Return to Transcripts main page


Continuing Coverage as Intel Chiefs Testify on Russian Hacks. Aired 11-11:30a ET

Aired January 5, 2017 - 11:00   ET


[11:00:00] ADMIRAL MICHAEL S. ROGERS (USN), DIRECTOR, NATIONAL SECURITY AGENCY: And every intelligence professional knows that.


ROGERS: I've had plenty of times in my career when I have presented my intelligence analysis to commanders and policymakers and they've just looked at me and said, "Hey, Mike, thanks, but that's not the way I see it," or "You're gonna have to sell me on this."

That doesn't bother any of us. What we do I think is relevant and we realize that what we do is in no small part driven in part by the confidence of our leaders in what we do.

And without that confidence, I just don't want a situation where our workforce decides to walk, because I think that really is not a good place for us to be.

HEINRICH: I think many of us could not agree more. And if -- if the underlying facts that the intelligence community brings us are incorrect, we should call that out. I just have not seen any evidence indicating that in this case.

Oftentimes we come to different strategic or policy points of view based on that information but that's an entirely different thing.

Director Clapper, I want to go to a little bit more of not just the classified information but the relevance of publicly available information, of the whole picture of Russia's activities within the context of this election.

Can you talk a little bit about the activities of the Russian government's English-language propaganda outlets, RT, Sputnik, as well as the fake news activity we saw, as well as the social media, and how those paint a complete picture that is supplemental to what we saw with the hacking in this case?

CLAPPER: I appreciate your asking -- raising that because, while there has been a lot of focus on the hacking, this was actually part of a multifaceted campaign that the Russians mounted.

And, of course, RT, which is heavily supported by -- funded by the Russian -- the Russian government, was very, very active in promoting a particular line -- point of view, disparaging our system, our alleged hypocrisy about human rights, et cetera, et cetera. Whatever crack they could -- fissure they could find in our -- in our tapestry, if you will, they would exploit it.

And so, all of these other modes, whether it was RT, use of social media, fake news, they exercised all of those capabilities in addition to the hacking.

And, of course, I think the -- the totality of that, I think, regardless of what the impact was, which we can't gauge, just the totality of that effort, not only as DNI but as a citizen, I think is a grave concern.

HEINRICH: Thank you, Mr. Chair.


SEN. JONI ERNST (R), IOWA: Thank you, Mr. Chair.

Gentlemen, thank you very much. And I also want to thank you and the men and women that work diligently in the intelligence community (ph) for the work that they do for the United States of America.

Admiral Rogers, you've stated twice now -- you've really stressed this point -- that you must be faster and more agile in your responses.

And so, our discussion this morning will go back to a discussion that we had in September of this last year in front of this body, because I believe it is important that you understand the capabilities that exist out there and are readily available to the United States Cyber Command.

And this past September, I asked you about a Government Accountability Office report that stated "the Department of Defense does not have visibility of all National Guard unit cyber capabilities, because the department has not maintained a database that identifies the National Guard unit's cyber-related emergency response capabilities, as required by law."

And I was a bit alarmed when you stated that you haven't seen the report. It was a report that took about a year to compile and was presented to both this -- this committee and the House Armed Services Committee.

And four months later, I still have not received an answer from you, my questions, for the record. And as of this morning, all of the GAO recommendations are still open from this report.

So, it's been four months and I would just like an update on that, if you have been able to read the report and where is the department at in regards to tracking National Guard cyber capabilities.

ROGERS: Yes, ma'am. So, first we didn't get your question until December, but I -- I acknowledge that you have formally asked us this.

First, as U.S. Cyber Command, I'm operational commander. Manning, training, and equipping is a function of services in the department.

For me in my role, I track the operational readiness levels of all National Guard and Reserve units that are allocated to the mission force. So I bore into them in the exact same way I do the active side.

In terms of more broadly, how is the department tracking this set of skills that are available, both in the reserve component? I'd argue that it's the same challenges that are in the active component. How do you take advantage of the breath of capability that's broader than just the particular military occupational specialty, for example.

I'm the first to acknowledge that after talking to my teammates at OSD and the services, I don't think we have a good answer for you. I'll give you -- I'll something in writing for you within the next week or so because I do acknowledge that we need to do that.

ERNST: I do appreciate that because there -- how long has the United States been experiencing a tax from entities outside of the United States?

ROGERS: You could argue we've been in this cyber dynamic for over a -- a decade. I mean, it's gotten worse but...

ERNST: A decade, and so we have taken the steps of developing Cyber Command and the capabilities that exist both in our Reserves, National Guard and the active component units. And to become more faster -- or faster and more agile, we need to know what those capabilities are.

So if you have a solution to that on how we can track those capabilities, we need to figure that out. Many of these units have the capability of defending networks and yet we're not utilizing those capabilities. And we don't know where they exist, to be honest.

ROGERS: So please don't take from my comment that we don't believe that the role of the Guard and Reserve isn't important. If you look at in the last 12 months, we've got two cyber protection teams from the Guard that have been mobilized. We're -- we've gone online in the Guard and the Reserve national mission teams for the first time within the last year. I mean it's great to see how Guard and Reserve are developing more and more capability. That's a real strength for us...


ERNST: Absolutely, and I think we'll see those continue develop even more in the future, but we need to be able to utilize those capabilities that exist out there. So, you know, that many of our best soldiers in the National Guard and Reserves come from the private sector. I know this from some of my own Guardsmen that worked full time in computer technology and cyber technology.

And you were -- you stated in September you were trying to figure out how better leverage the National Guard and do you have a response for that? Have you thought of ways that we might be able to use those Guard units more readily?

ROGERS: This is a topic that in fact I was just talking to General Lengyel the -- the director of the Guard Bureau a few weeks ago to say, hey look, this is something in 2017 I want us to sit down -- I think there's a couple specific missionaries where the capabilities of the Guard and Reserve are really well optimized. Because I'd be the first to admit, the answer can't be every time, we'll just throw the active component at this. I don't think that's an optimal approach for us to do in business.

So you'll see this play out for us in 2017, we gotta work through Title 32 versus Title 10 issue. What role -- what's the right way to do this?

ERNST: Absolutely.

ROGERS: Do we put it within the defense support to civil authority construct? I'd like that because it's a framework that we already have. I'm a big fan of let's not reinvent the wheel when it comes to cyber. How do we take advantage of process into structures and authorities that are already in place? That's one thing you'll see some specific changes on within a department we're working through right now on the policy side.

ERNST: Very good. Well, I appreciate it. I know my time is expiring. So, I look forward to working with you on that, Admiral Rogers.


SEN. JOE DONNELLY (D), INDIANA: Thank you, Mr. Chairman.

And I want to thank all of you for all your efforts today, for the amazing careers you've had.

And, Mr. Chairman, thank you for holding this hearing, I think it's critically important to our nation. And I want to be clear that the purpose of today's hearing is not to debate the validity election, but to discuss foreign attempts to use cyber attacks, to attack our country, including the recent Russian actions intended to influence our elections.

And I appreciate the bipartisan effort to get our people the answers they deserve. And I'm grateful for the amazing efforts that our intelligence agencies put forth, every single day. That every day, lives are on the line to make sure that we're safe and to make sure that all Americans have a chance to take care of their families and go to sleep at night and not have to worry while your people are on the front lines all around the world.

DONNELLY: And I can tell you on behalf of all Hoosiers that when it comes down to a choice between your people or intelligence agencies, and Julian Assange, we're on your team every time. And I actually find it stunning that there's even a discussion in our country about the credibility of our intelligence agencies versus Mr. Assange.

It -- it is astounding to me that we would even make that comparison, when you see the stars in the CIA headquarters of all the people who have lost their lives and who have lost their lives in their agencies to keep us safe.

Director Clapper, how would you describe your confidence in attributing these attacks to the Russian government opposed to someone in their basement?

CLAPPER: It's very high.

DONNELLY: The government has named those responsible for the DNC hacks as APT 28 and APT 29, part of the Russian intelligence services, the GRU and the FSB. Are all the actors targeted by these two entities known to the public sir?

JAMES R. CLAPPER JR., DIRECTOR OF NATIONAL INTELLIGENCE: I'm sorry sir, the question again? Are all what?

DONNELLY: All the actors in the -- targeted by these two entities GRU, the FSB, APT 28, APT 29. Do we know everybody? Have you told us who is involved or are there more that you can't discuss at this time?

CLAPPER: Right, I don't think I can discuss that in this forum.

DONNELLY: OK. How -- how far up the chain is -- in what you can tell us, does this go in regards to the Russians? At what level were the instructions to take these actions given?

CLAPPER: Again sir, I can't speak to that in this setting.

DONNELLY: Thank you.

Do you think we are communicating clearly to our adversaries in a language that they'll understand? That the costs will outweigh any gains that they get if they try this again? Not only you Director, but the others, how do we best send that message do you think?

CLAPPER: Well, certainly the sanctions that were -- that have been imposed, the expulsion of the intelligence -- the 35 intelligence operatives, the closure of the two facilities which were used for intelligence purposes and the other sanctions that were levied, I think does convey a message. There's -- it's open to debate whether more should be done. I'm a big fan of sanctions against the Russians, but that's just me.

DONNELLY: Admiral, what would you say sir? ROGERS: I would agree. I mean the challenge here is look, we don't want -- I don't think it's in the best interest of any of our nations to be in the confrontational approach to doing business. And, we've got to figure out how do we articulate what is acceptable, what is not acceptable in a way that enables us to continue to move forward in a productive relationship.

That's not unique to the Russians, I would argue that that's a challenge for us on a whole host of actors out there. This is just in some ways been the poster child for this challenge of late.

CLAPPER: I would add to that if I may that -- it certainly would be a good thing if we could find areas where our interests converge. I'm speaking of ours and the Russians, and we've done that in the past. So, to -- just to (inaudible) Admiral Rogers' point. But there's -- I there is a threshold of behavior that's just unacceptable. And, somehow that has to be conveyed.

DONNELLY: Well, I am out of time, but on behalf of all the American people we want to thank you. You have dedicated your lives to keeping us safe and we're incredibly grateful for it.

Thank you Mr. Chairman.


SEN. DAN SULLIVAN (R), ALASKA: Thank you, Mr. Chairman and thank you, for you and the ranking member for holding this hearing.

And, I also want to thank you, General Clapper, Mr. Secretary for your service as this might be your last hearing, and the men and women you lead.

You know, you describe in your testimony the increasing attacks we're seeing, not just from Russia, but China and other actors, Iran, North Korea, their increasing capabilities. The chairman's opening statement pretty much stated that it's his view, and I certainly share the view that we're being hit repeatedly because the benefits outweigh the costs for those who are taking these actions against us. Do you agree with that?

CLAPPER: I do. And I think -- I think we all do that this is for adversaries like -- I'll just name, North Korea and Iran, it is a very relatively low cost acts that can cause havoc. And what I think we've seen over time is that they -- they keep pushing the envelope as they -- as their capabilities improve and they're willing to exercise those capabilities.

SULLIVAN: So if that's the case, and I -- it's glad that I think there's some consensus here. You're talking about retaliating, upping the cost with all instruments of power. Mr. Secretary you mention retaliate at a time of our choosing -- in the realm of our choosing, but it doesn't seem to be happening -- it doesn't seem to be happening because the attacks continue. So let me just give an example. Let's say Iran conducted -- and you mentioned that they're being more aggressive, more risky than North Korea -- some kind of cyber attack. If we did something, maybe without announcing it, like the president announced the Russian counter actions.

But let's say we didn't announce it. Let's say we did something where we essentially collapse their financial system. Or something pretty dramatic and we let them know we did it, but we don't have to publicize it.

Do you think that's the kind of action that would say, hey don't do this or we're going to come back and retaliate at our time, our choosing and crush you. How come we haven't done that yet? And do you think that if we did something like that with the Iranians or the North Koreans would that -- would that deter them in the future?

Mr. Secretary?

MARCEL LETTRE, UNDERSECRETARY OF DEFENSE FOR INTELLIGENCE: Senator I think you're getting right at the question of what is the -- what do we mean by a proportional response in some instances.

SULLIVAN: Or asymmetric right? You're talking about asymmetric responses which I fully agree with.

LETTRE: That's right or in instances that are significantly serious and grave, whether a more than proportional response is required to really set that deterrence framework in place.

SULLIVAN: But isn't the key question right now and it came from the Chairman's opening statement, which I think you agreed with, is that nobody seems to be intimidated by us right now. So let me give another example.

Senator Inhofe asked a question early on about China. China hacked, allegedly -- maybe you can confirm that -- government lead, 22 million files. A lot of the SF 86 files that you used for background clearances, they hacked -- they have mine I was informed by the government. Very sensitive information as you know that they can use against intelligence operatives and military members.

And Senator Inhofe asked the question, did we retaliate -- what did we do? The answer that I heard from all of you was, well we try to protect people, like me, and I'm sure others who's sensitive intel information and background information was compromised.

But I didn't hear any claim of a retaliation on a huge hack. Huge, 22 million American, federal, military, intel workers got hacked by the Chinese.

So the president signed this statement with President Xi Jinping, the U.S.-China Security Agreement. But obviously Mr -- or General Clapper, from your testimony the Chinese have not abided by that, have they? CLAPPER: They have, as I indicated in my testimony..


SULLIVAN: I thought you said they were continuing to deal.

CLAPPER: I'm sorry?

SULLIVAN: I'm sorry, I thought you said in your testimony today that they continue to conduct cyber attacks.

CLAPPER: They continue to conduct cyber-espionage. They have curtailed, as best we can tell. There has been a reduction and I think the private sector would agree with this. There has been some reduction in their cyber activity.

And the agreement simply called for stopping such exfiltration for commercial gain.

SULLIVAN: So let me just ask a final question. Did we retaliate? And up the cost against China after an enormous cyber attack against our nation?

CLAPPER: We did not retaliate against an act of espionage anymore than other countries necessarily retaliate against us for when we conduct espionage.

SULLIVAN: But isn't that answer just part of the problem, that we're showing that we're not going to make it costly for them to come in and steal the files of 22 million Americans, including many intel officers?

CLAPPER: Well, it's as I say, people who live in glass houses need to think about throwing rocks. Because this was -- this was an act of espionage and, you know, we and other nations conduct similar acts of espionage. So if we're going to punish each other for acts of espionage, that's a -- that's a different policy issue.

MCCAIN: Senator King?

SEN. ANGUS KING (I), MAINE: Thank you, Mr. Chairman. Your opening statements are always erudite and thoughtful, but I thought today's was particularly so. Very -- you touched on all the important points that have really formed the basis for this hearing so I -- I want to thank you for that.

Director Clapper, I think it's important to put some context around some of these discussions. One of the most important things to me is that your public statement in October, along with Jeh Johnson was prior to the election and you were simply telling facts that you had observed and, in my experience of reading intelligence community communications, it's one of the more unequivocal that I've seen.

You've stated here you have high confidence in those conclusions that the Russians were behind it. That it was intended -- intended to interfere with our elections and that approval went to the highest levels of the -- of the Russian government. Have you learned anything subsequently that you can tell us here today to contradict those findings that you publicly stated last October?

CLAPPER: No. In fact, if anything, what we've since learned just reinforces that statement of -- of -- of the 7th of October.

KING: And there was no political intention? You were simply reporting facts as you saw them. I presume that's correct? Your -- your history is one of being non-political.

CLAPPER: Absolutely. I felt particularly strongly, as did Secretary Johnson, that we owed it to the American electorate to let them know what we knew.

KING: Now, people in Maine are skeptical and they want to have evidence and proof and I'm hearing from people, prove it. The problem, as I understand it, is the desire to provide evidence that is convincing that your conclusions are correct versus the danger of compromising national security on sources and methods. Can you, sort of, articulate that, because I think that's an important point. CLAPPER: We have invested billions and we put people's lives at risk to glean such information. And so if we were to fulsomely expose it in such a way that would be completely persuasive to everyone, then we can just kiss that off because we'll lose it.

And then that will endanger our -- imperil our ability to provide such intelligence in the future. And that's all that -- the dilemma that we have in intelligence. We want to be as forthcoming and transparent as possible, but we feel very, very strongly, as we do in this case, about protecting very fragile and sensitive sources and methods.

KING: Let's again turn to a question of context.

What we saw in this country this fall and in the -- going back actually almost a year, was -- was -- was a example of a Russian strategy that's been playing out in Europe for some time that includes, not just hacking, as you said, but disinformation, propaganda -- I heard just from a senior commander -- I took a break here from the hearing -- in Europe, that Russia is actually buying commercial TV stations in Western Europe at this point.

And this is a comprehensive strategy that we've seen playing out in Eastern Europe and also there was a report this morning that they are funding one of the candidates for the presidency of France in the election this May.

CLAPPER: Well, the Russians have a long history of interfering in elections. Theirs and other people's. And the difference -- and there's a long history in this country of disinformation. This goes back to the 60's, the heyday of the Cold War. Funding that they would share or provide to candidates they supported, the use of disinformation, but I don't think that we've ever encountered a more aggressive or direct campaign to interfere with our election process than we've seen in this case.

KING: And channel -- there are so many more channels of disinformation today than there were in the past.

One final point...

CLAPPER: That's exactly right and that's a very key point about the -- of course the cyber dimension and social media and all these other modes of communication that didn't exist in the -- in the Cold War.

KING: One final point. We -- we had a meeting with the committee with a group of representatives from the Baltic States, and I know the Chairman was just in the Baltic States. I asked them -- and they are just deluged with this.

I mean they warn -- have warn -- been warning us about this for years about the messing around with elections. I -- I said, so what do you do? How do you defend yourself?

And they said, well, we're trying to defend ourselves in various ways. But the best defense is for our public to know what's going on so they can take it with a grain of salt. I thought that was a very interesting observation because their people now say, oh yeah, that's just the Russians.

That's why I think public hearings like this -- and -- and the -- the public discussion of this issue is so important because we're not gonna be able to prevent this all together. But we need to have our people understand that when they're being manipulated. Would you agree with that conclusion?

CLAPPER: Absolutely. That's why I feel so strongly about the statement in October.

KING: Thank you.

Thank you, Mr. Chairman.

MCCAIN: Just to follow up, Chairman Clapper, during the Cold War we had a strategy and we had Radio Free Europe, and we had the Voice of America -- Senator Graham, who will be speaking next, will attest that when our recent trip, they don't have a strategy. They don't have a counter propaganda -- the United States of America I'm talking about.

And we've got to develop that strategy, even if it encompasses the internet and social media. But they -- they are -- they are doing pretty significant stuff, particularly in the Baltics and Eastern Europe. Would you agree, Senator Graham?

SEN. LINDSEY GRAHAM (R), SOUTH CAROLINA: Yes. Appreciate being before the Committee. Thank you. So, yes, I would. Would you agree with me that Radio Free Europe is outdated? CLAPPER: I -- frankly not up on...

GRAHAM: Well, it says radio...


GRAHAM: ... and a lot of people don't listen to the radio like they used to. OK.

CLAPPER: Well, actually radio's is a -- is a -- a very popular mode in many parts of the world.

GRAHAM: Radio's big in your world?

CLAPPER: In my world?


CLAPPER: Not so much.

GRAHAM: Yeah, I don't listen to the radio much either. So, the bottom line is you're gonna be challenged tomorrow by the president- elect. Are you OK with being challenged?

CLAPPER: Absolutely.

GRAHAM: Do you both welcome it?


GRAHAM: Do you think it's appropriate?


GRAHAM: Are you ready for the task?

CLAPPER: I think so.

GRAHAM: Good. Is there a difference between espionage and interfering in an election?

CLAPPER: Yes. Espionage implies a -- to me at least, a passive...


CLAPPER: ... passive collection, and this was much more activist.

GRAHAM: So, when it comes to espionage, we'd better be careful about throwing rocks. When it comes to interfering in our election, we better be ready to throw rocks. Do you agree with that?

CLAPPER: That's a good metaphor.

GRAHAM: I think what Obama did was throw a pebble. I'm ready to throw a rock. Would I be justified as a United States Senator, taking your information about Russia's involvement in our election and what they're doing throughout the world and be more aggressive than President Obama if I chose to?

CLAPPER: That's your choice, Senator.

GRAHAM: Do you think he was -- he was justified in imposing new sanctions based on what Russia did?


GRAHAM: OK. So, to those of you who want to throw rocks, you're gonna get a chance here soon. And if we don't throw rocks, we're gonna make a huge mistake.

Admiral Rogers, is this gonna stop until we make the cost higher?

ROGERS: We have got to change the dynamic here because we're on the wrong end of the cost equation.

GRAHAM: Yeah, you got that right. Could it be Republicans next elections?

ROGERS: Could -- this is not about parties per se.

GRAHAM: Yeah, it's not like we're so...


GRAHAM: ... much better at cybersecurity than Democrats, right.

Now, I don't know what Putin was up to, but I don't remember anything about Trump in the election. Now, if Trump goes after the Iranians, which I hope he will, are they capable of doing this?

ROGERS: They clearly have a range of cyber capability. And they have been willing to go offensively both -- we've seen that in the United States in the...


GRAHAM: So, if Trump takes on China, which I hope he will, are they capable of doing this?


GRAHAM: OK. So, we got a chance as a nation to lay down a marker for all would-be adversaries. Do you agree with that?

ROGERS: Yes. And I'd be the first to acknowledge we think -- need to think about this broadly.

GRAHAM: Yeah. And we should take that opportunity before it's too late.

ROGERS: Yes, sir. GRAHAM: Do you agree -- agree with me that the foundation of democracy is political parties. And when one political party is compromised, all of us are compromised.

ROGERS: Yes, sir.

GRAHAM: All right. Now, as to what to do. You say you think this was approved at the highest level of government in Russia, generally speaking, is that right?

CLAPPER: That's what we said.