ten hearings on cyberthreat including today's hearing is. commerce and the intelligence committee have helped many more. in 2011 chairman lieberman and reduce our cybersecurity bill which was recorded by this committee later that same year. since last year we have been working with chairman rockefeller and legislation that he champions which was reported by the commerce committee. senator feinstein -- groundbreaking work in information sharing which she has been kind enough to share with this committee as well. after incorporating changes based on the private sector, our colleagues and the administration we have produced a refined version which is the subject of today's hearing. and it is significant that three senate chairman with jurisdiction over cybersecurity have come together on these issues and each day we fail to act the threat increases to our national and economic security. to focus narrowly on the federal information security management act as well as federal r&d and improved information sharing. we do need to address those issues

do you need more resources now that the cyberthreat has become more great? to make sure that our supply chain security is protected, our supply chain is protected against cyberintrusion? >> i, it has been pointed out, we are seeing increasing attacks, cyberattacks, not only in the public sector, but the private sector as well. and i think this country has a responsibility to develop the defenses that have to be there in order to insure that, that this country is not vulnerable to those kinds much attacks. the money that we dedicate in our budget tries to improve our technologies, our capabilities within the defense department, within nsa. but i would suggest that part of that consideration has to be, what do we need to do to make sure that the equipment, the technology that we're getting all of that has adequate protections against cyberattack. >> let me make a request for the record, if i may, since my time is starting to run out. two requests for the record. one is that if you could break out for me what in your budget is related to supply chain security?

pipes has to be undertaken with regard to cyberthreats.quite obviously there are a number of ways of looking. i'm the one hand you've got the electrical grid or the power grid and the ability to bring energy or other materials or pipe went to lake -- >> air traffic control. there's very little we do in this day and age that is not somehow associated. the fact of intellectual or d., r&d, theft of the plan and programs of incorporation for the future, all of which are vulnerable to be exploited by attackers. so i'm the one hand you have to defend the infrastructure. on the other hand you have to identify as director was saying, the attribute should possess critical as anything else. what is somewhat unique in this venue is that she don't know whether the attack on aztec or rsa or google or sony or other is undertaken by a russian or chinese at their word organized criminal group and could be a terrorist group, an organized crime group may be associated with intelligence service or a country. or it could be just an organized criminal group fo

the private sector has been extremely responsive to combating cyberthreat.verage spending of cybersecurity in the telecommunications industry is $67 million a year with government by the way being, including regular compliance being the single biggest cause. despite the fact our critical infrastructure is under constant attack we have never had an instance of serious breakdown, economic catastrophe, so what do what we have seen in the environment the army. this success is due in large part to the flexibility generated by the current system which relies on voluntary partnerships where in industry understands the management systems best and use their knowledge to respond rapidly to emerging threats in a fashion they believe can best protect a system rather than being driven by a preset government directed. nevertheless, there is a great deal that congress can do and the congress committee can do to improve our cybersecurity right now. first of all we need to get the government house in order. the national academy of sciences, gl and just last week the d.o.e. i

cyberthreat does go on in the economic world, too. you could definitely feel the effects of that coming. imagine for a second what this is like if you could imagine there's a criminal or terrorist already living in your house with you. but you don't know they're there. that's sort of how lawmakers and how the administration officials are looking at the cyberthreat now. >> okay, so how exactly are we going to fight these threats? >> that's a great question. and i wish if i had the answer, i'd be the most popular person in washington today. lawmakers need to pass some legislation that allows a lot of these government agencies to free up the tools. we have the national security agency. we have like the largest eaves dropping apparatus in the world, and they have tools right now i'm told by a former head of that agency that they could be using if they had the guidelines and the authority to actually do it. so that's something that's being discussed on congress now to get legislation passed and let's get moving before it's too late. >> fin

behind the scenes and beneath the surface we defended against cyberthreats. we sustained our national's nuclear deterrent position sure and worked with allies and partners to build capacity and to prevent conflict across the globe. we continue to provide this nation with a wide range of optiontion toer dealing with the security challenges that confront us. and in an increasingly competitivunrtain security envi we must remain alert, responsive, adaptive and dominant. this budget helps us to do that. it's informed by a real strategy that makes real choices and maintains our military's decisive edge and maintains our global leadership. moreover it ensures we keep strength with the true source of our strengths and that's our people. with this in mind i wanto chent secretary. first, this budget should be considered holistically. it's a joints budget rather than individual service e formed pap rocky parochially. changes that aren't informed by that context. of the balance that i just described and potentially compromising the force. second, this budget represents a

every month we learn more about these cyberthreats. and what we have learned thus far is of great concern. i'm concerned that our communications networks are under siege. i am worried that the devices consumers use to access those networks are vulnerable. and i'm concerned that our process for looking at communications supply chain issues lacks coordination. i'm concerned that our cyber defenses are not keeping pace with our cyber threats. in this hearing we're lucky to have the voices of five private-sector witnesses to guide us through the complex issues of cybersecurity. i'm hoping that you'll tell me that cyberspace is secure and we can all rest easy at night. unfortunately, i've read your testimony and it's not so. so i expect you'll tell us the threats of our communications networks are all too real, american businesses are losing dollars, jobs, intellectual property and much, much more because of cybercrime and cyber espionage and that our national security is frankly at risk. i also expect you'll explain what the private sector

i think in a very simple way we all know that the cyberthreat is significant.the scale and scalable ranges for four nations and admiral mcconnell and secretary chertoff have written a powerful piece in "the wall street journal" of the activities that the people's republic of china engaged in terms of the cybernetwork exploits so at the high-end you have thread factors such as people from the republic of china and russia and also have iran and north korea increasingly engaging in the space all the way down to the divisions that affect us as individuals as our role as consumers and the ability to have confidence in the system. we are all increasingly using in this cyberdomain. so i think this is something that touches just about everything we as a society do. we as individuals do and where is the tools may change the technology may change, human nature doesn't so it also affects warfare, diplomacy, economic security, finances and down to our individual designations. without going any further and i've already spoken too much, we have two wonderful mentors of mine

and perhaps in something of the newcastle just to affirm the cyberthreat is one of the most challenging ones we face. we first see a safer environment in which emerging technologies are developed and implemented before security responses can be put in place. among state actors, particularly concerned about entities within china and russia conducting intrusions into u.s. computer networks and stealing u.s. data. the rule that nonstate at her side playing in cyberspace is a great example of the easy access that could potentially disrupt legal technology and know-how by such groups. two of our greatest strategic cyberchallenges their first native real-time attribution of cyberattacks come in knowing who carried out such attacks and were perpetrators are located. second is managing older abilities within the i.t. supply chain for u.s. networks. in this regard, cybersecurity bill was recently introduced by senators lieberman colin, rockefeller and feinstein and addresses the core homeland security requirement that approves cybersecurity for the american people, nation's critical infrastructu

and perhaps in something of e newcastle just to affirm the cyberthreat is one of the most challenging ones we face. we first see a safer environment in which emerging technologies are developed and implemented before security responses n be put in place. among state actors, particularly concerned about entities within china and russia conducting intrusions into u.s. computer networks and stealing u.s. data. the rule that nonstate at her side playing in cyberspace is a great example of the easy access that could potentially disrupt legal technology and know-how by such groups. two of our greatest strategic cyberchallenges their first native real-time attribution of cyberattacks come in knowing who carried out such attacks and were perpetrators are located. second is managing older abilities within the i.t. supply chain for u.s. networks. in this regard, ybersecurity bill was recently introduced by senators lieberman colin, rockefeller and feinstein and addresses the core homeland security requirement that approves cybercurity for the american people, nation's critical infrastructure an

this is going after the advanced cyberthreat like china stealing our intellectual property every day. chairman rogers talked about the historic transfer of wealth going on between the united states and china right now as folks are chinese actors are going into our company and stealing our it and to create jobs innovation in the market, the chinese are stealing that wholesale and we need to do a better job of helping companies defend themselves against those attacks. we believe the private sector is already doing some great job out there. you know, they are already making for that great work that goes on in places like the nsa to collect that sensitive data and they should get the benefit of that data in defending their networks. i think as you heard there's a pretty good consensus that this is a good model for going forward. there's some important disagreements in the details about how to get that done but i think it's encouraging that there's so much similar thinking between the house and the senate on both sides of the aisle about this narrow slice of the problem. our bill as i said

experts about the importance of possessing the ability to eeffectively prevent and respond to cyberthreats. we listened to couldn'ts of cyberespionage from china, organized cybercriminals in russia, and rogue outlets with a domestic presence like anonymous. and launch cyberattacks on those who dare to disagree and our government report over the last five years cyberattacks against the united states are up 650%. so we all of us agree that the threat is real. it's my opinion that congress should be able to address this issue with legislation, a clear majority of us can support. however, we should begin with a transparent process which allows lawmakers and the american public to let their views be known. unfortunately the bill introduced by the chairman and ranking member have already been placed on the calendar by the majority leader without a single markup or any business executive meeting by any committee of relevant jurisdiction. my friends, that's wrong. to suggest this bill should move directly to the senate floor because it, quote, had been around since 2009, is outrageous. the bill wa

director robert mueller testified to congress very recently that the cyberthreat will soon overcome terrorism as the top national security focus of the f.b.i. think about that. cyber will be as dangerous as terrorism. cyber threats and the widespread prospect of a cyberattack could be as devastating to this country as the terror strikes that tore apart this country just ten short years ago. so how is that possible, you ask. think about how many people could die if the cyberterrorist attack attacked our air traffic control system, both now and when it's made modern, and our planes slammed into one another, or rail-switching networks were hacked, causing trains carrying people, and more than that, perhaps hazardous materials, toxic materials to derail or collide in the midst of our most populated urban areas, like chicago, new york, san francisco, washington, d.c., et cetera. what about an attack on networks that run a pipeline, refinery or chemical factory, causing temperature and pressure imbalance, leading to an explosion equivalent to a massive bomb or an attack on a power grid, shutting do

experts about the importance of possessing the ability to eeffectively prevent and respond to cyberthreats. we listened to couldn'ts of cyberespionage from china, organized cybercriminals in russia, and rogue outlets with a domestic presence like anonymous. and launch cyberattacks on those who dare to disagree and our government report over the last five years cyberattacks against the united states are up 650%. so we all of us agree that the threat is real. it's my opinion that congress should be able to address this issue with legislation, a clear majority of us can support. however, we should begin with a transparent process which allows lawmakers and the american public to let their views be known. unfortunately the bill introduced by the chairman and ranking member have already been placed on the calendar by the majority leader without a single markup or any business executive meeting by any committee of relevant jurisdiction. my friends, that's wrong. to suggest this bill should move directly to the senate floor because it, quote, had been around since 2009, is outrageous. the bill wa

the current ongoing and ongoing cyberthreat not only threatens our security here at home, but it is rightry damaging impact on our economic prosperity. because extremely valuable intellectual property is being stolen regularly by cyber exploitation, by people and individuals and groups and countries abroad, that is then been replicated without the initial cost of research done by american companies, meaning that jobs are being created a broad that would otherwise be created here. so when we talk about cybersecurity, there's a natural way in which people focus on the very real danger that an enemy will attack us from cyberspace. but as we think about how to grow our economy again and create jobs again, i've come to the conclusion that this is actually one of the most important things we can do, to protect the treasures of america's intellectual innovation from being stolen by competitors abroad. last year, a very distinguished group of security experts, led by former department of homeland security secretary michael chertoff and former defense secretary bill perry, going across both partie

the cyberthreat is one of the most challenging once we face as you alluded.ve a cyber environment where emerging technologies are implemented before security responses can be put in place. among state actors we're particularly concerned about entities within china and russia conducting intrusions into u.s. computer networks and stealing u.s. data. and the growing world of nonstate actors are playing in cyberspace is a great example of the easy access to potentially disruptive and even lethal technology and know how by such groups. two of our greatest strategic cyber challenges are first, definitive real time attribution of cyber attacks. knowing who carried out such attacks and where the perpetrators are located? second, managing the enormous developer inabilities in the it c supply chain for u.s. networks. briefly looking fee graphically around the world and in afghanistan during the last year the taliban lost some ground but that was mainly in places where the international security assistance forces or isaf are concentrated. in taliban senior leaders conti

the cyber intelligence sharing and protection act which is the bill, gives authority to share cyberthreat intelligence now where malicious code and other cyber signatures with industry. companies can use this classified information to protect their cyber networks and the networks other clients from cyber threats and trying to defeat, disrupt, distort or otherwise disable. this allows the private sector to benefit from the expertise of the intelligence community all on a voluntary basis. the legislation will allow companies to power our homes, provide clean water and manage our other critical infrastructure information, to protect themselves from cyber shot. the bill which is also important text privacy and civil liberties. i applaud my site, congressman thompson, congresswoman schakowsky, and congress been shipped for working with those in dealing with issues of privacy and civil liberty. another critical component to our national security is spaced. in 2011, the department of defense and the director of national intelligence published the first joint national security space strategy. it

behind the scenes and beneath the surface we defended against cyberthreats.sustained our national's nuclear deterrent position sure and worked with allies and partners to build capacity and to prevent conflict across the globe. we continue to provide this nation with a wide range of optiontion toer dealing with the security challenges that confront us. and in an increasingly competitive dangerous and uncertain security environment, we must remain alert responsive adaptive and dominant. this budget helps us to do that. it's informed by a real strategy that makes real choices and maintains our military's decisive edge and maintains our global leadership. moreover it ensures we keep strength with the true source of our strengths and that's our people. with this in mind i want to add a few chents to those of the secretary. first, this budget should be considered holistically. it's a joints budget rather than individual service budgets formed pa rocky formed pap rocky parochially. changes that aren't informed by that context. the context of jointness. risk upendin