mr. krebs, and thanked the witnesses. i'm sure you can see that chart over there. charts are always interesting, but this one, we're going to need someone to translate for us because it's an example, and i think an one, of the difference, the differences and authorities and responsibilities, none of which seem to have an overall coordinating office or individual. of course, mr. joyce absence here, whose job it is to do all this is an example, frankly, of the disarray in which this whole issue rests. and mr. rapuano, to start with, you said that is not department of defense responsibility. suppose at the russians had been able to affect the outcome of the last election. wouldn't that fall under their responsibility and authority to some degree of the department of defense if they're able to destroy the fundamental of democracy which would be to change the outcome of an election? >> mr. chairman, specifically, the issues associated with protecting elections from cyber incursion -- >> so you're sa

mr. krebs. >> chairman mccain, ranking member reed, members of the committee, thanks for the opportunity to appear before you today. in my current role performs the duties of their dissector for the national protection and programs directorate i lead the department of homeland seekers efforts to secure and defend our federal networks and facilities, and the systemic risk to critical for such an approved cyber and physical security practices across our nation. this is a time hearing as during december, october we recognize national cybersecurity awareness month, find a focus on how cybersecurity is a shared responsibility and ethics of the business, organization in america and is one of the most significant and strategic risks to the united states. to address this week as and if we work together to develop a much needed policies authorities and capabilities across the interagency with state international partners in coordination with the private sector. department of defense is eligible receiver

mr. krebs, can you walk us through the process an organization and critical piece of infrastructure would reach out to you for help? i know they first have to detect the threat and that can take some time. what does the process look like once they contact you? how long does it take to begin working with them and are there legal agreements that must be in place before a response team could operate on their network. >> thank you for the question. there are a number of ways a victim can discover they have been breached, they have some sort of intrusion working with the intelligence community or fbi notify them or department of homeland security inform them or one of their private sector vendors can discover an actor on their networks. how they reach out? a number of ways, e-mail us, call us. we have local official cybersecurity advisors throughout the region and protective security advisors throughout the region. they can also contact the fbi. once we are aware of an incident, we'll do an intake p

mr. krebs. >> chairman mccain, ranking member reed, members of the committee, thanks for the opportunity to appear before you today. in my current role performs the duties of their dissector for the national protection and programs directorate i lead the department of homeland seekers efforts to secure and defend our federal networks and facilities, and the systemic risk to critical for such an approved cyber and physical security practices across our nation. this is a time hearing as during december, october we recognize national cybersecurity awareness month, find a focus on how cybersecurity is a shared responsibility and ethics of the business, organization in america and is one of the most significant and strategic risks to the united states. to address this week as and if we work together to develop a much needed policies authorities and capabilities across the interagency with state international partners in coordination with the private sector. department of defense is eligible receiver

next, mr. krebs sec was breached in late 2016 and we now know that the attackers had access to corporate filings, profit, public release. the announcement of this breach was made nearly a year after it was first discovered. my question was, when was dhs informed of the breach? and what was dhs's involvement in detecting, responding and recovering from these-- from this attack? and finally, how did dhs improve its integration with federal agencies to assure that these types of attacks are identified and notified quicker in the first. >> let me briefly touch on the first piece and then i'll kick it over. that was based on totality of evidence including by the most part open source information and in terms of a classified briefing, i believe we are on the schedule for some point in the next month or so with the full committee, the monthly intel briefing. so with that, if i may, i'd like to turn it over. >> thank you. >> sir, welcome to support a briefing on it. as far as the sec, we're happy to come in

mr. krebs and great to see you in your new role at dhs. ms. gentleman net man fra is the secretary for cyber communications in the national protections and program directorat. also great to have you back with our subcommittee and finally ms. patricia hoffman is the acting assistant director at the us department of energy. thank you for being here with us today. i'd now like to ask the witnesses to stand, raise your right hand so that i can swear you in to testify. do each of you swear or affirm the testimony which you will give today will be the truth, the whole truth and nothing but the truth so help you god? let the record reflect that each of the witnesses has answered in the affirmative. you may be seated. the witnesses full written statement. the chair recognizes mr. krebs for his opening statement for five minutes. >> chairman radcliffe, ranking member richman, thompson, members of the committee. good morning and thank you for today's hearing. in this month of october we recognize nationa

mr. krebs, we have a congressional task force on election security and we made requests of the department to provide us a classified briefing around this issue and we've been told that it has to be bipartisan, that you can't just brief democrats. are you aware of that? >> i'm not aware of any existing policy. let me say this. i share your concern on election infrastructure. i made that clear today wanted to say directly to you as well it is my top priority at the department. if we can't do this right and dedicate every single asset we have to assisting our state and local partners frankly i'm not sure what we're doing day-to-day. in terms of what we've done, in terms of engagements we are prioritizing delivery of those briefings information sharing to our state and local partners. we are doing it in a bipartisan manner because my opinion is that this does transcend party lines and we should be doing this all pulling the same direction. going forward, i would encourage any additional briefings,

thank you mr. krebs. ms. manfra you are recognized her fight ms.. >> chairman ratcliffe ranking member thompson members of the committee thank you for holding today's hearing could i also want to begin my testimony by thinking this committee for taking action to some on the cybersecurity infrastructure security agency act of 2017. the name for organization reflects their mission is essential to our workforce recruitment efforts and effective stakeholder engagement we must also ensure nppd is appropriately organized to address cybersecurity threats both now and in the future and we appreciate this committee's leadership. cyber threats remain one of the most significant strategic rest of the united states. cyber risks threaten our national security economic prosperity and public housing in safety. our adversaries cross borders at the spittle fly. over the past year american side bands persistent threat actors including actors criminals and nation-states increase in frequency complexity and sophistication. in my

mr. krebs. >> chairman mccain, ranking member reed, members of the committee, thanks for the opportunity to appear before you today. in my current role performs the duties of their dissector for the national protection and programs directorate i lead the department of homeland seekers efforts to secure and defend our federal networks and facilities, and the systemic risk to critical for such an approved cyber and physical security practices across our nation. this is a time hearing as during december, october we recognize national cybersecurity awareness month, find a focus on how cybersecurity is a shared responsibility and ethics of the business, organization in america and is one of the most significant and strategic risks to the united states. to address this week as and if we work together to develop a much needed policies authorities and capabilities across the interagency with state international partners in coordination with the private sector. department of defense is eligible receiver