Skip to main content

tv   Key Capitol Hill Hearings  CSPAN  September 10, 2015 7:00pm-9:01pm EDT

7:00 pm
participate. in fact, we set up a committee that would provide a forum for the u.s. to keep the alliance informed about about bilateral u.s./russian relations and particularly in the arms control round. and their concern is that whatever dialogue goes on between the united states and russia, it should not lead to the weakening of the transatlantic link in nato. and instead should be based on the assumption of reciprocity between the allies, not just the united states, the allies and russia. this inclusion of what i call the european footprint in any of these arms control processes needs to be subject to this consultative process in the alliance. and it's also firmly based on the principle of the indiv
7:01 pm
izibility of security. and in every document that nato puts out, we talk about this again and again about indivisibleity of security. saying all that, the alliance still goes at great lengths to endorse and support and embrace arms control. and the reciprocity aspect of that. even the most die hard official within any government in the alliance that believes that we should eliminate all nuclear weapon weapons they do it only in the official context of reciprocity and quid pro quo that we would not eliminate our nuclear weapons, would not reduce our nuclear posture except in a process of discussion and negotiation with russia. in the last summit the alliance
7:02 pm
again stated that they looked forward to developing various transparency and confidence-building ideas with russia and the federation in the context of a nato council with the goal of developing detailed proposals and increasing mutual understanding. they continue to believe that this partnership between nato and russia, based on the respect of international law, is of strategic value and continues to aspire to a cooperative, constructive relationship, but one that's reciprocal. the flip side of that is, as they've said, in the wales summit, is that current conditions do not exist to allow that to continue. and then the alliance decided in
7:03 pm
essence to suspend all discussions with respect to the nato russia council. when i was there i chaired something called the nuclear group. that nuclear group developed a series of confidence building measures that were short-term, mid-term and long-term. among those were discussions on nato and russia nuclear doctrine. those discussions that were candid and were very open. it was a very constructive dialogue. nato on its side was pushing to have russia provide information on their tactical or nonstrategic nuclear weapons, which they refused to do, but they were still willing to talk about doctrine and do it in a classified environment. we had three of those meetings. we also dealt with safety and security of nuclear weapons, and
7:04 pm
that process each nuclear weapons state, which, therefore, the united kingdom, united states, france and russia, conducted very specific safety and security exercises at each at a location in each one of those countries. they were very successful and they were really eye openers for the nato alliance as to how these countries would conduct a response to situations where a nuclear weapon might have been stolen. there might have been an accident. there might have been a detonation of some sort. the follow-on exercise was to be a nuclear weapon or nuclear device in a country that wasn't a nuclear weapons state. and russia decided they -- or asked that it be in one of the
7:05 pm
states that were -- that had the dual aircraft mission. none of the states came forward to have this exercise. another country did and the russians refused to participate. this was all happening in 2010 and 2011, and at that point there was no longer any discussion on transparency and confidence building. so i'm back -- i guess i'll just close up because i think it's good to have some discussions, but again as far as nato is concerned, they're very interested and keen on having a continued dialogue on these confidence and security building measures. that's not happening. and given the continued animosity and difficulties and challenges of the various accusations and allegations, i really don't see that happening in the very near future. how are we doing?
7:06 pm
i guess i can finish up by telling the story that i think aptly captures our challenges. and that is the story about two hunters that go hunting for bear up in alaska. they get up there, and they're dropped off by the pilot in this little airplane, and the pilot says, well, just let you know, i can only take back you two guys and one bear. three days later, the pilot flies back and there's the two hunters with two bears. and they start arguing. and he said, look, i can't do it. one of the hunters says, look, i'll give you an extra thousand dollars if you take us and the with the bears. okay. they load the two bears in the plane, the two hunters get in the plane, the plane takes off. he gets about five miles and crashes. and miracle, miracle, both hunters survive. one staggers up, looks around and says, where are we? the other one says, i think we're about two miles further than we were last year. so we continue to go down that path. and with that, i'll close and
7:07 pm
take your questions. thank you. >> thank you, guy. well, we do certainly have a lot of -- was it the same pilot both years? >> different pilot. >> i don't think so. we certainly have enough time for questions, and while you are all gathering your thoughts, let me just pick up on a few things. i know the agenda says that -- listed me as an additional speaker. i'm not going to talk. i've said enough. what i'm going to do is moderate a discussion and take your questions. on the nato russia council, guy, even if nato were inclined to resume some of those activities, do you think the russians would bite? >> i don't thing so.
7:08 pm
and part of the reason is, surprisingly for an alliance -- actually it was a year from last year. there are some very, very strong language that made it quite clear that there's no longer going to be business as usual with the alliance. for example, quote, russia has breached its commitments as well as violated international law. and that's a very big thing for europeans. thus breaking the trust at the core of our cooperation. and they lamented the fact that for two decades nato has gone to extraordinary lengths to embrace this relationship. but as i said, talking seriously about them becoming a member of nato. and as a result of crimea, as a result of the activities in eastern ukraine but also the things they've done and threatened to do in georgia and
7:09 pm
moldova and just a whole litany -- in fact, if you go on the nato website, they've actually listed the 25 years of mythical crimes that nato has committed against the russian federation and responded to that. and it's a long, long list. everything from nato promised that we would never deploy forces in eastern europe to we violated the nuclear nonproliferation treaty by training pilots to fly the nuclear mission. and just goes on and on and on. so it's really going to be hard, sharon, i think, to go back to a relationship. again, as i said at the very beginning i'm very disappointed at that in some respects. i think we should have been a little bit more forceful, the alliance should have been a little bit more forceful in trying to re-engage saying, look, where can we -- as steve has pointed out, where are the areas where we can start talking
7:10 pm
again and start building the trust and confidence. and that's why i said at the end of the day, this track two that we're engaged in will pay huge dividends and is really, really important. >> i think, sharon, i think that guy is largely right. but let me try just to add a little ray of optimism. i went through the early 1990s when i worked at the stit department on arms controls issue. you have the soviet walk out from both the negotiations on the arranged nuclear forces and on strategic arms reduction in the end of 1993 you had a deep freeze in u.s./soviet relations throughout 1984, then in early 1985, the soviets said we want to resume the negotiations and within 2 1/2 years you had the inf treaty and major progress on s.t.a.r.t. it's very hard to be optimistic about the current state of u.s., russia and west russian relations right now. but we shouldn't ignore the possibility there may be an opportunity to try to turn
7:11 pm
things around. so again, i think probably being pessimistic is the more realistic course now, but, you know, things can change fairly quickly. that's been demonstrated by relations between washington and moscow in the last 30 years. >> one other thing, steve, that you brought up, this question in talking about doctrine. and the russians are quite interested in talking about new technologies, right, whether it's precision-guided munitions or other things. and i quite clearly remember a question from one of the participants to the russians where it was asked, okay, well, how would you feel about a cyber attack? you know, does a cyber attack constitute an attack on your state? does it create an existential
7:12 pm
threat? and the answer was, well, okay -- from one russian, right? that depends on how successful it is. right? so that seems to be a very risky situation for us to be in. and i fully understand that these talks with russia and with everybody else on cyber security and on any kind of limits are difficult, but once you introduce the notion of, well, a nuclear response to a cyber attack, it seems to me we need some kind of forum for at least discussing these issues. and nato may not be the right place. i mean, i just welcome your thoughts on that. >> no, i think one of the things that came out of the discussion was that on the nato side, my guess is that the alliance is
7:13 pm
going to have to be prepared to talk about questions other than nonstrategic nuclear weapons if it wants to have a dialogue with russia on nonstrategic nuclear weapons. that would include questions like missile defense, traditional strike and might include issues like conventional forces because i do believe that at least now while the russians are in the process of modernizing the conventional forces there is a perception and i think it still reflects the reality if you look at nato forces and russian forces at the conventional level nato still has some significant, quantitative and in particular qualitative advantages. you have to have that broader discussion. where cyber fits into that, i don't know. and part of it may well be is i'm not sure yet that either the united states and russia separately have a fixed enough doctrine on cyber to have that conversation. now, you could argue maybe it's better to start the conversation before sides get fixed.
7:14 pm
but for all of the attention that's just talked about here in the cyber world, you know, i'm not sure i understand what american doctrine on cyber is. and i'll give you an example. because i do think that when the u.s. government thinks about cyber, how do you deter cyber attacks? and about, oh, four or five years ago i was out -- strategic command did this annual deterrence seminar in august where they talk about questions and at one time they had a very interesting panel on cyber deterrence. the question i posed and i'm not sure i received a good answer was when i look at deterrence in the strategic nuclear area, i understand what we're talking about because i can read hans christian's right and say how many strategic bombers does the united states have and how many intercontinental ballistic missiles. it's very clear to the world what backs up american strategic deterrence in terms of doctrine.
7:15 pm
if you look at the cyber side, it's still a pretty opaque world. we don't know how much does the u.s. military put into cyber, how many people are working this, what sorts of capabilities. so i don't know how deterrence works in that world when you're not communicating either side. if you conduct a cyber attack, here's what might happen. and we may have to be getting our own thinking a bit in order before we can have a useful conversation with the russians on that. >> let me just add, at nato we have a cyber center of excellence in talent and the genesis of that was a massive cyber attack from unknown sources, and as a result nato headquarters they've created a cyber division, very small, but one that is, again, not wholly endorsed by all the members of the alliance but is again
7:16 pm
recognizing the many challenges an difficulties, what is an attack and trying to come to grips with it by creating an infrastructure to deal with it and have a forum for discussion on that. and there was talk about having a working group like that in the context of the nato russia council just like we have -- i chaired for example a theater missile defense sub group in addition to the nuclear group in which we had very good cooperation with the russians up until 2008. again, they've structured themselves to try to deal with it, but again there's a long way to go. >> thanks. sharon. steve put his finger, i think on the sort of essential question. you kind of rephrased it, i think. does russia want to reduce the writ? and when we look at mh-17 and the response to mh-17 that
7:17 pm
certainly doesn't give one great optimism and certainly is a massive trust destroyer. but let me offer a ray of optimism. and it has to do, i think, with, you know, for us to participate in a track two, it really is track two. we don't really need to think about -- or i certainly don't, many of the participants don't need to think about whether the u.s. government endorses this or not. the russian system doesn't work that way. so just the very fact that we are able to hold these discussion discussions and have the level of representation we had from the russian federation says something that at least some areas in the russian government are supportive of continuing these types of discussions. maybe not in the context of a
7:18 pm
nato russian discussion right now as guy suggested, but in this context. and it just only emphasize the point that guy was making that what we are doing is all that much more important. >> thank you. it's time to take questions from you. so we have some roving microphones. and i just ask that you introduce yourself and your affiliation and i'll try and go in order. austin, can you come up? thanks. >> thanks. hi, my name's an dre cito, i'm a reporter with tass, the russian news agency. actually, my question is a direct follow-up to what you've just been discussing. first, i think it's an important discussion. thank you for having it. second, for me as a journalist, it's hard to even cover this event because i do not
7:19 pm
understand its practical significance. so i have a group of eminent experts who seem to be agreed that the dialogue is needed. from all of you, you are official dialogue on confidence building, on trust building all of that. like andrew just said on the russian side, it's probably sanctioned in some way even on track two, but what about the american side? so you are all for it. so what does it mean? you also seem to be all agreed that the west and the u.s. are not willing at this point to restart the dialogue. that's my question. what does it mean? what does this panel mean? what does your opinion matter for washington?
7:20 pm
>> let me try briefly. and then i'll let the diplomats take over. yes, this is track two, but remember also our sponsor for this dialogue was the u.s. government. and so -- and there was definitely interest in the u.s. government. we had some government speakers at our -- that did not participate formally in the dialogue, but did attend, gave luncheon and dinner notes. i know anecdotally, not on an official level, that there is great interest in what was said. i don't know that the u.s. government has plans to follow up on this. that's beyond my ken, but yeah,
7:21 pm
it's not quite -- i don't know if i would say it was totally track two, totally track 1 1/2. steve put it quite well. both sides have a big interest in reducing some of the risks that are currently -- not entirely nuclear, right, but the risks in these inadvertent escalation, and so to the extent that this may contribute to helping mitigate some misunderstandings, i think there's great interest in it. the panelists? >> a great question, andrei. but just on the value of the event today, okay, this event is being streamed live on the internet, and i believe that c-span is also broadcasting the
7:22 pm
event. so i think there is a value simply in the role of public education that we are talking about this. reasonably serious people, knowledgeable people, and we think that there is a problem and that maybe -- maybe this can possibly have some influence outside of the building in a multitude of ways. >> i just add two points briefly. any time i've had a conversation with somebody in the u.s. government about a track two after i've been involved in, the u.s. government supports these type of things. they think that these contacts are useful. they keep a dialogue going. sometimes they produce ideas which can then work their ways into official channels. the second point i'd make, at least this would be my view, is that in the aftermath of russia's military seizure of crimea and russian military action in eastern ukraine, it was appropriate for nato and russia -- for the nato to
7:23 pm
ratchet down the nato/russia relationship. there have to be political consequences to egregious bad behavior. but the feeling of most of the american participants in the workshop it might make sense for nato to relax that and open up the way for a nato/russia military-to-military dialogue particularly on the issue of how do you avoid accident and miscalculation when you have an increased tempo of nato and russian military forces operating in close proximity? so we say, let's open the door to that. now, having said that, i also think in my own mind i'm not sure whether the russians would say, yes, we want to have that dialogue. but i would argue that it would be worthwhile for nato to try to do that because neither side should have an interest in a conflict that begins by miscalculation or accident. >> thank you. i saw a question.
7:24 pm
first this young woman here. >> thank you, university of maryland. i follow the story from the allies' perspective, particularly from turkey. so my question had to do with the follow-up on the idea that nato is not prepared to reaffirm its commitment to the. when it comes to the reluctance to host the tactical nuclear weapons versus the ones who are eager to receive the modernization of the war heads and the next generation of dual capable aircraft. how much longer can nato actually continue pursuing its policy of avoiding talking about the treenos? are we actually going to see new countries particularly in eastern europe who will take over the mission? >> great question. guy? >> well, i don't think -- that's
7:25 pm
right. that's a good question. it's complicated. i think clearly right now nato is re-looking at its nuclear policy. and they're going through a somewhat of a bureaucratic process to see if anything needs to be changed. the fact of the matter is nato conducts nuclear exercises, but they don't announce them. it's not public. if you look at the handout and i commend that to you, there are several good papers in there, including mine, and the report. but i have a slide in there, for example, that shows that if a nuclear mission for nato was ever required, that up to 16 different nations would be participating in that forward deployment again to send a political message of the solidarity of the alliance.
7:26 pm
and part of the burden sharing ongoing process that we have today is all the other nations are looking for ways in which they can participate in some way other than holding the annual nuclear policy symposium. how they can actively participate. now, given the current circumstances, there's been a lot of talk about the possibility of forward deployment. as far as i've seen, at least -- in my discussions with people at nato, not only talking about a moving nuclear weapons and having them be permanently stationed, but there is, you know, discussion about, well, what more can we do? and how can we, back to the messaging part of that, a huge part of messaging is solidarity with as many nations as possible actively participating. with the three noes, one thing that people forget about the three noes is at the end of that
7:27 pm
sentence, based on the current policy situation. the policy situation has changed. so you do get some people talking, well, the situation's changed particularly some of our eastern european allies. they say those three noes are no longer relevant and we need to re-examine it. but from an overarching alliance standpoint, i don't see any changes certainly movement of those. and it wouldn't from a technical standpoint have any relevance anyway, to be frank. but again, that's not to say that we aren't continuing our exercise exercises our justice department have a good job of announcing those that we try to keep secret. >> the three noes, just a little bit of history. the three noes were nato said back in 1997 when it -- and the founding act and this was incorporated in the nato russia founding act.
7:28 pm
but nato policy that said as a result of enlargement, no intention, to plan, to requirement to deploy nuclear weapons on the territory of new nato members. and i agree with everything that guy just said about the importance of nato consultations on nuclear questions. the importance of burden sharing, but i would also argue, i missed this part of the discussion in october because i would have said we probably could reaffirm the nato three noes. it seems to me there have been some suggestions in the last five or six months from some course here in washington, not in the government but outside about maybe a response to russian bad behavior in ukraine should be to move american nuclear weapons to place like poland. i personally thing that would be unwise on three counts. first of all, deploying those weapons from their current locations to a place like poland makes them actually much more vulnerable to russian preemptive strike in a crisis. the missile deployed in
7:29 pm
leningrad could cover two-thirds of polish territory. i don't mind in the current sense the circumstances being provocative towards russia but putting american nuclear weapons in a place like poland would be really provocative. think 1962 and the cuban missile crisis. the third reason is if if united states were to go to nato and say we want to move some of our b-61 bombs and the delivery aircraft to locations in poland, you'd have a majority of allies saying are you out of your mind? so an idea that makes weapons more vulnerable, really ticks off the russians and causes dissonance disruption with the alliance doesn't seem to me as a particularly safe policy. >> piper's three noes. >> so while it makes sense in parallel with the three noes, nato also at the time said that, again, in the current and foreseeable security circumstances there would be no requirement for permanent stations of substantial
7:30 pm
conventional combat forces on the territory of nuclear allies. i think that there's a discussion to be had about that question, but it seems to me that the three noes which still apply because i don't think it buys you anything in military terms and it buys you lots of problems if you start changing that. >> as i said, from a technical standpoint, we saw no need to do that. take away all those others, but will it give us added benefit and make us more capable, and the answer is no. >> four noes. >> we hit a question right back there. >> edward ift, georgetown university. sharon raised the question of what do the russians think about the suspension of all these working groups. i was at a conference several months ago which ambassador kisliak spoke. he was lamenting the suspension of these groups. he said that we, russia, would like to resume them but we're not going to beg. i think that's your answer. >> other questions here and then
7:31 pm
there. >> thank you. so pew research center released interesting results of its poll conducted in several nato countries. ukraine and russia. and one of the things that the polls showed is a very sharp divide within nato on the article v commitments. and how do you -- what do you think? how does that affect further progress on limiting nonstrategic nuclear weapons? in europe. >> yeah, i saw that poll. my guess is i can go back to the 1970s and 1980s and find very similar polls. i'm not sure how much weight to put in them. i think nato governments very seriously understand what article v's about.
7:32 pm
and i think that they understand that supporting each other in article v is essential to maintaining alliance. i see that as a totally separate question from the issue of nonstrategic nuclear weapons. >> hi. gary slergeant. i'm retired army officer. nonstrategic nuclear weapons, they're hard to find. someone could comment on the remote sensing piece you talk about. one thing would be at the operational level, who has launch sort of capability, if that's even something you guys are -- can share or understand or believe from russian? in toefrerms of authorization. what level? down to tactical division, army
7:33 pm
commanders in terms of executing? because i'm always worried about mistakes. because the army and everybody makes mistakes all the time. >> yeah, the -- well, it's a very long -- if there was a scenario where we would actually contemplate the use of nuclear weapons, then there's a process that we go through. it's actually interesting -- is that what you're talking about. >> no, i'm talking on the russian side. >> if you guys know that. >> on the issue of remote sensing, the challenge that you face with nonstrategic -- well, in arms control, right, the closer you get to the warheads, the more intrusive the monitoring will abouty. you you can talk about nonintrusive monitoring and remote monitoring. we did talk about -- i'm trying
7:34 pm
to remember the technology. muon radio technology. i think we're all political scientists, i'm not sure here up on this panel. but -- oh, you need to ask them that question. no, but these are, you know, our national labs have been involved in this kind of technology development for decades. and thathe issue there is, you know, if you were to sign an agreement in 10 or 15 years, you would already need to be starting that development today. so there are long lead times for some of this stuff. i know i'm not giving you a very good specific answer, but there are, i guess, i think nancy judd
7:35 pm
nicholas described some of them in detail in the paper that's available on our website. but the point is, you need to start that collaboration now. in the earlier year, if you do that collaboration with the russians, then you all have buy-in to particular techniques and approaches. >> one point at the october workshop where we had someone at the u.s. labs give a briefing on this muon radiography. they showed a slide and said with this technology, one m away from the thing you could tell is that a nuclear warhead or not. i raised my hand and said, please tell me that's one mile. they said, no, that's one meter. we're still talking about limited technology. to sharon's point and pretty much everyone agreed on the american and russian side that there would be value in having a dialogue right now between america and russians and others, it said, how do you develop verification technologies looking to getting questions
7:36 pm
that go beyond current treaties. how would you, for example, if you wanted to monitor a limit on nuclear weapons in storage, what would be the sorts of technology that you need? and actually putting time and effort into developing them now so if political circumstances reach the point where you could get that treaty, the treaty wasn't held up because you didn't have the verification techniques. and to the extent that you could develop some of those technologies and techniques in a cooperative manner where it was not coming from an american lab or a russian lab, coming from a joint effort, that technology actually in the end might be more acceptable to both sides. i think the state department in december of last year announced an effort to try to promote development of further technologies in the area of verification and to encourage, you know, universities to make contributions. what i don't have a good fix on is how much funding went to that thing. but they are beginning to think about how do you develop
7:37 pm
technologies so you have things on the shelf and the absent of a particular monitoring technology does not prevent a treaty from going into force. >> richard fieldhouse, former senate staffer doing community service work. i wanted to provide a context and a question -- and you've all explained under the current circumstances with the ukrainian crisis left unsolved and the risks from that and the official dialogues have come down, there's wide agreement that this is not a time when there's going to be any likely progress on this issue and maybe if there's some political resolution to the ukraine crisis that would change dramatically. but there's an avenue i want to explore. i know some of you have thought about this. the new s.t.a.r.t. agreement, the new treaty will come to an
7:38 pm
end at some point. and there may be an interest both in the united states and russia in either continuing or doing something additional, so there are restraints on both sides and there are strategic nuclear forces. i point out that from the senate standpoint when the senate considered the new s.t.a.r.t. treaty and in many communications it's been a clear and official part of the senate perspective that any future arms control russia would have to include nonstrategic nuclear weapons. and that's actually written into the resolution of advice and consent ratification and required the administration to actually make an official approach to russia to begin the dialogue on these nonextra steejic nuclear weapons. the question is can you foresee a time when that might be the avenue, if you will, to having serious official dialogue on the
7:39 pm
issue? >> again, i try to be optimistic about these things. i do believe that even though you now have a difficult situation between washington and moscow, that at some point, maybe it's 2018 to 2019, that the russians will have an interest in having a dialogue about what happens with new s.t.a.r.t. the new s.t.a.r.t. treaty entered into force in 2011. by its terms it expires in february of 2021, although the sides do have the ability to extend the treaty by mutual agreement by up to five years. while the russians have shown little readiness in the last four years to go beyond new s.t.a.r.t., i do think that they would want to have a continuation of some kind of american strategic forces and a certain amount of transparency particularly if you talk about the timeframe of 2020/2021 which is when u.s. modern strategic
7:40 pm
programs with the ohio class ballistic missile serving a as replacement with the new strategic bomber and possibly a new intercontinental ba list can missile, when those are coming online, i would thing the russians would like to have some kind of cap. the question then becomes would american negotiators be able to use that russian interest as levers to say, okay, now we have to go beyond strategic and talk about nonstrategic. that will be a judgment they have to reach at time. whether that gives the russians enough leverage to try to reach something. i would like to see the next step? u.s./russia arms control moving beyond just strategic or just deployed strategic and movie to a treaty where at least one aexpect would be a limit on the total number of nuclear weapons deployed, nondeployed, strategic, nonstrategic. but i think we won't know for a number of years until we get na
7:41 pm
negotiation where it gives us the leverage to get them to broaden the number of systems covered to pick up nuclear weapons beyond strategic. >> did you want to add something? >> yeah. it's an excellent question. and my honest answer is maybe. russia to prone to nonlinear events. so extrapolates where we are in 2015 and assuming that will be the situation in 2018 or 2020 is risk risky. i would say, though, that one key positive step and this is obvious, you're going to get to this point where i think you would like to be is that there has to be a resolution of the situation in ukraine. and that resolution with the
7:42 pm
ukraine situation then has to include a broader discussion about european security. and then if there's progress on that, then i think, you know, this could be more possible. but there has to be some facilitating conditions that happened before that's able to happen. >> we have a question up here, then over to there. >> mill tan koenig, international center for tourism studies. you mentioned in your workshops there were provocative ideas mentioned with the safety and security of nonstrategic weapons. was the -- were the ideas presented by the americans substantially different from those presented by the russians
7:43 pm
in their, you know, originality? could you contrast any of these? you mentioned some of the ideas that were presented? >> sure. actually, it was our european who -- but that's okay. this was the topic that i assigned to him. and actually, the -- what i meant by provocative was just that at a time when you're even struggling to find venues to talk to russians, the notion that you could talk to them or have joint exercises or anything else about safety and security of these tactical nuclear weapons was -- it was a little counterintuitive. that's why i said it was provocative. the recommendations or the ideas that -- and it was oliver meyer from the -- i forget what you call it -- what is it?
7:44 pm
peace research institute. >> good german scholar. >> good german scholar in association. these built on things that we've done with the russians already in terms of exercises but trying to push a little bit more. so there were six items, and you can read about them in the report, but just briefly, joint assessment of the risk. and you know if anybody lass be -- has been following the nuclear security summit context, you know that any discussions of risk assessments are very taboo. we're certainly not going to do that with the russians now because they're not attending the nuclear summit in 2016. you could also, as i said, flip that around and talk about site security improvements. you can share best practices. you know, this is how -- in a
7:45 pm
generic sense. you could have exercises focused on accidents or incidents and associated consequence management. you could develop incident response procedures. you know, so, for example, you could consider -- i'm just going the freed the report. tabletop and joint exercises to develop and test procedures for responding to different crisis scenarios. some of these things are borrowed from the nuclear security world. you could set up a 1540, the u.n. security council resolution 1540 joint working group to explore challenges specific to safeguarding nonstrategic nuclear weapons by access by nonstate actors. you could -- and then this is really a holdover to the other areas, initiated dialogue between nato and russia on measures to avoid this unintended escalation of military encounters. so i wouldn't call these
7:46 pm
necessarily provocative. the question is do you have -- you know, what's the hook to initiate or resume some of those things that had been done under the nato russia council. sure. go ahead. >> i wanted to add something to the previous question. let me be a little more frank. i've been pretty pessimistic, frankly, about having a discussion with the russians about nonstrategic nuclear weapons. i mean, even if these -- the conditions that i talked about happen, the structural situation, the structural security situation that russia faces and the asymmetry and the importance for nuclear weapons for russia, that's not going to go away in five years. that's likely only going to increase so from their perspective make that discussion even harder to make progress on. we weren't able to make progress on that in 25 years really.
7:47 pm
in the 1990s when it was a much more felicitous political environment. so to think in five years when i think the structure or the core problem, the strategic mismatch is going to be worse, i think it's going to be tougher. >> i would just add to that, overwhelmingly after these two dialogues what i come away with -- and i think steve, you said it earlier -- you can't -- it's very difficult to just put these nuclear issues in a box. when we said, look, you need to have a new dialogue or when these participants said you need a new dialogue on european security. how do you get there? who do you include? you need to talk about issues that -- or concerns from both sides. i don't say this to be a pollyanna. i've spent years outside of the government actually doing negotiations on arms control.
7:48 pm
but there are some russian concerns or issues that are not going to go away. i mean, we can't simply, you know, keep deploying missile defenses and pretend like it doesn't matter or that there aren't issues of concern with that. we have our own security interests to consider, obviously. but you know, so the real question is can you -- you know, if you can't get anywhere on nonstrategic nuclear weapons in a purely nuclear avenue, are there other things or is there a broader discussion where you might make progress on that? you know, and this is not simply the gee, we'll trade tack nukes for ballistic missile defenses. obviously, nobody is recommending that. but you have to at least have those discussions not in the press but face-to-face. >> again, there's an antecedent
7:49 pm
to that. if you go back to 1985 when the united states and the soviet union resume nuclear arms discussions it was done in the nuclear and space talks where you had a group on strategic nuclear forces, a group on nuclear intermediate range forces and a group on defense in space because the soviets s at e time said, we also need to have a dialogue that covers our concerns about things like american missile defenses. now, in the end, the defense in space talks did not produce an agreement, but the context of that overall discussion then created a framework where you can get the inf treaty and the s.t.a.r.t. i treaty. >> in 2011, one of the big hopes for the obama administration was to reach a mandate with the russians about missile defense. in fact, that failed. and i think it failed prime alir because we weren't really ready to talk about missile defense in
7:50 pm
the broader context of strategic stability. where you bring in the role of strategic offensive weapons, nonstrategic nuclear weapon, p guided munitions, space weapons. it was my hope in 2013 when the obama administration was trying again to engage in this that at least, to me, success in those events of the spring and summer of 2013, to me, i would have said if we agreed to a framework for discussions of strategic stability. i don't think we can make progress on looking at nonstrategic nuclear weapons off to the side. >> i saw one last hand up. >> hi, i'm meg kelly.
7:51 pm
this was briefly mentioned, but i was hoping you could speak further specifically about china and russia's willingness to move forward with dialogue and arms reducti reduction. >> the formal russian position, as i think it has been articulated, is that the next stage in nuclear arms limitation talks should not be u.s.-russia. it should at least include britain, france, and china. i agree in principle at some point at some time the dialogue needs to be a unilateral one. i think if you look at the total american and russian nuclear arsenals each of those countries is 4500 total nuclear weapons. france and china would be close to the next largest company at
7:52 pm
about 300 weapons apiece, so i would argue that ultimately you have to get into a multilateral dialogue, but it does seem to me there's significant room for one more bilateral u.s.-russian negotiation. if washington and moscow agreed to cut their totally nuclear arsenals in half, that would be six to seven times larger than the nearest third country. the russians are saying, no, the next negotiation has to bring in third countries. there might be a half step that you could do because i don't believe that the chinese are going to be prepared to say, yes, we're going to make a commitment to a treaty of not above 300. could you ask the chinese, the british, and the french to undertake a unilateral political commitment. we will not increase the number of our nuclear weapons as long as the u.s. and russia are
7:53 pm
reducing. >> meg, it's a great question. there's no question the russians are concerned about what china is doing and could possibly do in modernization and expansion of their nuclear weapons capability. over the years, they've been frustrated, i think, at least in discussions with me about what they see as a lack of transparency in chinese programs. now, the china-russia relationship at some level is a black box for us, so you can't answer the question with any certainty, but i think it was significant back in 2006 or 2007 the russians approached the bush administration with the notion of trying to multilateralize the inf treaty. i think the bush administration's response was, well, sure, try, good luck.
7:54 pm
that would be great, but was not really met with certainly any interest. i think it was the concerns principally about china that was motivating the russians at the time. >> that raises an interesting question, which is that sometimes, especially when you're at nato, you forget the rest of the world also has issues and interests. that was brought home to me when i was -- had a visit by the japanese ambassador in brussels who had heard about nato's discussion with the russians about various ideas concerning nonstrategic nuclear weapons, which is why don't you just take them all that is west of the euros and move them east of the euros. that prompted the visit that said, gee, that's going to upset the whole balance that we have in this side of the world and that's not really such a good
7:55 pm
idea. one of the ideas floating around was to take them and move them so they would be less than a so-called threat to nato. so there is a concern that that you need to take into account. a broader strategic outlook needs to be addressed when you're dealing with this very small issue of nonstrategic nuclear weapons. >> panelists, do you have any last comments? all right. thank you all for your time and attention today to this important topic. i hope that even though -- the fact that everyone showed up on a friday before labor day means we're ready to come back from our strategic holiday and work on these important issues. let me thank very briefly our external relations staff, my staff, for helping put this all together, and finally please help me thank our panelists. [ applause ]
7:56 pm
he was a nazi. he was a concentration camp commandant, and he was responsible for the murder of thousands of jews. >> this sunday night on q&a jennifer teiga on her life altering discovery that her grandfather was the nazi concentration commandant. >> we would see a tremendous cruel person, a person who, yes, was -- i mean, he was capable of -- he had dogs, two dogs. he called them ralph and rolph.
7:57 pm
he trained them to tear humans apart. there was a pleasure that he felt when he killed people. this is, yes, something when you're normal, if you don't have this aspect in your personality, it is very, very difficult to grasp. >> sunday night at 8:00 eastern and pacific on c-span's q&a. all persons having business before the honorable supreme court of the united states are admonished to draw near and give their attention. >> number 759. ernest, petitioner, versus arizona. barbara madison is probably the
7:58 pm
most famous case this court ever decided. >> slavery wasn't legally recognized. >> putting the brown decision into effect would take presidential orders and the presence of federal troops and marshals and the courage of children. >> we wanted to pick cases that changed the direction and import of the court in society and that also changed society. >> so she told them that they'd have to have a search warrant, and mrs. mapp demanded to see the paper and to read it, see what it was, which they refused to do, so she grabbed it out of his hand to look at it and thereafter the police officer handcuffed her. >> i can't imagine a better way to bring the constitution to
7:59 pm
life than by telling the human stories behind great supreme court cases. >> fred boldly opposed the forced internment of japanese americans during world war ii. after being convicted for failing to report for relocation, he took his case all the way to the supreme court. >> quite often in many of our most famous decisions are ones that the court took that were quite unpopular. >> if you had to pick one freedom that was the most essential to the functioning of a democracy it has to be freedom of speech. >> let's go through a few cases that illustrate very dramatically and visually what it means to live in a society of 310 million different people, who help stick together because they believe in a rule of law.
8:00 pm
>> landmark cases, an exploration of 12 historic supreme court decisions and the human stories behind them. a new series on c-span produced in cooperation with the national constitution center debuting monday, october 5th, at 9:00 p.m. tonight on c-span 3, a house intelligence committee hearing on global cyberthreats. then the director of national intelligence james clapper had this week's national security summit. the house science committee holds a hearing on last month's toxic spill in silverton, colorado. the heads of several law enforcement and intelligence agencies, including cia director john brennan and fbi director james comey, testified at a
8:01 pm
house intelligence committee hearing about global threats to computer networks and recent day that breaches. >> i want to thank director clapper. i would still like to thank director clapper. we know that all the witnesses time is very valuable, and we want to take advantage of that today, so i'll keep my comments
8:02 pm
brief. this committee has traditionally hosted an open worldwide threats hearing to better educate the public on current dangers we face as well as to showcase how the intelligence community is working to combat these threats. the focus of this hearing is cybersecurity or given the current state of affairs, cyber insecurity. over the last several years, cyber attacks have become common place in the united states. anthem blue shield, home depot, sony, target, jpmorgan, chase, and other companies are just to name a few have been subject to major attacks, resulting in the compromise of personal information of employees and customers alike. these are just the breaches we hear about in the news. there are many, many both large and small, occurring each and every day across our nation. the u.s. government is certainly not immune. opm, irs, the pentagon's joint chief of staff -- or the joint staff, and just this morning we learned the department of energy was successfully hacked 159 times. these high-profile assaults are eroding confidence in our government's ability to counter
8:03 pm
the threat. i share the public's concern. in fact, i recently learned that the very apparatus that the department of homeland security uses to allow the private sector to share threat indicators with the government, the protected critical infrastructure information program, has not had a security audit since 2006. this raises serious questions about an agency that many government representatives believe should be at the heart of our cyber security strategy. i want to place the intelligence community on notice that we will be requesting information regarding your cybersecurity practices and procedures in the coming months. the government should not even think to impose standards on the private sector before it can maintain the security of its own systems. as congress continues to debate information sharing legislation, we must ensure that the government entities involved in the sharing process are absolutely secure. especially if we allow the private sector to share cyber threats with just one government entity, dhs. in closing, i call on the senate to take up the legislation seemingly every day another breach is exposed with severe implications to our economy, our privacy, an our national security. the time has come to put politics aside and give our country the tools it needs to defend itself from these malicious attacks.
8:04 pm
with that, i'll yield to the ranking member, mr. schiff. >> thank you, mr. chairman. thank you, directors, for joining us today. thank you so much for your service to the country. i'm pleased we're holding this hearing in open session, and it's telling that our committee open hearings this year have been focused on cyber, the challenge of securing our networks, and related issues of encryption and terrorist use of social media are among the most pressing challenges we face. the threat to our public and private networks is all too apparent. in the past year alone, we have seen highly publicized hacks of sony pictures, not far from my district, intrusions into health insurance providers promera and anthem. and a devastating hack into the office of personnel management. these three instances, which took place in the context of thousands of other intrusions every day, show the breadth, scale, and crippling potential of the threat to our economy, our privacy, and our national security. there are no simple answers to these problems.
8:05 pm
in fact, some of the steps we can take to better secure our data and our privacy can have unintended consequences. a good example are the largely welcome efforts to make our networks more private and more secure by using pervasive encryption so that even if hackers steal the data, it would be gibberish without the key to decode it. the broader adoption of stronger encryption, however, particularly in communications, can simultaneously allow terrorists and criminals to plot in ways that law enforcement and the intelligence community cannot access even with a valid warrant. even open communications on the internet pose a challenge. social media has proven a democratizing force throughout the world but is now increasingly being used by isis to spread messages of hate, repression, and violence. so the question is what we do about cybersecurity. the unintended consequences of encryption and the use of social media to radicalize. these are immensely challenging and inextricably linked problems, and i don't profess to know all the answers, nor should anyone in washington.
8:06 pm
but i do want to lay out several principles that should guide our response. first, we need to have a broad discussion across industry, government, academia, and the public. last week i went to silicon valley where i held a series of very productive sessions with a number of leading tech companies. i'll continue to have these conversations, and i encourage others to sit down with them as well. we in d.c. just can't tell tech to figure it out. we have to work with them and others to find the best mix of incentives, standards, and technological solutions. in these discussions, we in government must also recognize legitimate economic considerations of our global tech sector and the excellent work they already do voluntarily addressing some of these issues. at the same time, we have to recognize the legitimate need of the populous for privacy, legitimate need of law enforcement and the intelligence personnel to keep us safe, and the industry's legitimate need to protect intellectual property from hackers. this collaboration should also take place on a technical level.
8:07 pm
i'm pleased to see government agencies like dhs and nsa, for example, continue to partner with universities through grants and cyber challenges to develop safer and more secure technologies and to deepen this country's cyber literacy. we need to do more of this academic and technical collaboration. second, government and the private sector must take joint ownership of the problem of cyber security. it's no longer enough for senior government officials or corporate leaders to simply call in tech support, nor can we afford leaders who take pride in not understanding the technology that underpins their organizations. third, we must grow the government's cadre of cyber experts. we must invest in and atrack the best, the brightest, and the most creative to work on behalf of the nation's security. the digital revolution was made possible through the marriage of technical savvy, creativity, art, and science. those who could identify the need and those who could fill it. we must keep this in mind as we develop our bench of cyber experts. fourth, we have to develop communication in advance to
8:08 pm
responses of cyber attacks and intrusions to generate a deterrent. for example, in the wake of the attack on sony, north korea must face tangible, meaningful consequences, and others must know the potential consequences of future attacks or offensive cyber action. and fifth, we need to advance legislation that catalyzes solutions. our cyber information sharing bill, the protecting cyber networks act, would do exactly that. this measure would essentially crowd source solutions to cyber threats by allowing private industry and the government to share malware in order to understand it and create solutions to defend against it. already there are private/public cyber public sharing arraignments, which are proving invaluable, be it the risk information sharing program or among the private sector as in facebook's threat exchange. this legislation, which is awaiting action in the senate, would allow these models to go nationwide. ultimately, the threat of a
8:09 pm
cyber attack presents no easy solutions. offense is cheap and relatively easy, while defense is expensive and far more complex. needs of communications that secure our privacy can be used to try to tear us apart. but these complex challenges are not an excuse to throw up our hands. i believe that through close collaboration and discussion we can take steps to better secure both public and private networks from intrusion in order to save lives and jobs. i look forward to hearing from our witnesses about how we can do just that. i thank you, mr. chairman, and yield back. >> i thank the gentleman. we created an nsa cyber committee this congress, and the chairman of that committee i'd like to recognize for an opening statement is mr. wes moorland from georgia. >> thank you, mr. chairman. i appreciate the witnesses taking the time out of their busy schedules today to come and testify. as the chairman of the nsa and
8:10 pm
cyber subcommittee, i've had an opportunity to see cybersecurity from a unique position. i've witnessed the amazing talent and tireless work undertaken by certain elements of our government represented here today and by particularly the nsa ability to identify and defend against cyber threats. at the same time, i've witnessed the shocking incompetence of other elements in our government which have resulted in unprecedented privacy breaches and threaten our national security. it is essential that everyone understands the gravity of this situation. we are under attack right now in the united states. every second, every day there are attacks occurring somewhere in this country. some appear relatively harmless. others are clearly a threat to our economy, our privacy, and our national security. in recent years, we have witnessed the theft of our nation's industrial secrets, attacks on our financial institutions, and much more.
8:11 pm
while it's important to keep sensitive programs classified, these types of open hearings provide much-needed education to the public. i want to commend the chairman for having this open hearing. we are only as strong as our weakest link, and the security of our networks is all of our responsibilities. again, i would like to thank the witnesses for coming today, taking your time out, but also the part that you play in protecting our national security. i look forward to hearing your testimony and working together with each and every one of you to make sure that our nation is safe against any cyber attacks. thank you. >> gentleman yields back. i'd like to introduce the ranking member of the nsa cyber committee for an opening statement. >> thank you, mr. chairman. thank you, all, for coming and participating in this open hearing on a really important topic. i've had a chance to review the written testimony. i know that we're going to hear quite a lot about the risks, the costs, and the players associated with cyber attacks on
8:12 pm
our country, these attacks we all too often see on the front pages of the newspaper. we should do all we can, and i think the chairman and the ranking member have laid out a whole variety of things we should be doing. what i don't hear and what i want to spend just a couple minutes on this morning, because i think it's really critical, essential, that we commit ourselves as a country to force and lead the establishment of some rules of the road internationally on how warfare and crime frankly is conducted in the cyber realm. we don't know today what constitutes an act of war. we don't know what an appropriate response is. we don't know where the line is drawn between crime and warfare. this is something we should be leading on. something that perhaps is analogous to the geneva accords, which have existed for almost 150 years now and worked on internationally for 150 years.
8:13 pm
there is currently no comparable effort to set something like that treaty up so that we all understand the rules of the road. admiral rogers, we had a brief exchange on this in an open hearing a couple months ago, and you assured me that this was, in fact, something that was on all of your minds. but i just don't see much, and i don't hear much. why is this important? again, the questions don't have ready answers. is stealing classified information from us an act of war? or is it just an act of espionage that we do to each other and maybe we even grudgingly admire those who can pull off that kind of espionage? what about if that espionage leads to the death of a source or the death of a hundred sources? what if that espionage leads to the death of americans? at what point does it become an act of war that's responded to in the cyber realm? at what point is it an acted of war responded to outside of the cyber realm? i don't know that we know the answers to this question. there's another important reason to take this up, which is that this is something that i think we can achieve.
8:14 pm
our global geo strategic foes, whether you're thinking of the iranians, the chinese, the north koreans, or the russians, they have a common interest with us in understanding what the rules are and how we might react and how perhaps they should react in a variety of different situations. if we do this, we will also isolate non-state actors. this is a realm a lot of today is going to focus on, asymmetry. this is a realm in which i suspect asymmetry is particularly a challenge for us. my guess is that five motivated coding ph.d.s in a basement somewhere can create a real threat for us. i also fear that if we don't do this, we'll be on a continual technological treadmill and i think we'll always be a little bit ahead on that treadmill, but we'll always be looking over our shoulder as others drop the t technological and engineering capability to get through our
8:15 pm
defenses. doing this successfully i don't think results in this problem going away any more than the geneva convention eliminated war. i think if you look at the 150 years of the geneva convention, it has done some really essential things for the world collectively. so i think it's up to us as members of congress to push this, but i would just ask that we discuss it some today, that you give your thoughts and perhaps an update on whether we're making any progress in this area and as leaders in the intelligence community, you would prioritize an effort that i think could make a real difference. thank you. i yield back the balance of my time. >> i thank the gentleman. director clapper, i said some really nice things about you right before you walked in. so you'll have to watch the replay on c-span over the weekend to see those nice comments. but it is really a pleasure and an honor to have you and your team here to testify in public before this committee. we have your statement for the record, but we'd like to give you an opportunity to express what is in your statement that you provided to the committee. you're recognized for five minutes. >> thank you. chairman, ranking member, members of the committee, i want
8:16 pm
to testify here on the intelligence committee's worldwide threat assessment at the end of february. cyber threats again led our annual threat report. this was the third year in a row we've done so. my colleagues and i are here today to update you on some of the cyber threats that face our nation and their intended national security implications, much of which you've already discussed. we will, as you understand, run into some classified aspects that we won't be able to discuss as fully in this open, televised hearing. i do want to take note of and thank the members of the committee who are engaged on this issue and have spoken to it publicly, as you did here this morning. so in the interest of time and to allow for questions, this will be the only formal opening statement, and then we'll open it up for your questions. i'll briefly cover -- >> director clapper, i didn't realize, but i think we were going to give you ten minutes, so don't feel like you're on the clock here. >> all right. thank you, sir.
8:17 pm
i think we should be able to get this done within ten minutes. my colleagues and i will be, as i said, open for your questions. so before i begin, i do want to note, and i guess forgive the commercial, but the events of the last few months have reinforced my belief in the need for a ctec. cyber threats to the u.s. national and economic security are increasing in frequency, scale, sophistication, and the severity of impact. and although we must be prepared for a large armageddon scale strike that would debill -- debail -- debilitate the entire
8:18 pm
structure, it's not our belief that's the most likely scenario. rather, our primary concern are the low to moderate-level cyber attacks from a variety of sources, which will continue and probably expand. this imposes increasing costs, as you indicate, to our businesses, to u.s. economic competitiveness, and national security. because of our heavy dependence on the internet, nearly all information communications technology and i.t. networks and systems will be perpetually at risk. these weaknesses provide an array of possibilities for nefarious activity by cyber threat actors, including remote hacking intrusions, supply chain operations to insert compromised hardware or software, malicious actions by insiders, and simple human mistakes by system users. these cyber threats come from a range of actors including nation states, which fall into, at least in my mind, two broad categories. those with highly sophisticated cyber programs, most notably russia and china. those with lesser technical capabilities but more nefarious
8:19 pm
intent, who are also more aggressive and more unpredictable, iran. with respect to non-nation state entities, criminals motivated by profit, hackers, or extremists motivated by ideology, all are of course included in this threat. profit motivated cyber criminals rely on loosely networked online marketplaces often referred to as the cyber underground or dark web that provide a forum for the merchandising of illicit tools, services, and infrastructure and stolen personal information and financial data. the most significant financial cyber criminal threats to u.s. entities and our international partners come from a relatively small subset of actors, facilitators, and criminal fora. terrorist groups will continue to experiment with hacking which could serve as the foundation for developing more advanced capabilities. with respect to the impacts, again you've alluded to this already, cyber espionage undermines confidentiality. cyber threats and actors, particularly criminal and terrorist entities, undermine
8:20 pm
data confidentiality. denial service operations and data deletion attacks undermine availability. in the future, i believe we'll see more cyber operations that will change or manipulate electronic information to compromise its integrity. in other words, compromise its accuracy and its reliability instead of merely deleting it or disrupting access to it. with respect to counterintelligence impacts, as illustrated so dramatically with the opm breaches, counterintelligence risks are inherent when foreign intelligence agencies obtain access to an individual's identity information. foreign intelligence agencies could target the individual, family members, co-workers, and neighbors using a variety of physical and electronic methods for extortion or recruiting purposes. while speaking of the opm breaches, let me say a couple words about attribution, which is not a simple process.
8:21 pm
it involves at least three related but distinct determinations. the geographic point of origin, the identity of the actual perpetrator doing the key strokes, and the responsibility for directing the attack. in the case of opm, we've had differing degrees of confidence across the ic in our assessment of responsibility for each of these elements. of late, unauthorized disclosures and foreign improvements have cost us technical accesses. from cybersecurity investigations of incidents caused by foreign actors, we are also deriving valuable new insight and new means of aggregating and processing big data. in summary, the cyber threats to u.s. national and economic security have become increasingly diverse, sophisticated, and harmful. the variety of federal entities that work this cyber problem, some of which are represented here with me. dhs, fbi, and nsa and other law enforcement, intelligence, and sector-specific agencies, like the departments of treasury and energy. every day each of these centers
8:22 pm
and entities gets better and better at what they're charged to do individually. now we've reached the point where we believe it's time to knit together all the intelligence these separate activities need to defend our networks because while these entities may be defending different networks, they're often defending against the same threats. that was one reason the president directed me to form a ctec. i strongly believe that the time has come for the creation of such an organization, and we're pleased to see you've shown support for the new center in both your cyber and fy-'16 authorization bills. we look forward to working with the committee to enable the intelligence community in general and ctec in particular to support our nation in this vital area. with that, i'll stop, and we'll open up for your questions. >> director, thank you very much. as you know, we are anxiously awaiting on the senate to pass the cyber legislation so we can get to a conference.
8:23 pm
we were hopeful they would get done before we broke for august. they haven't. now it looks like we're looking into october. i want to give all of you a broad question and give you plenty of time to answer it. being we're out here in the public for everyone to see, i think it's a great time to not only discuss, you know, what each of your agencies do but also talk about maybe the number one, two, and three, maybe not in any particular order, particular to your agency, what you see as the greatest threats, biggest concerns, and the issues that you all are working on in each of your individual agencies. we'll start with you, director clapper. >> well, sir, my standpoint, obviously i'm trying to overwatch the entire enterprise of u.s. intelligence.
8:24 pm
as i have said every year that i testified for five years in this job that in my 50-plus years in the intelligence business, i don't recall a time when we've been beset by a greater variety of challenges and crises around the world, both regionally and functionally. and so the challenge for me is attending to, addressing this wide diversity of threats. in the face of -- and i have to bring this up -- a very uncertain budgeting environment, now approaching our fourth or fifth year of uncertainty about the size and shape of our budget, which poses challenges for us programmatically, certainly with respect to systems acquisition, and the uncertainty it creates in the
8:25 pm
work force. i'll stop there with that general overview and turn first to john brennan. >> thank you. thank you, mr. chairman and members of the committee for the opportunity to talk to you today about this very important issue. three top priorities for me thinking about cyber. one is since cia has responsibility to make sure we have a good grasp of what the plans, intentions, and capabilities are of our adversaries around the world, making sure that we have the insights and intelligence that will give us better sense of what may be coming at us. so that's part of our mission, but given that this is a very dynamic environment in terms of what the various tools and capabilities that various actors have, we need to make sure that we're on the top of our game in order to make sure we inform our policymakers, legislators, and others. two, want to make sure our systems are going to be as secure as they can be so that we can fulfill our responsibilities to share information as we need to, make sure people who are
8:26 pm
going to be able to operate and act on the information that we're able to get, both inside of the cia and outside, that we can do that securely and reliably. so we have initiated a number of actions within the agency to make sure that in light of some recent experiences. that we are in some respects doubling down on the security in that regard, and i rely very heavily on my colleagues here on that front. and third, since cia is supposed to be operating securely, clandestinely and covertly globally, we need to make sure that we have a full appreciation of what that digital domain, that cyber environment, has in terms of both challenges and opportunities, which is one of the reasons why we in cia have set up a new director on digital innovation to we're able to bring together the expertise and develop the capabilities that we need in order to carry out our missions so that we know what we are dealing with when we try to fulfill our responsibilities
8:27 pm
around the world in an increasingly digitized environment and the various digital dust we all pick up every day in our lives. we need to be mindful of how that is going to impact our intelligence activities and operations. >> mike. >> from an nsa perspective, first in terms of what our mission and responsibilities are, we use our foreign intelligence mission to generate insights as to what cyber actors, nation states, groups, individuals are doing in the cyber arena with a view towards ensuring we have insights as to their efforts against the united states, our allies, and their interests. also, importantly from an nsa perspective in our information assurance role, we're responsible for developing cryptographic standards within the department of defense. we also partner with others within the dod to generate the technical standards to help ensure the security of all of our classified systems within the department. and then we apply our information assurance expertise more broadly partnering with the
8:28 pm
fbi and dhs, both to support more broadly within the federal government and also within the private sector. those are our roles. in terms of what concerns me, priority number one clearly is ensuring the defense of our own networks to ensure execution of our operations in a secure manner. also, ensuring -- helping to partner with others to ensure the defense of the dod and more broadly the dot-gov domains. when i look at it from a threat perspective, i would argue three things, really, as i focus in on the future. efforts aimed against u.s. critical infrastructure. the second item to me is are we going to see a shift in a trend from not just outright theft of information but are we going to start to see a focus on manipulation or changing of data once someone is able to gain access to a system so we start to question the validity of what we all are particularly looking at.
8:29 pm
and then finally, in the counterterrorism arena, do we start to see groups start to view the web as a weapon system and not just a way to dispense ideology, recruit, raise money to decide they want to take it to another level and we clearly already see very open and public conversations about that now. >> director comey. >> thank you, mr. chairman, for having me here today. the fbi's mission is in the united states to detect and respond to all the threats that come at us through the internet, through cyberspace, which is increasingly every threat we're responsible for, whether that's counterterrorism, counterintelligence, or all the many criminal threats we focus on. at the top of our threat stack when it comes to cyber is our nation-state actors. both their intelligence activities in the united states and their theft activities in the united states to steal our innovation, our ideas, our energy. in responding to that, my primary concerns are making sure we have the folks, we have the equipment they need, and we have the deployment that makes sense to respond to that threat.
8:30 pm
>> general stewart. >> in dia, our primary responsibility is to understand the military capabilities of our adversary. so in this space, we're particularly interested in how the adversary uses the digital environment to command and control forces, conduct isr so that we can counter his capabilities in this space. so we're focused not just in the non-kinetic capabilities that we can bring against an adversary, isr capabilities, but also the kinetics. so we're looking at this from a broad spectrum. either how we drop bombs to destroy or defeat that capability, or how we can be disruptive in that capability. we provide that through all sorts of analysis based on products and support that we get from our partners here at this table. two concerns for us, how well we defend our networks. we're spending a good bit of time looking at the construct of
8:31 pm
our architecture so we can defend not just the network but the data within that network. then the second area of concern is whether or not i have enough resources and expertise to do the first part of our charge in this space, understanding our adversaries c4 isr capabilities. we have to move some resources around. given the totality of things we have to look at, the threat landscape, this is an area where we need to do some additional investments. >> i thank you, all, for being here. at this time, i'll yield to the ranking member for the purpose of questioning. >> thank you, mr. chairman. thank you, gentlemen. i have two questions, one dealing with the encryption issue and the other dealing with our response to cyber attacks and intrusions. on the encryption issue, there are several issues. there's the technological question of can we or can silicon valley design a technological solution.
8:32 pm
there's a desirability question, even if they could, is it desirable? do we gain more from having encrypted communications immune from cyber hacking than we lose in law enforcement and ic's ability to get the content an communications? so what's the desirability of a solution if we could achieve it technologically. then there's the economic argument. these companies have to compete overseas. there are others that are offering an encrypted platform that people migrate to. so what do we achieve apart from harming our economic interests by insisting on a key. so i wonder if you could address those arguments that we hear from industry about this. how do you evaluate it? and on the technological issue, 20 years ago the national academy of sciences did an analysis of a related encryption
8:33 pm
issue and the clipper chip and came up with a neutral and thoughtful analysis. would it be worthwhile to have them take a look at this question? is there somewhere we can go for an objective answer to the technological question that is held distinct from the economic interests at stake? is it worthwhile pursuing that kind of neutral analysis? so i'd be interested in your comments on the technological feasibility, desirability, and economic implications of the encryption debate. and then on the cyber front, it seems to me that there are two very different kinds of cyber issues we're confronting. there are the cyber attacks -- well, actually, i guess three. there's cyber attacks like sony meant to do damage, cyber threats to our infrastructure
8:34 pm
would be in that category. there are cyber thefts, so economic espionage for the purpose of benefitting foreign corporations. then there are foreign intelligence gathering efforts. it seems to me that for many of our adversaries in this realm, like the chinese, there's an advantage to blurring the distinctions between these. if they can blur the distinction between economic theft and foreign intelligence gathering, then they can justify anything they do. and seems to me it's in our interest to draw clear lines between foreign intelligence gathering and economic theft. and yet, when i hear the discussion, sometimes involving opm and sometimes involving other things, i hear us in the ic blurring those lines. so i wish you could address that. shouldn't we make clear what the rules of the road are, that we
8:35 pm
don't engage in economic espionage and we want to insist that others also don't engage in that kind of theft? and think about whether there are any rules of the road in terms of foreign intelligence gathering, but keep though questions distinct. if you could comment on those two issues. >> i think i'll turn for those two questions to two of our panel, and i'll start with director comey, then admiral rogers. >> i'll offer reaction on the encryption question. thank you, mr. schiff. first of all, i very much appreciate the feedback from the companies we've been trying to engage in dialogue with companies because this is not a problem that's going to be solved by the government alone. it's going to require industry, academia, associations of all kinds, and the government. i hope we can start from a place we all agree is a problem and that we share the same values around that problem. when i hear people talk about the crypto wars, it throws me because wars are fought between people with different values. i think we all share the same values here. we all care about safety and
8:36 pm
security on the internet. i'm a big fan of strong encryption. we all care about public safety. the problem we have here is those are in tension in a whole lot of our work increasingly in counterterrorism and counterintelligence work, and given that we care about the same things, i hope we can agree we ought to come together to solve that problem. i've heard from a lot of folks it's too hard, and my reaction to that is, really? have we really tried? have we really tried? when i look at industry today, i see companies -- i'm not going to name them here -- but major internet service provider who are able to comply with court orders because they strongly encrypt. they can read our e-mails and send us ads. i've never heard anyone say they're fatally flawed from a security perspective. i don't think we've really tried. i also don't think there's an it to the solution.
8:37 pm
i would imagine there might be many, many solutions depending upon whether you're an enormous company in this business or a tiny company in that business. i think we haven't given it the shot it deserves, which is why i welcome the dialogue. we're having some very healthy discussions. >> and with respect to the second part of your question, sir, i mean, i think you've correctly characterized there is no one size fits all to describe the spectrum of activity we see out there. i think that's one reason why you see response to different events are not always the same. we try to look at each event in its own context. sony clearly, for example, in the first category as you've suggested an offensive act designed to create damage versus much activity we see, which is clearly designed nation states attempting to gain economic advantage, whether that's for competitive purposes or attempting to steal insights that they can in turn generate and use themselves to develop capabilities that are of interest to them. the theft of information -- i think it's one reason why to date we've tried to be somewhat
8:38 pm
nuanced, if you will, in how we, as a government, have responded. it goes to some of your opening statements about the long-term end state we have to get to of this idea of acceptable norms and behaviors. and what is within reason and what is not within reason. we clearly understand nation states use the spectrum of capabilities they have to attempt to generate insights in the world around them. but that does not mean that the use of cyber for manipulative, destructive purposes is acceptable. that does not mean the use of cyber for the extraction of massive amounts of personally identifiable information is acceptable. we're going to have to work our way through how do we develop all that in a much more refined way than we have to date. >> i have to say, sir, that, of course, many of these issues that you raise are significant and also policy issues. not really the realm of the group of people sitting here.
8:39 pm
we can try to speak to them, but i do feel compelled to make that point. on your concern about conflating or not distinguishing between cyber threats for economic purposes or for foreign intelligence, you're quite right. it's not that we don't make that distinction, but the adversaries, notably the chinese, do not. they don't see a difference at all in the ultimate purpose for which they extract data from us. so i just want to, you know, kind of make that distinction. i also -- and this is a personal view with respect to that which is conducted for espionage purposes, i just would caution we think in -- the old song about people who live in glass houses. we should think before we throw rocks.
8:40 pm
so these are very, as you correctly and appropriately allude, very complex policy issues. >> if i could just drill down once more on both very narrowly. on the latter issue, are there any rules in the road when it comes to foreign intelligence gathering? or is it even futile to try to develop them? because if a nation decides it's in their national security interest, they're going to do what they're going to do. or should we try to establish some rules of the road for foreign intelligence gathering? and on the first point, if director comey, you could just give your thoughts on what you make of the economic arguments that other companies are going to do this. there's an advantage to having healthy american companies in this area, both from an economic and national security point of view. aren't we at risk of losing that?
8:41 pm
>> jim, go ahead. >> i think it's a reasonable concern. i have two reactions to it. first, i think it's incumbent upon us as a country to decide how do we want to govern ourselves and our affairs. what's the right thing for america. there are lots of costs that come with being an american business. you're not allowed to employ children. you can't pollute the environment. we impose all kinds of rules on people that other countries don't, which is a disadvantage to our companies. we've decided we want to be a certain way. i think we ought to start there. but look, i'm not blind to the fact they have to compete in the international marketplace with other countries that share our values. so i got to imagine an important part of this is going to be an international set of norms where countries that care about those same things, safety on the internet and public safety, come together and establish this is how we will act. for example, i could imagine us saying, if there is a neutral and detached magistrate that's found a basis under the law for this information, then it can be obtained and the company must find a way to provide it.
8:42 pm
that's the way the rule of law that governs our allies around the world is, and i think that would be an important part of any agreement that resolves this. and i hear from our allies all the time, the french want the same thing, the germans, the british. i think that's something that could be done. >> so i'll just comment that on the rules of the road issue that i think it's fair to say the united states has more rules governing the conduct of foreign intelligence than any other nation on the planet. exemplified by pbd-28, which of course governs particularly the conduct of signal intelligence in this country and to some extent extends civilian privacy productions to foreign citizens. i don't believe any other
8:43 pm
country does that. so we do have an elaborate set of governance tenants that influence the conduct of intelligence in general and signal intelligence specifically. don't see too many other partners that would similarly align with with us. >> thank you, mr. chairman. >> if i may, admiral rogers. i think you wanted to add. >> the only other comment i would make is in many other areas, we have been able over time to develop a set of norms about a sense of what is acceptable and what is not acceptable. i think over time we'll do the same thing in this environment, but we clearly are not there yet. i would just reinforce the dni's comment about there are very specific things that i find foreign intelligence organizations doing in the cyber domain that quite frankly are illegal for us. we cannot do. it's a very different set of rules out there in many ways, between us and the activities i see others engage in. >> gentlemen yields back.
8:44 pm
yield five minutes to the gentleman from georgia. >> thank you, chairman. we passed a good cyber bill, i think, out of the house that allowed businesses to share information without the liability question. as adam mentioned, you know, we hear about a tax and we hear about intrusions. when does playing defense become offense? in other words, if some of these companies have picked out a marker, we have determined where it is coming from. do we continually play defense with that or try to come up with a better defense, or is some action that we might take going to be considered offensive to whether it's a nation state or, you know, another company or
8:45 pm
whatever? where is that line at? >> so for us particularly in the dod side, i'm pretty comfortable that we've got a fairly well understood characterization of what is defensive in nature in terms of actions and response. the bigger challenge in some ways is there is still uncertainty about how would you characterize what is offensive and what is authorized. again, that boils down ultimately to a policy decision. to date we have tended to do that on case-by-case basis. in terms of your fundamental premise, i think, importantly, and a comment i certainly make when i'm part of discussions, a purely reactive defensive strategy is not ultimately going to change the dynamic where we are now and the dynamic we find ourselves in now i don't think is acceptable to anyone. >> when you say it's a policy
8:46 pm
issue, are we talking about a policy issue that comes out of the white house? >> so the application of cyber in offensive way is an application of force. the application of force under the law of armed conflict in the broader policy construct we use as nations, once you move beyond self-defense, is a decision that is made at a broad policy level. it's no something that i as the director of nsa or cyber command unilaterally decide. it's not the framework. not unique to the cyber world. it's the same fundamental construct we use for the application of force in the kinetic world within the department of defense and more broadly in other areas. >> so how is that sifted out? i mean, who makes that determination? >> so it depends on a case-by-case basis, but clearly the secretary of defense is granted some authorities. the president retains some
8:47 pm
authorities at his level, and that's all part of the process that we work through and we deal with each individual event on the merits of its own. >> well, you understand that when the public hears the word "attack," it gives off a little different meaning than if we say intrusion. >> right. which is one reason i think you also raise an important point. terminology and lexicon is very important in this space. and many times i'll hear people throw out attack, act of war, and i go, that's not necessarily in every case how i would characterize the activity that i see. >> so it is a good distinction to make in just using the opm breach as a case in point, though it's been characterized
8:48 pm
by some loosely as an attack, it really wasn't since it was entirely passive, and it didn't result in destruction or any of those kinds of effects. so that -- the distinction you point out, and thank you for doing that, is quite important. and as admiral rogers says, the lexicon, the terminology, is crucial. >> if a company or they discover that they're being attacked by a certain entity or whatever and they use a means to stop that attack, in other words, they can figure out how to stop that attack, do they do -- can they do that offensively, i guess? and what would differentiate between an offensive move and a defensive move? >> first of all, there's a clear line in the united states, it would be a crime for any private actor to engage in an offensive cyber operation, to penetrate without permission the computer system of another. that's a statute that this congress has passed. so that's a clear line. i think it also makes good sense
8:49 pm
to those of us in the intelligence community that we don't want self-help because of the nature of the cyberspace is that there are unforeseen consequences that are -- could be dramatic and unforeseen. >> i think getting back to the definition -- i think that's what we're looking for is a definition of what is offensive and what's defensive. but thank you very much. and i yield back. >> the gentleman yields back. the gentle lady from alabama, ms. sewell. >> thank you, mr. chairman. i want to thank all of you gentlemen for your service to this nation, for all of the important work that you're doing in your various agencies. i wanted to drill a little bit deeper into the question that congressman westmoreland raised. director clapper, you suggested that the opm information that was stolen wasn't used for any nefarious activities to our knowledge right now. i wanted to know what your thoughts were about how the information that was stolen from
8:50 pm
opm or from anthem is being used by these cyber actors. >> well, what we've done is speculate how it could be used. and again, the distinction i was just making with congressman westmoreland had to do with the terminology of saying that the opm breach was an attack. and i don't, again, getting back to the definition, we wouldn't characterize it that way. what's of great concern with respect to the opm breach which i spoke to briefly in my opening statement had to do with potential uses of that data. and, of course, we're looking. thus far we haven't seen any evidence of their usage of that data. certainly, we're going to be looking for it. but it's of great concern to the employees who are potentially affected as well as their families and coworkers in terms of how it could be used in a very damaging way.
8:51 pm
not only institutionally in terms of particularly for intelligence people, but in general, how this could be used to inflict financial damage, for example. >> how does the various agencies work in a coordinated effort with respect to cyber attacks? can you talk a little bit about how the -- >> if you're talking about the intelligence agencies? >> yes. >> well, we are very, very mindful of that, obviously. i mean, this is a case where we probably need to set the highest standard and example. and so, i know in my own place, i have a very intensive effort on securing and ensuring that our networks, in my own headquarters, are secure. and i know my colleagues are doing the same. let me ask admiral rogers to comment, as well. >> and i think jim comey may have a perspective, as well. i think first question is which
8:52 pm
is the domain that is receiving this intrusion? is it within the dot mill, the dot gov, is it in the dot com, dot edu, in the -- >> isn't it a coordinated effort? >> it is. >> i know it may start in one particular agency which has jurisdictions, but i would assume that it's coordinated across all of our system? >> it is, but my point is the coordination, who has lead, the primacy, it varies by the, if you will, the entity that is being penetrated where it is, in the government, outside the government. if we use the dot-gov domain as an example, the department of homeland security has overall responsibility of the dot-gov domain, dhs, overall responsibility in the dot-gov domain. so if you look in the opm scenario, for example, you saw opm as they began to realize what had happened as they realized this is beyond their own capacity. they turned to dhs. dhs, in turn, then turned to the fbi and nsa to provide technical
8:53 pm
support. we do that continually. we've done that particularly between nsa and the fbi within the government domain, increasingly we find ourselves when requested attempting to support high-end intrusions in the private sector, sony, as an example, for example. >> is there anything that could be done to enhance that cooperation coordination? >> there's always more. i mean, from my perspective, as i talked to my teammates, speed is critical here. focus, leadership, buy-in, the ability to set up mechanisms to more rapidly flow information back and forth with each other, the more -- the ability to put expertise more quickly on the problem set. we continually get better, but for me, at least, and part of it is the -- >> obviously, one area that, of course, we could improve is in the government to private sector. >> right. >> relationship. that's why the legislation is so important.
8:54 pm
let me ask director comey as well if he has a comment. >> i agree with what admiral rogers said. we've made dramatic strides in the last five years. i think of us -- this is probably a homely metaphor, but we're kind of like a fire station. when the bell rings, we send all the trucks. we don't ask, do they need a hook and ladder? do they need a rescue truck? do they need an ambulance truck? we send them all, and that means we send nsa, fbi, dhs. we talk to each other, then figure out what's needed at the scene to help these people who called 911. that has gotten dramatically better. our primary way of sharing information is through the nci/jtf. which i hope you have had a chance to visit. we all sit together and in human terms and electronically, we share that information about what do we need to respond to this particular fire? >> in my remaining time, i wanted to commend director brennan on your tackling the persistent problem of lack of diversity in the i.c. i know that you commissioned a report, and i just want to
8:55 pm
commend you on seeing the need and look forward to working with all of the agencies represented in making sure that we address our lack of diversity in the intelligence community. i yield back. >> the gentle lady yields back. the gentleman from florida is recognized. mr. miller. >> thank you, mr. chairman. somebody said that iran did not have the technical capabilities that a russia or a china would have. is it safe to assume -- and i use that word assume in quotes -- that russia would give some of their capabilities to iran to use it in the cyber world? >> sir, that might be best left to a closed discussion. >> somebody talked about attribution, also. how do we distinguish between a state-sponsored hack or attack and an individual?
8:56 pm
>> jim? do you want to try that? >> the way we do in almost any other circumstance, we try and see what facts we have to connect, the individual at the keyboard to a particular government. sometimes it's direct evidence. sometimes it's circumstantial. sometimes it's the tools used. we put together those facts and say what judgment can we make to attribute -- there's always a human being at the keyboard. that human being to a particular state actor. >> and the only other comment i would make is then we'll compare the activity that we've observed with that which we have observed historically over time, looking for similarities, other connections we've previously been able to determine. >> are most of the attacks designed to glean information or to disrupt? >> well, again, the terminology attack versus gleaning information, and to this point, it's either been, you know,
8:57 pm
disruption of a website, for example, but more commonly just proloining information. as i indicated in my opening statement, though, i believe that the next push on the envelope here is going to be the manipulation or deletion of data which will, of course, compromise its integrity. >> going back to the russia/iran issue, and i know going back to russia and iran, and i know there are some issues that we can't talk about here, but russia's setting up a cyber command. how about china? >> to the best of my knowledge, the chinese have not yet gone to a configuration like the russians appeared to have with establishing a cyber com somewhat analogous to admiral rogers' command. but that's not to say that the
8:58 pm
chinese, as you know, have very capable structure and apparatus in their current p.o.a. staff structure. >> i yield back, mr. chairman. >> the gentleman yields back. mr. quigley is recognized for five minutes. >> thank you, mr. chairman. gentlemen, thank you for being here, and thank you for your service. i guess we hear most often of the high-profile hacks, cyber attacks on the u.s. government and major corporations. but as you know, the majority of businesses in the united states are small businesses. and we have thousands of very small local governments. they still contain in their computers extraordinarily sensitive client information or public information. yet, as we can imagine, they often lack the sophistication, the capabilities, the expertise, the knowledge, the resources to meet this challenge.
8:59 pm
what, if anything, are we doing to reach out to those entities and try to help them meet this challenge? >> it is absolutely a concern of every business in the united states from the traditional mom and pop up to medium size to large. and so, we have -- with the fbi is doing about it, is we recognize that that's a threat to everybody because our whole lives are connected to the internet. so in every community in this country, we have something called infraguard which is designed to offer a vehicle for those folks to learn from us best practices and warnings and indicators and for them to be able to share information that's useful to other small businesses and to the fbi. so i'd encourage small business folks, contact your local fbi office. we're in every community in this country. we have over 500 offices. join infraguard. it will make you smarter, and i hope in the process it will make your government smarter. >> i would just add, as well, the responsibility, and only because they're not represented
9:00 pm
here today, is the department of homeland security which does have a responsibility for engaging at the state and local and tribal and private sector segment. >> and i appreciate that. but the lack of resources, you know, we hear so often that it's becoming cheaper and easier to hack and more expensive and difficult to defend. is there some other way besides this that we should begin to look at in terms of trying to balance the field between the resources a community bank has versus a major national bank? just as one example. >> one of the things that we need to continue to do better as a federal government is equip our state and local partners to investigate crimes that are digital in nature. and that's something that sheriffs and chiefs are hungry for. the fbi and the secret service are pushing out lots of training, pushing it out online so people from their desk in a polita


info Stream Only

Uploaded by TV Archive on