we need to solve. in the 18 years i've been here in this congress, in this full committee, 16 have been spent on this committee, this subcommittee here. i have seen a lot of interest and i've seen a lot of waning just quite frankly by people in the administration with respect to this issue but also by members on this subcommittee over time. first of all, i'm really thrilled that so many have shown up today. and conferenceup in fiscal year 2013 in fiscal da, we considered several legislative issues with the oversight. some of this included significantly limiting or taking

health and safety oversight in the independent said nuclear safety board. even as the department of labor paid over $10 billion in compensation to workers or their families because they were either killed or injured by exposure to radiation or toxic materials when they were working at the department of energy at the nuclear site. these legislative provisions led to significant concern about weakening oversight that a time when it is overseeing an ambitious sustainment plan and building one-of-a-kind facilities to handle plutonium and uranium operations. considering that backdrop, do you see a role for independent oversight of safety and comeity? where would this from? who would we look to for that?

the nsa talks about priority missions. in your opinion, does this include a serious commitment to safety and security? >> let me try and answer your question in a number of ways. first of all, with respect to oversight, i don't think anybody on the panel wants to reduce the effectiveness of oversight. review say that in our of the performance of the oversight function with in the doe, despite a large number of people at each of the field offices, we have really evolved over time into a transactional compliance checklist-based culture which, frankly, is both inefficient and not very effect

did. the issue is not more oversight or less oversight in terms of bodies as much as it is better oversight and better ways to do oversight. >> that would be my question. how would we go about really getting to the oversight that we need? if you lookegree, at the current performance elements today, a lot of the laboratories and the sites are graded on non-mission related functions. norm mentioned one organization had 80% of the fee associated with non-mission related issues. aain, there has to be greater, stronger focus on mission. i would just give you one example to illustrate the point. we have approximately 100 people

doing oversight and yet, for whatever reason, despite the large number of people doing oversight, the problem with the high level of frequency of false and nuisance alarms at the thatity, the complacency's have said and with the guard force over a long time that ultimately contributed to the lack of a very effective and efficient response when they actually trip alarms. to me, you have to ask yourself, with that many people doing oversight, why was there not a recognition that this culture of complacency had set in because of a large number of false and nuisance alarms? why was there not attention given to fix it and address it? inspectionceived an

with respect to the safety and security and they were held up an exemplary of good security. is thee to ask yourself current type of oversight that we are doing really successful in achieving what you really want from a mission standpoint? ofre has been one prototype test within the department of energy within the kansas city model where kansas city to exemption from a large number of doe orders and regulations. they were allowed to move toward acceptedl standards, industrial standards and certifications and that enabled the number to reduce of federal overseers and at the

same time significantly reduce the cost but at the same time improve performance as well. itsas city is unique in that does not have a lot of nuclear functions. you cannot just transplant that model to some of the other elements of the site but i certainly think it's a good example that we ought to look hard at, particularly her or nuclear functions to see if there are opportunities where you can move to independent oversight or change the oversight model in a way that provides much more effective oversight. >> thank you, mr. chairman. i have other questions i would like to submit for the record. if there are any comments, i would like to have been submitted. i think this is an incredibly important topic we have been struggling with. >> the chair recognizes the

rectum -- the gentleman from arizona for any questions he may have. >> thank you for being here and thank you for your commitment to the administration. by the candor of your opening statement. ors a credit to your uniform the one you use to wherein we are grateful to people like you who make it possible for all of us to sit here and have a peaceful conversation. that our nuclear deterrent is one of the most important elements of our entire arsenal of freedom and yet it is important to remember that the deterrent is essentially has substance in two things. the capacity we are really here talking about today, the ability to know that we have a reliable capacity, and also intent. i apologize but i don't know of anyone but god can figure out

the intent of this administration but the capacity is what we are talking about today and i'm beginning to get concerned that there are some questions about that. it's extremely dangerous and the kind of world we live in if an enemy somehow feels our capacity or intent is not up to par. it may potentially drag us into something that could be scary. i will ask you the tough questions. i'm still under diplomatic immunity here. plutonium facility in new mexico, around $1 billion spent. nothing built, no intention to ever build. $1.2 billion spent and nothing built. they're stunning alternatives and they are unlikely to build the design that has cost $1.2 billion so far. over $3 billion spent. the concrete structure complete but they have announced with the

fy 2015 budget that they are putting in -- the project in standby. the be 61 is delayed and the other is delayed five years. i will try to cut this short here but it's not a really positive situation. the testimony here about the loss of sustained national leadership focus, i think it is spot on and they could not agree with you more and find the administration's lack of leadership and care for the nuclear deterrent that we have been talking about. i call it shameful but it's more terrifying than that. i think the delays highlight that. this committee has been polling its collective hair out really and trying to get the white house and the office of management and budget to put attention on the nuclear security enterprise. i know you would like to see that as well without putting any

of my own commentary in your mouth. we passed packages of reforms out of the house last two years only to see the administration strongly object or even threatened to veto that the administration has offered no real reforms of its own, no answers to these problems. i guess i will make it to both of you but i will let you go first if you don't mind. has the white house engaged with your advisory panel? doesn't understand the major problems that exist in the nuclear security enterprise? do you think the president understands the gravity of it? >> that's a difficult question for us to answer. >> it sure is. >> not this administration but over years we have gradually let our nuclear capability to grade. i would come back to your initial remarks that deterrence

is in the eye of the beholder, as you know. come to theations conclusion that our deterrent is not what we say it is, then we are in great danger. one of the worst things we could do is to state that we have plans and we don't divide the resources or management capability to carry them out. if we cannot afford more than we need to change the plan. those plans do not match the resources and that is probably the worst of all worlds. we have visited in great detail the programs you cited. there are a lot of examples of poor management. it has less to do with this case and its capabilities and people in the system.

they know the problems probably better than we do. >> i could not agree with you more but i'm out of time. i certainly appreciate the candor in your response. >> separate from the white house, congress, national level leadership, i think there's a lot that the department of energy can do within itself. you spoke about several projects that we have already expended a significant amount of national treasure on and we have yet to see a facility. a lot of that stems from a number of cultural issues and technical competence within the department of energy itself. for strongered cost estimating capability. a much more rigorous analysis of alternatives up front before committing to a certain program.

also, real strong, robust management expertise. i think those three elements, certain degree are lacking and have historically been lacking. you don't need the white house or congress to fix those things. i think the secretary has the .bility to take on they want to better utilize the resources given to the organization. the admiral thank for his comment. i agree he is a good man and he has his hands tied to an extent. thornberry's question, we could legislate this. jim. >> you are recognized for five minutes. specific a couple

questions i would like to ask. and nuclear security enterprise under the construct it is currently taxable or do we need to move in a totally new direction? if it is fixable, where would you start? if not, what would you do? >> under the current structure, it is clear it does not work. it is very difficult to fix. is somethingpoint the committee is very much involved in and trying to decide . the list of options is not great. again i think organizational changes are needed. it is the lesser fix in the sense of the cultural