REP. SKELTON: (Sounds gavel.) Good morning.
We welcome you to our hearing today, a hearing on "U.S. Cyber Command: Organizing for Cyberspace Operations." We will hear for the first time in this committee since Cyber Command was established from General Keith Alexander, the first commander of U.S. Cyber Command. He also continues to serve in his role as the director of National Security Agency.
General Alexander has had a long record of service to our nation and is a genuinely nice person to boot. I think perhaps the most important thing for the American people to learn from this hearing is that they have exactly the right person in charge of this new command. General Alexander is simply the best, though I would note that there are some other generals from his class in West Point who also haven't done too badly.
General Alexander, we certainly welcome you and thank you for your testimony today.
U.S. Cyber Command, or CYBERCOM, as it has been called, has been tasked with conducting the full range of activities needed for the Department of Defense to operate effectively in cyberspace. Of one thing I'm confident: Cyberspace will be a big part of future warfare. That means we can't afford to get this wrong.
The establishment of CYBERCOM is a critical milestone for our nation's defense. Cyberspace is an environment where distinctions divisions between public and private, government and commercial, military and non-military are blurred. And while there are limits to what we can talk about in this open forum, the importance of this topic requires that we engage in this discussion in a very direct way and include the public.
The threats facing the nations in cyberspace are daunting. They've been under-appreciation until recently. Just within the DOD, there are some more than 15,000 different computer networks, including 7 million computing devices on 4,000 military installations around the world. These information systems face thousands of attacks a day from criminals, terrorist organizations, and more recently from 100 foreign intelligence organizations.
DOD recently announced a new cyber strategy to deal with that burgeoning threat. To understand how well prepared the Department of Defense is to handle the magnitude of the threat, we need to ask some fundamental questions: Where are we today with CYBERCOM? Where do we want to take it in the future? And do we have what we need to get there?
An additional challenge for this committee is determining how CYBERCOM fits into the broader national security effort. DOD has traditionally led the way in protecting information systems, so it's natural for CYBERCOM to play a role beyond just protecting military networks. What that role should be, however, needs very careful analysis. We know that, as a nation, we must do more to improve security in cyberspace and manage risk without choking off creativity or innovation.
And General, we look forward to hearing your testimony today on how you intend to address these very, very important issues.
Now let me turn to my friend, my colleague, the gentleman from California, Mr. McKeon.
REP. HOWARD "BUCK" MCKEON (R-CA): Thank you, Mr. Chairman.
I want to thank you for holding today's hearing on CYBERCOM, and General Alexander for joining us today. And I'd like to align myself with your remarks about how fortunate we are to have General Alexander as the first commander of CYBERCOM -- and to have you in this place at this time. We're very fortunate. Thank you.
Cyber is an operational space that extends well beyond Internet searches and e-mail messages into a world of networking, interconnected systems and pathways that can reach into individual components of critical weapons systems. The potential for harm from malicious activity reaches beyond the traditional military sphere of influence as financial systems, critical domestic infrastructure, such as power and water treatment plants, and personal information all can be touched and disrupted through cyberspace.
With this in mind, I look with great anticipation to Cyber Command becoming fully operational next month. The Department of Defense, in many ways, has been at the leading edge of defending against malicious cyber activity and in understanding the problems and opportunities that cyberspace brings to our nation, and I believe we have in General Keith Alexander the most appropriate person to lead this newly-formed command under U.S. Strategic Command.
U.S. Cyber Command will be the touch-point for all things cyber within the department and will therefore carry a heavy burden. The services have built an infrastructure -- physical capability, as well as policies and processes, to handle the extensive activity that must be conducted in the cyber realm. Now General Alexander will have to ensure those efforts are brought under one vision and one mission.
And it's nice to see that support group sitting right there behind you of all the services, everybody working together, because this is very, very important.
Now General Alexander will have to ensure those efforts are brought under one vision and one mission with the goal of maintaining our military's ability to conduct its operations in cyberspace. Let there be no doubt, this space is contested and presents a persistent vulnerability for our military, civilian and commercial infrastructures, especially as we increase our dependence on it.
As then-DNI Director Dennis Blair commented in testimony to the Senate Select Committee on Intelligence on February 2nd, "We cannot be certain that our cyberspace infrastructure will remain available and reliable during a time of crisis." In his recent Foreign Affairs opinion piece, Deputy Defense Security William Lynn also touched on the significant threat that exists in cyberspace: The department is under constant attack and attacks will only increase in a crisis situation. Accordingly, the department must ensure the appropriate investments in technology, infrastructure and people are being made, and the appropriate authorities, processes, policies and organizations are in place to allow our nation's military to meet today's challenges.
The establishment of Cyber Command meets an important step in strengthening the department's cyber capabilities. As confirmed in the 2010 Quadrennial Defense Review, the Pentagon needs both a centralized command for cyber operations and the development of a comprehensive approach to cyber operations. Despite this progress, many questions remain as to how Cyber Command will meet such a broad mandate.
Your testimony today, therefore, will help this committee understand Cyber Command's functions and how the department is mitigating its vulnerabilities in cyberspace. Thank you for joining us. I look forward to your testimony.
I yield back, Mr. Chairman.
REP. SKELTON: Thank the gentleman from California.
General Alexander, we recognize you for your statement. However, would you be kind enough to introduce the folks behind you who, as I understand, head up the commands of each of the services? Would you do that first, please?
GEN. ALEXANDER: Chairman Skelton and Ranking Member McKeon, absolutely.
Let me introduce the folks that we have. First, Vice Admiral Barry McCullough, a leader of 10th Fleet, Fleet Cyber Command. It pains me to say this as an Army guy, but I will tell you that they're out front. He has done a superb job leading his unit, working with some of the co-coms in setting up the tactics, the techniques, procedures, doctrine of how we'll fight. We, working as a team, have put together a join task force looking at this, how we would -- Cyber Command support the combatant commands. He has led a lot of that effort; done absolutely superb. They're doing great.
We have Lieutenant General George Flynn, U.S. Marine Corps leading MARFORCYBER, perhaps one of the best in leading some of the (stuff ?) and issues that we have in situational awareness and in doctrine. And since he has that in the Marine Corps, he can do both for us. Absolutely superb to have him.
Coming on-board, Major General Rhett Hernandez, on 1 October, will take over U.S. Army Cyber. He is right now the deputy ops, G-35. We've had a number of conversations on the way forward. He understands the mission. He and Army Cyber are jumping forward. They've put together a unit and I think that's making great, great headway.
The last, but not least, Major General Dick Webber, Air Force Cyber, 24th Air Force. A couple of things that they've done: One) He set up his command down at San Antonio, Texas; done a superb job. Recently gone to a IG inspection to see if they're ready for their full operational capability. Did a great job on that (task set ?) by Air Force Space. They have great folks. I was down there a few weeks ago. They're doing a great job. Absolutely superb.
I would tell you, Chairman, one of the great honors and privileges for being in this job is to have the team behind us working this together, and working with NSA and the intel community. Absolutely superb.
One of the -- one of the things that I wanted to do is first thank you and the committee for the support in helping us stand up U.S. Cyber Command and the component commands. Like you, we see this as something critical to the Defense Department to help us direct the operations in the defense of our networks. And as you stated, this is a complex issue. We face severe threats.
Those threats to our national security, in my opinion, are real. It is occupying much of our time and attention. At the unclassified level, we've stated that we see probes and scans to our networks that come up on the order of 250,000 times an hour, and we've got to be prepared to meet those. Our services and combatant commands depend on a command-and-control system, a computer system that has the integrity and reliability to operate in combat. We have the mission to help ensure that that happens.
As you mentioned, we're approaching our full operational capability. I will tell you that we've met many of the tasks that we set out to do. As we described last time, we've brought the joint task force global network ops up to Fort Meade, repositioned the joint ops center there at Fort Meade. It is operating today.
That was part of the BRAC process. Now, we've co-located them with the NSA Threat Operations Center, and that's a great step forward. That was done and completed in May, and it's been operating ever since. Some of the issues that we work with are the issues that I think you would expect us to do. First and foremost, how are we going to support the combatant commands? How are we going to defend this network in crisis?
And those are the things that we're taking on first, establishing the tactics, the techniques and procedures for doing just that. And we're breaking this out looking at the most significant threats first and ensuring that, if something were to happen, we can take those threats on.
I did provide a written statement for the record. As you know, Chairman, I'm not that good at reading. I'm an Army officer, so I'd ask that that be submitted.
REP. SKELTON: Without objection, it will be part of the record. Thank you.
GEN. ALEXANDER: I would tell you that this is a work in progress, what we're doing at Cyber Command. This is going to take time for us to generate the force. If you were to ask me what is the biggest challenge that we currently face, it's generating the people that we need to do this mission.
We have about -- we have our command stood up, our staff stood up, but the force is what we now have to rely on. The services are expanding that mission going to 1,000 per year over the next few years, and I think we're headed in the right time. That's the biggest focus that we have, how we get that force generated and the topic of discussion throughout the department.
And I would tell you, rest assured, we know that that's important to get this done.
I see these remarks and this opportunity to start the dialogue, an open, transparent dialogue on what we're trying to do in Cyber Command to defend our Defense Department's networks against attack and to accomplish other missions that we would have as delegated to us to defend other networks throughout the government.
And, Mr. Chairman, I'd pass it back to you.
REP. SKELTON: I certainly thank the gentleman.
Mr. McKeon, the gentleman from California?
REP. MCKEON: Thank you, Mr. Chairman.
General, how do you see the Cyber Command improving the department's ability to provide a trained cyber force to ensure that service research and development investments and procurement programs will provide a united, comprehensive approach to DOD cyber operations?
GEN. ALEXANDER: Congressman, I think the key thing on this is to do it as a joint organization so the standards are the same throughout the command. So bringing in -- whether it's the tools we create or the students we put through there -- doing it as a joint force with one standard is the key thing. And we've taken that approach.
So our cyber training is at one school. And if we have to go to multiple schools, it will be done with one standard, and I think that's what we need to do so that you know, our combatant commanders know, the folks that are forward know that, whether they get a soldier, Marine, airman or sailor, that that person is trained to a standard and can accomplish the mission that's expected of them.
REP. MCKEON: How does Cyber Command provide U.S. Strategic Command with a wider menu of strategic options? How do you respond to concerns that the alignment of defensive and offensive capabilities represents too much cyber capability resting in one command or within the Department of Defense? And why were these two functions placed under your command?
What operational efficiencies were achieved by this alignment?
GEN. ALEXANDER: That's a great question, Congressman. Let me just drop back and go to the 2008. As you may recall, there was a significant problem on our networks that we discovered. At that time, we had the defense and the operations in one command under the joint task force global network operations.
And that task force got one level of intelligence and could see one part of the network. Operating on the other side was the Joint Functional Component Command Net Warfare trained at a different level with different intel insights at a different classification level.
Same network, two organizations, and if you were operating at the National Training Center, you wouldn't have the defensive team out there defending. And then take them off the field and run out with an offensive team. It's the same team.
And so the good thing that we've done here is we've brought those two together, merged those. And I think that is key to the success here. We need that to operate as one team.
The offense and defense cannot be different here because these operations will occur in real time. And I think we have to be prepared to do that. It's not time to say, oh, this is your mission and you're on your own.
It's also an experience that we've seen in some of our red team and blue teams of what's happening in our networks. And I think that's a huge and a positive step and goes significantly toward providing better support to the COCOMs.
REP. MCKEON: Thank you very much.
Thank you, Mr. Chairman.
REP. SKELTON: Historically speaking, we -- you are ahead of those examples within the military, particularly the Army, at the creation of a new system. The beginning of the Army Air Corps was not fully appreciated or understood at its initial foray into the military.
I think the same can be true in transferring the cavalry into the tank corps that was not fully appreciated.
But I think we do appreciate this new challenge, and we're up to the task, it appears.
I'd like to ask you what do you need from Congress. It is our duty, as you know, under the Constitution, to provide and raise and maintain the military. What do you need from us at the inception of your command which will be a long and historic command long after everyone in this room passes from sight?
So what do you need to get you off to a good start, unlike the cavalry going into the tanks and the flying machine of yesteryear?
GEN. ALEXANDER: Chairman, two things go through my mind when you say that. One, I hope that's a long time. And, two, somebody offered me some great courses. Now, I know what they were talking about.
With respect to cyberspace, I think there's two things that we need your continued support on. First, in terms of resources, we need the continued support of Congress and the resources that the department is putting forward for the component commands that we have here. It is going to have to grow. Each of them are looking at this and addressing that, and we will need your continued support to make that happen.
And the second is authorities. Right now, the White House is leading a discussion on what are the authorities needed and how do we do this and what will the team -- the Defense Department and Cyber Command as a member of that team -- how will that team operate to defend our country?
What they will look at across that is what are the authorities, what do we have legally, and then given that, what do we have to come back to Congress and reshape or mold for authorities to operate in cyberspace. We'd solicit your support on that when that was brought forward from the White House.
REP. SKELTON: Would you please describe for all of us the threat environment, as you see it -- and I know that's a complex answer -- but would you do your best to describe the threat environment that you face on a daily basis?
GEN. ALEXANDER: In an unclassified forum, let me give you the threat in these three broad areas. Going back over time, since the inception of the Internet, as it were, probably the key thing that we've seen is hacker activity and exploitation. That's where someone comes in and takes information from your computer, steals your credit card number, takes money out of your account.
We've seen that go on, and that endures. And it is, perhaps, the most significant form of the threat that we see today, not just stealing our intellectual property but also our secrets and other parts of our networks.
The concern, though, is if you go to 2007, Estonia was the first time that a nation state was attacked in cyberspace. And so we see a shift from exploitation to actually using the Internet as a weapons platform to get another country to bend to the will of another country.
While it's hard to attribute that to a nation state, you can see it did happen when two nations were quarreling over political issues.
That followed again by more attacks in 2008 into Georgia. Those were disruptive, and let me describe disruptive. I have four daughters and 12 grandchildren. So you're driving the vehicle with all these kids in the back, and you're trying to talk to someone in the front seat and they're all talking real loud. It happens occasionally. That's a disruption. When they finally quiet down, you can talk again. A disruptive attack prevents you from doing your business for the time being, but it's normally something that you can recover from and then go on and do your business.
What concerns me the most is destructive attacks that are coming, and we're concerned that those are the next things that we will see. And those are things that can destroy equipment. So it's not something that you recover from by just stopping the traffic. It is something that breaks a computer or another automated device and, once broken, has to be replaced.
That could cause tremendous damage.
In the Department's concern, if that were to happen in a war zone, that means our command and control system and other things suffer. We've got to be prepared for that both from a defensive perspective and then to ensure that the enemy can't do that to us again -- so a full operational capability.
REP. SKELTON: General, you have the four service commanders seated behind you and thank you for introducing them a moment ago. Would you tell us how they are supposed to interact with your command.
GEN. ALEXANDER: The way we've worked this to date is to set this up in the following manner -- our first what I'll call our first version 1.0. When we look at what's going on globally, if there is a global cyber action against our Department, the question is how are we going to organize our forces. And what we don't want to do is say, well, the Navy will do Navy and the Army will do Army and the Air Force will do Air Force.
What we've come up with is we need to set up a joint task force or, in this case perhaps, a joint cyber ops task force. And that cyber ops task force would work with Cyber Command but go forward to work with the combatant command to present forces from all the services to meet an operational mission.
And then let's train as a first step how each of those forces would do that, what we'd do for PACOM, CENTCOM, UCOM, SOUTHCOM and NORTHCOM, if required. So what we're trying to do is organize that as a joint force so that in each case you'd have folks from each of the services supporting that. Rather than having three services providing that to a combatant command, have it one -- a cyber task force.
You -- many make an analogy similar to the way SOF Forces are presented -- Special Ops Forces are presented. I think that's a close analogy and probably something we'll get to. So that's how we're organizing it, and now what we're doing is working with the combatant commands on specific plans to see do we have the force structure what you would require in that command and if not, what force structure do we need and use those force structure requirements to drive the growth that we would have in each of our components.
So that's a long winded answer to get to it. But it's organizing in a joint force to accomplish those missions. I think that's the best thing for the department and our nation.
REP. SKELTON: Thank you. Mr. Ortiz.
REP. SOLOMON ORTIZ (D-TX): Thank you, Mr. Chairman, and thank you so much for what you do to keep our country safe and strong. I mean, this seems to be like you've got to get very skilled people to work for you. I mean, how do you recruit them or how do you train them before you get them to work for you? And do you feel that you have enough staff to do what you have to do? And my next question would be, I mean, if they were to disrupt and conduct an attack to where you lose all kinds of communication, is there any way for a back-up system?
GEN. ALEXANDER: Let me answer this first with the recruit train and I'll just add in retain. I think this is one of the key issues that we're looking at right now. What's the, if you will, the calculus for retaining this high end talent. So when we send them through school, if they go for two years, it would be my preference that they don't cycle through their jobs as we'd normally do in the military but keep them in place longer.
My initial assessment is all the service chiefs and combatant commands see it similarly. We're going to need to keep people in place longer. And to retain them, we're getting a lot of good folks. You know, I'll tell you it is a privilege and honor to see the great folks that we're getting in there. The key is how do we retain them because everybody wants good people.
And so I think the bonus systems and other things are ones that we have to look at that's yet to be done to ensure that we retain that right force. Enough staff? I think we have enough staff. I think the staffs are at least for right now the right size. I think the first priority, grow the cyber force and the cyber operators and make sure we have enough to meet those emerging combatant command requirements. So I'd focus on getting the forces that we need, then come back and re-address the staffs one more time later. But I think we've got enough. Now hopefully my staff is not tuned into that right now. But I think that's true.
And your last question was if they conduct an attack on us in cyber space, do we have a back up system. So there are things that we have to look at in that area. Whether it's a back up system or other options that would allow us the agility to maintain our command and control are things that we have to look at. We are looking at those. We are coming up with, I think, some tremendously innovative things that I'd prefer not to put out here right now. But I think it will provide exactly what you're asking for -- that kind of agility for the command and control of our forces abroad.
REP. ORTIZ: I know there's a lot of members here, and I don't want to take too much time to allow the members to ask questions. Thank you, Mr. Chairman.
REP. SKELTON: Thank you. Mr. Conaway.
REP. MICHAEL CONAWAY (R-TX): Thank you, Mr. Chairman. The -- in their open source price -- major disruption drove a task force idea called Operation Buckshot Yankee. Can you visit with us a little bit about what that was and what impact it had on the way you looked at the plans that you had in place up to that point in time when that happened.
GEN. ALEXANDER: Thank you, Congressman. Yes, Operation Buckshot Yankee, a foreign adversary using an air gap jumping tool had gotten some malicious software onto our classified networks.
REP. CONAWAY: Could you --
GEN. ALEXANDER: The way that happened is if you use a thumb drive or other removable media on an unclassified system, the malware would get on that removable media, ride that removable media over to the other system.
And so think of it as a man in the loop wire, and so a person could be taking information they needed from an unclassified system, putting it onto a classified system. And so that software would ride that removable medium and go back and forth. It was detected by some of our network folks with the Advanced Network Ops, our information assurance division at NSA.
When we brought that forward, it caused a couple of things to happen. As I mentioned earlier, first it became clear that we needed to bring together the offense and defense capabilities. And so Global Network Ops was put -- Joint Task Force Global Network Ops was put under my operational control within a month of that happening, and I think that started to change the way we look at this.
And then the Secretary of Defense set in motion the next step which was to set up Cyber Command as a sub-unified command. And I think both of those are the right things to do. What it does is it gets greater synergy between those who are defending the networks and what they see and those that are operating in the networks abroad and what they see and bringing that together for the benefit of our defense. I think that's exactly what the nation would expect of us.
REP. CONAWAY: And the ease fresh air gap, that's the thumb drive that was -- right.
GEN. ALEXANDER: So when the thumb drive goes from one computer, when it's unplugged now we call that the air, and then when it gets plugged --
REP. CONAWAY: Right, okay. Talk to us a little bit about the dual hats you wear -- Cyber Command and still heading NSA. I suspect -- I know what it is, but can you walk us through how you're going to make sure both get your undivided attention.
GEN. ALEXANDER: Yes, well, I guess the initial quip was I'll work twice as hard. But the reality is in cyberspace, that's where NSA operations has tremendous technical expertise. It is our nation's expertise for crypto mathematicians, for access, for linguists, for everything that you'd need to operate in cyberspace.
And what the secretary said is we can't afford to replicate the hundreds of billions of dollars that we've put into NSA to do another for Cyber Command and then another perhaps for DHS and others. Let's leverage what we have and bring that together. And so by bringing these two together we have actually accomplished that goal. Now, they have and operate under separate staffs and under different authorities as you know.
And so under the Cyber Command the thing that has helped I always had since I've been the director of NSA the additional duty is the Joint Functional Component Command Net Warfare. So I had that job. What I didn't have was the staff, the horsepower and the staff that I have now. So actually that helps us. And I think you can see the momentum picking up with that staff and the staffs of the folks behind us. When you bring this much talent to the problem, we're going to make progress and we are. So I think that's a very good value added.
I'll tell you another thing. We have two great deputies. The NSA Deputy, Chris Inglis, is one of the best people I've ever worked with. And on the cyber side we have now Lieutenant General Bob Schmidle Brewster(ph) absolutely the same type person. Just extremely competent, great to work with, a team player. And together they're forming the right team and I think our nation will benefit from that.
REP. CONAWAY: Thank you for that.
Let me follow up a little bit on to what Solomon was saying. Our enemy for the most part is 14-to 25-year-old, you know, really bright folks who are off the reservation. To counter those can you, in fact, attract and do the standards of personal conduct, background, and everything else that you have to have in order to allow them access to our secrets? Are there enough folks out there who are not tainted by previous conduct that you can still get into the system so that we take advantage of them and they can man these slots that you're wanting?
GEN. ALEXANDER: We're having great success to date. That if the economy were to pick up, that might change that calculus. But right now we have great success in hiring, great outreach. We're getting great people. In fact, on the NSA side one of our positions we had 800 applicants and you know so when you look at that -- so we're getting a great number of folks.
I think the real key goes back to an earlier question. So once you got those great people, now you're going to -- (audio break) -- say so how do you keep them. And I think it's by the job we do, by the leadership of the folks behind us and how they lead and train those and the missions that we have. If it's exciting, you know they'll stay. And if we pay them right and take care of them, I think we'll keep these folks.
REP. CONAWAY: Thank you, Mr. Chairman. I yield back.
REP. SKELTON: Mr. Taylor, please. Mr. Taylor has asked that Mr. Kissell be called upon in his stead.
REP. LARRY KISSELL (D-NC): Thank you, Mr. Chairman. I thank this gentleman from Mississippi for yielding.
General, thank you and your staff for being here today. It is a very important issue. And I want to follow up the question a little bit more to what my colleagues have already asked about the recruitment of personnel. In the recruiting of people to come in and be part of your staff, do they then work as civilians and not traditional military?
GEN. ALEXANDER: We have a combination of both military and civilians.
REP. KISSELL: Yeah. Okay. And in taking that a little bit farther, how do we test our system in terms of you bringing people in and having self-inflicted attacks? How do we figure out, you know, where we think we're safe and by bringing people in to test it and having somebody who's capable to come in and test that type of system?
GEN. ALEXANDER: That's the great part, congressman, about bringing together that offense, the defense, the red teams. Our red teams, our advanced network ops are constantly doing that hunting, checking our networks; something that we're going to have to grow. I think one of the key things that we've put on the table is what I'll call funding on our networks for adversaries that are there. You're always going to have to do it. And that creates a more static capability to a more dynamic because you're actually looking for something that's going on.
For example, if you had a bank and we set up a perimeter defense and then left every night and every morning once a week we'd see they got in there so we keep changing the defense, that would be static. But now if we had a roving guard there waiting for people trying to stop them, that would be more like the active defense that we're looking at in the future. I think we've got to do both.
REP. KISSELL: And we know that the civilian side of cyber defense is certainly not what we have in the military. How does that affect your efforts to compensate for, to get around, whatever the situation may be, the inadequacies in the civilian side? What does that mean for you guys?
GEN. ALEXANDER: Well, we depend on many of those civilian networks and infrastructure for department operations especially in crisis. And so our partnership with Homeland Security and others to help work that is a key issue that we are working with the Department of Homeland Security. I think that team and partnership is growing. We need to keep pushing that forward because some of those networks, those capabilities have to be there in crisis for our country.
REP. KISSELL: What about outside a government, say, industry, the greater civilian world, their lack of defenses in so many places? Does that hamper what you're doing or is this something you work around?
GEN. ALEXANDER: Well, I think there's two parts to that. One is I think industry also recognize the issues here and are trying to step forward, but we have to partner with industry. And I think it has to be a partnership. I think DHS has to be in that construct of that partnership. The reason much of the infrastructure that we have is owned by industry that we operate on is owned by industry and they have tremendous technical talent. We have to bring those together with what the government knows from a threat perspective and the tactics, techniques and procedures that we develop for operations. And we have to bring both of those together and ensure that those are right. That's part of the discussion that's ongoing right now that will eventually result and here's how the team will operate. It would result in the request for authorities that I think the White House will -- is working now to bring forward.
REP. KISSELL: Thank you, sir. Thank you once again to the gentleman from Mississippi and thank you, Mr. Chairman.
REP. SKELTON: Mr. Coffman, please.
REP. MIKE COFFMAN (R-CO): Thank you, Mr. Chairman.
I'm wondering, General, if you could review for us just for a minute that you mentioned 2007, the first cyber attack on Estonia. Where did that come from? What were the ramifications of that attack in terms of the disruption?
GEN. ALEXANDER: Absolutely. It's in open press a lot of this, so I'll give you the gist of it and I know the reporters will get this more accurate. But in May of 2007, there was this Russian statute that the Estonians were going to take down, a big political discussion between Estonia and Russia.
Activists from Russia appeared to attack it and from around the world. Different computers were brought into play to send spam email a distributed denial of service attack on much of the government of Estonia's infrastructure making it almost impossible for their banks to do business internally and for sure externally to Estonia caused tremendous damage is resulted in them building a cyber capability themselves. So a huge problem and it was all around that political issue. Attribution saying specifically was this caused by one nation state or another is difficult and not something that we had.
REP. COFFMAN: Thank you, General.
How would you -- in terms of the threat assessment, and I think you've described what the tactical measures are in terms of threatening our infrastructure -- but could you in terms of evaluating the peer competitors of the United States in terms of their threats in cyber space, how would you evaluate them, say, China, Russia? Who are the peer competitors of the United States that threaten us -- that potentially would threaten us?
GEN. ALEXANDER: That's a great question, congressman, because in cyber space it's not so much necessarily the size of the country as it is the idea of the person who's creating the software. I think there are a number of countries out there that are near peers to us in cyber space and hence the concern. This is an area that others can have an asymmetric capability and advantage. And there's two parts to that question if I could just add an extension to it is, first, we think about nation states, but just given that part of the discussion the non-nation state actors are also a concern. And then if you look in this -- in this area when people create tools, cyber tools, the unintentional distribution of some of those tools can cause the most problems.
We've got to be prepared for all of that, for these nations that are out there. And we're not the only smart people in this area. There are others that are just as capable as us and, in some areas, perhaps more capable. And so we have to ensure across that board that we cover that spectrum. China, Russia -- and you can just go around the world and pick most of the modern nations -- have capabilities that, I think, many could argue are near to us and, in some areas, may beat our capabilities.
REP. COFFMAN: General, who -- who would exceed our capabilities?
GEN. ALEXANDER: Well, it depends on the area. So if you were to -- if you were to build a whole suite of tools -- and if you go back to the '50s, you know, it was a discussion about the different capabilities of us versus Russia. Russia had power capabilities over us in some areas, actual electrical power and the development of power engines and some capabilities. And we had it in, perhaps, the computer and some other areas.
We're going to see in the tools -- the development of tools -- one country may be the best at developing worms or viruses. Another may be the best at developing tools for exploitation that are stealthy, we don't see them. Another country may be the best at developing tools that can attack certain specific systems because they see that as in their national interest.
And so our concern, my concern, in answering this -- and I think what we as a nation have to look at -- is you have to cover that whole spectrum to protect our country. And so what we have to do is we're not going to be -- we have to recognize that, first, there are other smart people out there. And that's why we've got to take this so serious. It is an asymmetric advantage that some could have over us, and we've got to put that defense up.
REP. COFFMAN: Thank you. Mr. Chairman, I yield back.
REP. SKELTON: Thank the gentleman. Mr. Reyes, please.
REP. SILVESTRE REYES (D-TX): Thank you, Mr. Chairman. General, good to see you, and thank you for the work that you are doing in this very critical area. I think it's great news that we're getting the kind of talent that we know we're able to attract. And, certainly, getting 800 applicants for the position that you reference is good news.
But I've got -- the question I have is, you're dependent on all the services to provide you the personnel with these skills. And I'm just curious, do you -- do you think that all the services are, I guess, first of all, at the same level in terms of attracting and providing for opportunities as a career in cyber for their respective personnel? Do you think they're all at the same level?
And the second thing is are there any concerns that you have -- since you're dependent on them -- that you've expressed to the other services about this issue? Seems to me, you are dependent on their ability to give you that kind of support.
GEN. ALEXANDER: I am optimistic that we will get the force that we need. We are pushing on the services to go faster to bring those forces in. And the issues that we've talked about, how do you not only recruit some of these, but how do you retain them, and in what -- in what mix do you bring them in? Are they all military? Are they military civilian? How do we add those mixes in? And how do they complement other actors that we have within NSA, the IC, and other elements -- DHS, as an example. How do we bring all that together are parts of the discussion.
If I were to tell you my greatest concern, it's moving fast enough to provide a capability to defend our networks in time if a crisis were to occur. We see that as our number one mission, be ready. And right now, we have to build that force to get there; that's going to take some time. We have some forestructure; the services have leaned forward on that. They are presenting some capabilities. We are moving down that road.
It doesn't -- you don't instantly create a cyber actor or a cyber operator; it takes time. Some of the training programs go 18 months, and so even if we had a hundred or a thousand more today, we'd want to send those through training. Some of the discussions the service chiefs have had with me is can we do on-the-job training for some of these folks that are pretty smart, put them in this area and give us an increased capacity earlier, and then send them to a training program, a formal training program, as we bring in others? We've got to look at all of that.
REP. REYES: In the context of the threat that you just mentioned, we're focused mostly on attacks from other countries on our -- through the -- via the Internet. I'm concerned, given the case of private manning and the Wikileaks case as well, about attacks within, you know, in other words, people that have access to our systems that deliberately either steal information from our secure systems or, in some cases, may be enemy agents that have access to them. What -- are you concerned about that? What are we doing about that, and how can we -- what can we do to minimize those kinds of concerns?
GEN. ALEXANDER: Congressman, I am -- I am concerned about it; it is an issue. I do think we have some ideas on how to address that, some of which we have already implemented, some that will need to be implemented as we transition to a new architecture. I think both of those will help address that problem. There is always going to be concern about an inside actor, and I would just add to it, supply chain issues. Both of those are going to be key things that we're going to have to look at.
Knowing that those are issues will help us in the development and planning of our future systems. And I think we've got to address those with our eyes wide open. It is always going to be a problem. There are things that we can do to mitigate it. We will never solve that a hundred percent.
REP. REYES: Very good. Thank you. Thank you, General. Thank you, Mr. Chairman.
REP. SKELTON: Thank the gentleman from Texas.
Mr. Wilson, please.
REP. JOE WILSON (R-SC): Thank you, Mr. Chairman. And General, thank you very much for your service. I'm very grateful that our colleague, Congressman Roscoe Bartlett of Maryland, for years has raised the concerns about cyber warfare and how this could affect the American people, and I appreciate your efforts to protect the American people.
Throughout my time in Congress, and as the ranking member of the Military Personnel Subcommittee, I've had the opportunity to meet and hear from many wounded veterans. Many are eager to return to the fight. It seems to me, it would be in the best interest of the Department of Defense to attain these individuals and their knowledge and their experience. With that said, are there any efforts to be made to retrain wounded warriors within the cyber command? If not, would that be a potential option?
GEN. ALEXANDER: We do have within the services and within NSA a program to hire the wounded warriors, and we have brought some on board that are operating either in this or -- in one capacity or the other. That is a great point. I would just like to emphasize, we can use these soldiers, sailors, airmen, Marines; they have tremendous capability and they present a credible operator for the rest of the folks to see. So it's a huge step forward. And we have brought a number on board. I think we could do more on that. We need to work with the services on that, and we are.
REP. WILSON: And I'm seeing it firsthand. I was visiting at Landstuhl, and a young lady had lost both legs and her -- within 48 hours, her comments were, I want to be back with my buddies. And so people do want to serve. And so I can see what you're doing is giving a great opportunity for very talented people who want to serve our country.
There has been concern of personal liberties and privacy being compromised with regard to cyber security. As a command, what will you do from a process perspective, as well as technological perspective, to ensure privacy and civil liberties are protected? Is there anything Congress can do to assist you in your efforts?
GEN. ALEXANDER: That's a great question. Thank you, Congressman, because I think -- two parts to this. One, we have a responsibility to protect the civil liberties and privacy of the American people and of our people; that's non-negotiable. Constitution -- that's what we're there for; we have to do that.
Now, there's two issues with this. One, transparency, what can we do to show you, Congress, as an oversight body what we're doing and the American people? And two, how do we also help ensure that what they understand is accurate, because a lot of people bring up privacy and civil liberties. And then you say, well, what specifically are you concerned about? And they say, well, privacy and civil liberties. So is this system -- are you concerned that the anti-virus program that McAfee runs invades your privacy or civil liberties? And the answer is no, no, no, but I'm worried that you would.
And so now we're -- so let's explain what we're trying to do to protect the department's systems.
And I think that's where Congress, the administration, the department can work together to ensure that the American people understand exactly what we're doing and how we're doing it. That's part of the transparency that I think needs to be put on the table.
What we can't do -- we can't say here's a specific threat that we're defending against and how we're defending against it because the adversary, within three days, would be able to work around it.
So it's those two things. That's a very important issue, I think, that we have to confront now and fix.
REP. WILSON: And for the health and safety of the American people, such as electrical grids, you mentioned the banking-commerce system of Estonia -- all of this is so important.
A final question. Your activities fall under Intelligence Title 50, Attack (ph) Title 10 and Law Enforcement Title 18. How do you balance these legal authorities?
GEN. ALEXANDER: Well, for the Title 10, they operate under the -- Cyber Command operates under Title 10 authorities to this committee, the House Armed Services Committee.
NSA -- we operate under Title 50 intelligence authorities under the House Permanent Select Committee for Intelligence. And we have, in our staffs, the legal teams to ensure that we do these exactly right.
And so any operations that Cyber Command does, defensively, we have the standing rules of engagement laid out there. And any other operations that we would do would have to be done under an execute order through the secretary of Defense and the president.
REP. WILSON: And, again, thank you very much for your service and commitment to our country.
I yield the balance of my time.
REP. SKELTON: Thank the gentleman.
Mr. Critz, please?
REP. MARK CRITZ (D-PA): Thank you, Mr. Chairman.
And thank you, General, for being here.
Fortunately, in my part of the world in Western Pennsylvania, we have Carnegie Mellon University, and they have the cyber lab and they do a lot in cyber security. And we've been talking about this quite a bit.
And one of the issues that seems to come up -- and it seems like you've explained within the military -- that we can be stovepiped in how we accomplish or how we do things. And it's good to see the different services working together, but I'd be curious to hear how you're partnering or how you're working with not only private industry but with the educational institutions out there that have expertise so that we're working cohesively because I would assume that many of the threats are very similar.
GEN. ALEXANDER: That's a great question because the universities, academic institutions, labs, industry are key partners in all of this, and we do have to reach out. And we reach out in a couple of ways.
As you may know, from an information assurance side, both we, NSA, Department of Homeland Security and the department run a program, an education program that helps the universities. Here's a set of criteria for getting an information assurance degree. And we work with those universities, over a hundred now, in doing that.
I think that's absolutely the right thing to do. And as we said earlier, we are not the only smart people in this area. In fact, many of us would argue that our industry partners have tremendous capability. So partnerships with them makes a lot of sense. And setting up groups -- and this is where Howard Schmidt, the White House coordinator, comes in -- and Homeland
Security -- to bring these teams together.
I think that's crucial bringing all of the players together -- industry, academia and government -- to solve these problems.
REP. CRITZ: Well, thank you very much.
And you mentioned about the 250,000 attacks per hour. I think that was the number you used. And, certainly, that happens in industry as well. In fact, some statistics show that patches to anti- virus can be reengineered or reverse-engineered within moments, actually, as the patches come on board. So it's a major issue.
You mentioned about the thumb drives, how they carry viruses around. And, certainly, it's an educational process.
I've noticed or have read about a culture shift that's been mentioned within the military, and I'd be curious to hear your description of this culture shift and what it really means.
GEN. ALEXANDER: So we actually had three parts that came out of that Operation Buckshot Yankee -- culture, conduct and capability. On the culture side, it was getting commanders to understand this is commander's business. This isn't something that you say I'm going to have one of my staff run. This is commander's business. Commanders are responsible for the operation of their command. And this operational network, it's important to them.
So the big-jump first part was commanders have a responsibility.
The second part is understanding the responsibility to actually conduct the patches that you brought up because, if you don't fix the patches, as you rightly stated, an adversary sees a problem, within minutes of that problem being out there, they have a way to hit a system with that vulnerability that we're trying to patch.
If you haven't done the patch, you have a vulnerability that somebody will probably exploit. And if you don't do those patches on time, you risk not only your system but the whole network. So getting those right and ensuring that commanders know that it's their business to do that. This has been the greatest cultural things that we've pushed forward in the military.
Tremendous, tremendous jumps from where we were two years ago to where we are today.
REP. CRITZ: Well, thank you.
And my final question is, you know, how can the Department of Defense be more proactive rather than reactive in the .mil domain mode of cyber defense by incorporating the assurance, the resilience and the performance?
GEN. ALEXANDER: I think the first step is we have to look at the way we do business and the way our networks operate. And, like industry, take that conduct and see if there isn't a better model, a more efficient, a more defensible model, something that would harder for our adversaries to penetrate and that would provide equal or better command and control.
It's coming in the commercial side. You can see this with your iPads, your iPhones, the new technology. Computing on the edge, all these things cloud computing. Now, we need to look at that is there opportunities now for the department and the government to use in creating more secure networks.
Industry, academia and government are all looking at this. We've got partners at all of those helping.
REP. CRITZ: Thank you, Mr. Chairman.
REP. SKELTON: Thank you.
Mr. McKeon, please?
REP. MCKEON: Thank you, Mr. Chairman.
General, does Cyber Command have the mandate to support General Petraeus in Afghanistan by denying and disrupting al Qaeda and the Taliban's use of cyber space? Do you have the necessary authorities to carry out this function?
GEN. ALEXANDER: We have actually deployed an expeditionary cyber-support element to Afghanistan to support General Petraeus. I do not want him to beat me up for not doing that. And we have a responsibility to help them protect their networks, the Afghan mission networks. We're working as part of a joint team because the services actually will implement that.
We're ensuring that the capabilities put into that network are defensible and helping to set that up. We're not where we need to be in terms of setting all the things in place, but we've come a long ways. And I think we're making progress in that area.
If you had asked what's the real issue that we need to address, it's assuring that the evolving Afghan mission network is defensible, up and operating because it's going to cover a number of countries that are in Afghanistan.
REP. MCKEON: Thank you.
REP. SKELTON: Mr. Langevin?
REP. JIM LANGEVIN (D-RI): Thank you, Mr. Chairman.
General, welcome. Thank you for your great service to our nation, your presence today. Again, you've had an outstanding career, and I look forward to supporting you in your new role as head of Cyber Command.
Cyber security, as you know, has been both a personal and professional interest of mine for several years now. Since sitting as chairman of the Homeland Security Subcommittee with jurisdiction over cyber security, I've certainly paid very close attention to the cyber threats that are facing our government, our military and our citizens and to the vulnerabilities that have yet to be addressed.
I was certainly pleased to include an amendment in the FY '11 Defense Authorization Act that would enhance our efforts to secure our federal networks and coordinate U.S. resources, and I certainly strongly support the department's moves right now to coordinate its efforts under your new command. And I believe that they found a real expert to lead this new initiative, and I look forward to supporting you in your work.
General, I want to ask you a direct question. If the nation were to endure a major cyber attack right now, could you defend the nation against that attack? Do you have the authorities to defend the nation against that attack?
Obviously, we're talking about the whole of our cyber critical infrastructure.
I have said -- I know, of course, the president has made an address on cyber security, the first major world leader to make a major address on cyber security, said that our cyber assets are a critical national asset we'll defend -- use all assets of national power to defend it.
But my question is, again, to you: Could you defend the nation right now against a major cyber attack. Do you have the authorities that you need?
GEN. ALEXANDER: First, Congressman, thanks for your great support in all the cyber areas and all that you've done over the past years on this. It's been tremendous, and we appreciate it.
To answer your question directly, it is not my mission to defend today the entire nation. Our mission at Cyber Command is to defend the Defense Department networks. If we are tasked by either the secretary or the president to defend those networks, then we'd have to put in place the capabilities to do that.
But, today, we could not.
REP. LANGEVIN: And what would you need to do that, General?
GEN. ALEXANDER: I think this is -- the White House, Congressman, is actually looking at how do you form the team to do the mission that you put on the table. How do we develop the team between Department of Homeland Security, FBI, Cyber Command and others to work as a team to defend the nation in cyber space?
And in that, what are the roles and responsibility of each member in that team? And then let's walk through -- you know, "war game," -- my words -- how that would work and ensure that everybody has the exact authorities and capability to do what needs to be done to protect the country.
Those are the steps that we're going through. It's under the leadership of the White House right now. Howard Schmidt and his folks are leading that to look at this. We get to participate in that to put forward our ideas on how the country could be protected, specifically, the government, the government networks and what I'll call critical infrastructure.
REP. LANGEVIN: Okay. Well, let me press you a little bit more. If America, in fact, experienced a serious, high-profile attack today against our critical infrastructure, perhaps, our power grid, banking sector or transportation, what are the rules to self-defense in cyber space? And can you walk us through how such an attack would occur and how the U.S. government could work to stop it and ensure the security of our citizens?
GEN. ALEXANDER: That's a great question. Okay. To be very direct on it, if an attack were to go against the power grids right now, the defense of that would rely heavily on commercial industry to protect it. If commercial industry had the signatures and the capabilities in place to weed out that attack, then they would be successful.
The issue that you're really getting to is what happens when an attacker comes in with an unknown capability. That unknown capability would have the ability to shut down either the banks or the power grid if it got through.
So to defend against that, we need to come up with a more -- my term -- a more dynamic or active defense that puts into place those capabilities that we need to defend in a crisis. That's what we are working right now in the department to do to ensure that that works and working, actually, closely with Department of Homeland Security and the White House to show how that could be done.
And they are looking at that as a model to put in place and now trying to ensure that they have the authority to do that, looking at how that would all be created. And if they don't have it, I think that's what they would bring forward to you.
REP. LANGEVIN: General, thank you. I know my time has run out. But these are the things that keep me up at night, and I'm very concerned about the potential threats in the cyber realm facing our nation, and I look forward to working with you on addressing these important challenges. Thank you.
REP. SKELTON: Thank the gentleman.
Let me ask this question before I call on Mr. Boswell. General, where are each of the four subcommands physically located?
GEN. ALEXANDER: Right now, three are at Fort Meade, or at least major portions of them are at Fort Meade. One Air Force is at San Antonio, Texas, co-located with San Antonio, Texas, and I'll have a beachhead at Fort Meade.
So I think they're all in that enterprise that allows us that capability to touch both the NSA portion and work together as an effective team.
REP. SKELTON: Thank you.
REP. LEONARD BOSWELL (D-IA): Thank you, Mr. Chairman. Just very short.
Good to see you again, General. Appreciate your work very much.
I'll just check the notes, but I got here late. But could you tie the DNI, how they fit into this? I know, as NSA, you report to the DNI. Tie this together for us.
GEN. ALEXANDER: All right. NSA has a direct report to the DNI for operational intelligence means, and we do that. The DNI oversees all the threat-related collection that goes on in cyber space, as you would expect.
General Clapper -- Jim Clapper, the director now for DNI, absolutely in sync with where the department is going and has been a huge advocate and candidate for helping to put this together, absolutely superb. I think that's going to continue to go well. I think we're building those right pieces together.
They understand and I understand the responsibilities that I have under the Title 50 back to the intel committee and under Title 10 back to this committee. And I think all of those understand it too and know that we're doing those right.
I think, if I could, one of the things this gets to, this question that you bring up that's so important for our country, note that we couldn't replicate the NSA capabilities. And so leveraging them is going to be hugely important.
And now ensuring that we leverage them properly, that we meet the civil liberties and privacy that folks set up and that we're transparent. Those are going to be the keys and where we've got to come back to and show you how we're doing that.
REP. BOSWELL: I appreciate that. Also, we all appreciate the investment we got in the NSA, and we can't duplicate it, so that leveraging, I think, is extremely important. There's a lot of need there, and it's kind of the frontier right now, as we all know. So I wish you well and thank you for your dedication. And I appreciate those strong words you said about the indepth you've got with the two staffs. We wish you well, and we'll do our best to be helpful.
GEN. ALEXANDER: Thank you, sir.
REP. BOSWELL: I yield back.
REP. SKELTON: Thank the gentleman.
REP. HANK JOHNSON (D-GA): Thank you, Mr. Speaker -- I mean, Mr. Chairman. And thank you, General Alexander, for your appearance today.
I wanted -- communications, logistics and intelligence operations conducted by the Department of Defense are, to some extent, reliant upon the public Internet. Is that true?
GEN. ALEXANDER: Absolutely, Congressman.
REP. JOHNSON: And could we fight a war effectively were the public Internet to fail or be compromised?
GEN. ALEXANDER: Well, that would be very difficult if those specific networks that we depend on were not protected. So I would put those in that category of critical infrastructure myself.
REP. JOHNSON: Could we fight a war in the event if the global information grid were substantially or wholly compromised?
GEN. ALEXANDER: If it's compromised, I think we could fight a war. If it were destroyed, that is a different issue. And now we'd be back to many years ago, and we'd have to look back because much of our command and control and much of our intelligence depends on that network operating.
REP. JOHNSON: Do we have a specific contingency plan in the event that that happens?
GEN. ALEXANDER: That's one of the missions that we're looking at is how do we do that. In the IT architecture that I described earlier, one of the things that we're looking at is how do we get that agility and flexibility to operate in those degraded environments. It's something we've got to do.
REP. JOHNSON: Are you satisfied that the various agencies and interagency councils responsible for U.S. cyber security, some of which have overlapping jurisdictions or areas of focus, are arranged such that you can do your job efficiently and effectively?
GEN. ALEXANDER: Well, I think with any new area, Congressman, you're going to have differences of opinion. I think that's a good thing. The team is coming together good. Now that we have Howard Schmidt on board as the White House coordinator, I think we're getting more folks and faster movement within the interagency.
And it goes back to a couple of the earlier questions. We do have to resolve some of these. The White House is working that right now to say whose mission is it to do which part of this, and do we have that all right, and do you have the capabilities and authorities to do that.
REP. JOHNSON: Yeah. We've seen where, in our intelligence gathering apparatus, there has been silos, I guess, built, and the information does not flow freely or as freely as we would like. And that certainly would be -- not be a model that we would want to adopt when it comes to cyber security issues.
Would you agree?
GEN. ALEXANDER: I agree. I think it needs to be a team.
REP. JOHNSON: Are there any structural changes that you think may accommodate that aspiration?
GEN. ALEXANDER: I believe, in the future, we're going to need to make structural changes, but I don't know what they would be right now. I believe that, as we look at how we're going to operate in cyber space to protect this nation in the areas that you want us to protect and the nation wants us to protect, we then need to look at how that team is organized, how it operates and the authorities on which it operates.
That's one of the things the government is working hard on right now. We're working our portion of it. I think what you then want is for those teams to come together and put that all together. And that's where the White House, specifically Howard Schmidt, is focusing on.
We need to come back, lay out those authorities and come back to you with that. And in that, they may come up with recommendations, but I don't know any right now that I would make.
REP. JOHNSON: Much of the hardware used on U.S. defense and intelligence networks is manufactured abroad, some of it in China. Is that correct?
GEN. ALEXANDER: Not much of computers are put together or built in other countries, and China is one of the big producers.
REP. JOHNSON: Are we confident that those hardware suppliers are not compromised? And is there something that we could do with respect to securing the items during the manufacturing process?
GEN. ALEXANDER: I think there's two parts to that. One is, as we manufacture, manufacture things to a specific standard and have a capability to test that standard. That would be one part. Same for software.
And, two, understand that people will always try to manipulate your system, and we have to be looking out for that and have the capability and the dynamic to look for that within our networks.
REP. JOHNSON: Thank you, General.
You and your associates have a big job to do, and we appreciate you for your professionalism and your strong will to win in cyber space.
GEN. ALEXANDER: Thank you.
REP. SKELTON: Thank the gentleman.
REP. CAROL SHEA-PORTER (D-NH): Thank you very much, Mr. Chairman.
And thank you for being here.
Last week, there was a briefing with the deputy commander of Cyber Command. He discussed an upcoming disaster-response exercise that was being planned in the Department of Homeland Security and how he was working to make sure that Cyber Command was involved in the exercise.
He was taking some effort to make sure that he was able to participate. While there have been questions on integration of the services, could you please tell me how Cyber Command is working with other government agencies, such as Department of Homeland Security?
GEN. ALEXANDER: Right. We work with the Department of Homeland Security in a number of ways. If I could, first, we -- NSA -- has a team there, a cryptologic support group -- that we depend on largely to help in the cyber area.
Two, within the department, our undersecretary of Defense for policy has a responsibility to reach out to the Homeland Security, and we have a direct relationship to them. For the U.S. CERT, the computer emergency response teams that they have, for their operations and ensure their information is passed back and forth.
So if you think about it, I'm giving you kind of a convoluted answer because it actually goes on several levels. At the high level, what the departments are doing -- Homeland Security and Defense. In my opinion, the secretary of Defense and the secretary of Homeland Security have a vision for how they're going to do this, and we're working towards that vision and trying to bring it.
The staffs are working together -- the department staff -- in that. We fall under that department staff and take their lead. And at the operational level, on the networks, the U.S. CERT works with our joint operations center and others to ensure that information is passed on the networks about threats and stuff. And that works pretty good.
So at the player level, that's going on and we're building the others to get to issues like that cyber exercise coming up.
REP. SHEA-PORTER: Okay. So you feel that you're a full player on the field now; that everybody recognizes how essential your mission is and that you're well integrated?
GEN. ALEXANDER: I think there's always going to be -- for the near term, we're going to have to do a lot of work to integrate because there is issues, as you would expect, of who's got the responsibility for which piece, how do we work that.
I think those issues are natural. We're working those out.
I do -- I would tell you that they know we're here. They are working with us. I just had a meeting earlier this week, and we had Rand Beers and Phil Reitinger. They were at the meeting. And we have daily VTCs with Homeland Security in this area.
That doesn't mean that we're not going to have issues about how much do we play, for example, in that cyber exercise, Defense Department issues versus Homeland Security issues. And that's probably where you'll see more friction. So how much of each do you play? How radical do you make the exercise?
REP. SHEA-PORTER: I would say that time is our enemy on this. As fast as we can move this integration, the better off and the safer we'll be.
So thank you for your efforts, and I yield back.
REP. SKELTON: With no further questions, General, we are very appreciative of your being with us today. We wish you well. It appears you have some excellent colleagues to work with, and we look forward to your testimony in the future.
We are, of course, here to be of any assistance to make you all the more successful.
With that, the hearing is adjourned. Thank you.
GEN. ALEXANDER: Thank you, Chairman.