CNN.com - Transcripts

Transcript Providers

Return to Transcripts main page

At This Hour

Sen. John Mcain Holds a Hearing. Aired. 11:30-12p ET

Aired January 05, 2017 - 11:30 ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.

[00:11:30]

highest level of government in Russia, generally speaking, is that right?

CLAPPER: That's what we said.

GRAHAM: OK. Who's the highest level of government?

CLAPPER: Well, the highest is -- is President Putin.

GRAHAM: Do you think a lot happens in Russia, big, that he doesn't know about?

CLAPPER: Not very many.

GRAHAM: Yeah, I don't think so either.

CLAPPER: Certainly none that are politically sensitive in another country.

GRAHAM: OK. Now as we go forward and try to deter this behavior, we're going to need your support, now and in the future. So I want to let the president-elect know that it's OK, to challenge the intel. You are absolutely right to want to do so.

But what I don't want you to do is undermine those who are serving our nation in this arena until you are absolutely sure that they need to be undermined. And, I think they need to be uplifted not undermined.

North Korea, let me give the example of real world stuff that he's going to have to deal with, Trump. Do you believe that North Korea is trying to develop an ICBM to hit the United States or that could be used to hit the United States?

CLAPPER: That could be, yes.

GRAHAM: Do you agree with that Admiral Rogers?

ROGERS: Yes.

GRAHAM: So when the -- or the North Korean leader says that they are close to getting ICBM, he's probably in the realm of truth?

ROGERS: He's certainly working aggressively to do that.

GRAHAM: And, if the president of the United States says it won't happen, he's going to have to come to y'all to figure out how far along they are because you would be his source for how along they are. Is that right?

ROGERS: I'd hope we'd be part of that process. CLAPPER: I'd hope we'd be the source.

GRAHAM: Yeah, I hope he would talk to you too. And, here's what I hope he realizes. That if he has to take action against North Korea, which he may have to do. I intend to support him. But he needs to explain to the American people why. And one of the explanations he'll give is based on what I was told by the people who are in the fight. And, let me tell you this, you don't wear uniforms, but you're in the fight. And, we're in a fight for our lives. I just got back from the Baltics, Ukraine and Georgia, if you think it's bad here, you ought to go there.

So ladies and gentlemen, it is time now not to throw pebbles, but to throw rocks. I wish we were not here. If it were up to me we would all live in peace, but Putin is up to no good and he better be stopped. And, Mr. President-elect, when you listen to these people you can be skeptical but understand they are the best among us and they are trying to protect us.

Thank you all.

MCCAIN: Do you have any response to that diatribe?

(LAUGHTER)

CLAPPER: (OFF-MIKE)

(UNKNOWN): Microphone.

CLAPPER: Senator Graham have had our innings before, but I find myself in complete agreement with what he just said and I appreciate it.

GRAHAM: Thank you.

CLAPPER: Senator -- Chairman McCain, if I might, just pick up on a comment of yours. And, that has to do with the information fight if you will. And, this is strictly personal opinion, not company policy, but I do think that we could do with having a USIA on steroids. United States Information Agency to fight this information war that -- a lot more aggressively than I think we're doing right now.

MCCAIN: You know I agree General and I think one of the areas it's -- where we're lacking and lagging more than any other area is social media. We know these young people in the Baltics are the same as young people here, they get their information off the internet and we have really lagged behind there.

Senator Gillibrand? GILLIBRAND: Thank you, Mr. Chairman, and Mr. Ranking Member for hosting this very important hearing.

I want to follow on some of the questioning that Senator Ernst started concerning the National Guard and cyber. I have been pushing DOD to use the Guard for years, and appreciate that this is beginning to happen. Members of the Guard bring unique skills and capabilities and we should be leveraging them.

Admiral Rogers, I look forward to working with you on how best to do this. Can you tell me whether there has been movement on the Army National Guard Cyber Protection Teams being included in the cyber mission forces?

ROGERS: Yes. And, we've brought two online that have been activated in the last year. Two additional that are coming online in '17, the first of which just came online. So yes ma'am.

GILLIBRAND: And, how much more is left to be done and when do you expect it to be done?

ROGERS: The Guard and the Reserve are bringing on an additional 21 teams. Those will not be directly affiliated with the mission force. But one of the things -- one of the things I think we're going to find over time, the only way to generate more capacity in a resource constrained world, is to view this as an entire pie, not just, "Well, here's one sliced-off area that -- the mission force and here's a separate area (OFF-MIKE)."

[00:11:36:05]

I think what we're gonna be driven to is we're gonna have to look at this as an integrated (ph) whole.

GILLIBRAND: I do too. Because at the end of the day, our Guard and Reserve, they have day jobs and they may be working at Google and Microsoft and Facebook and all these technology companies that have extraordinary skills. And as a way to tap into the best of the best, I think we should look at people who already have these skills, who are already committed to serving our nation as best we can.

ROGERS: Right.

GILLIBRAND: So I appreciate your work.

ROGERS: Yes, ma'am.

And if I could, one area that I'd be interested in your help in, for many employers in the Guard and the Reserve, and I say this as the son of a Guardsman, when I was a kid growing up, they often, sometimes, tend to view that service as something that you do overseas. "Hey, I'm willing to let you go because you're going to Afghanistan and going to Iraq."

And in the world of cyber, we are operating globally from a -- you know, from a garrison, pick the location... (CROSSTALK)

GILLIBRAND: From any location in the world.

ROGERS: ... anywhere, and...

GILLIBRAND: Correct.

ROGERS: So this -- I'm -- I was, this just came up -- General Lengyel and I were just talking about this yesterday, as a matter of fact, where I said one of the things we need to do is educate employers about what is the nature of this dynamic, and it's every bit as relevant as, "Hey, we're sending somebody to Afghanistan or Iraq."

GILLIBRAND: I think that's right.

On a separate topic, but related, I've been long advocating for aggressive development of the manpower that we need to support our cybersecurity mission. In particular, I continue to believe that we have to not only develop the capability in our military and the interest in cyber among young Americans, but that the military must be creative when thinking about recruitment and retention of cyber warriors.

How would you assess our current recruitment and retention of cyber warriors? And what challenges do you foresee in the future, and what recommendations do you have to address them?

Because, obviously, we are competing with some of the most dynamic, innovative companies in the world. But we need them to be our cyber defense and our cyber warriors.

ROGERS: So knock on wood, in the military aspect, we are exceeding both our recruiting and retention expectations. I worry about how long can we sustain that over time under the current model.

My immediate concern is a little less on the uniform side, in part because money -- if money was a primary driver for them, they wouldn't have come to us in the first place.

On the civilian side, however, that's probably my more immediate concern. I'm finding it more challenging -- we're able to recruit well, retaining them over time. I'm really running into this on the NSA side, right now. But how do you retain high-end, very exquisite civilian talent for extended periods of time?

GILLIBRAND: Well, I'd be delighted to work with you over the next year on that.

ROGERS: Yeah.

GILLIBRAND: Director Clapper, I was very interested in your opening remarks and the initial conversation you were having about the Russian hack onto the DNC and to various personnel's e-mails and the question of whether it was a declaration of war.

And -- and given that that is such a serious statement, I wanna ask you, do you think we should take things like the Democrat/Republican Party infrastructure and consider them to be critical infrastructure? Should we actually be looking at our infrastructure differently since -- because of this recent event?

CLAPPER: That's been the subject of discussion about whether, you know, our political infrastructure should be considered critical infrastructure. I know Secretary Johnson's had discussion with state officials about that. There is -- there is some pushback on doing that.

So it's a policy call. Whatever additional protections that such declaration would afford, I think that would be a good thing. But whether or not we should do that or not is really not a call for the intelligence community to make.

GILLIBRAND: Well, I hope it's one that the members here in this committee will discuss, because, if it is -- if it does result in such a grave intrusion, maybe it should be critical infrastructure. And certainly, politics and political parties are not set up that way. And so it would be quite a significant change.

Thank you.

MCCAIN: Director Clapper has to leave in about 20 minutes, so we will enforce the crime -- the time...

(LAUGHTER)

... the time.

Senator Tillis?

TILLIS: Thank you, Mr. Chair.

And, gentlemen, thank you all for your service. I, for one, have high confidence in the community that you represent, and I hope that they recognize that I speak for most of the senators here that share the same view.

TILLIS: Director Clapper, I'm gonna spend most my time probably reflecting on some of the comments that you've made. The glass house comment is something I think's very important.

[00:11:40:12]

There's been research done by a professor up at Carnegie Mulligan -- Mellon that's estimated that the United States has been involved in one way or another in 81 different elections since World War II. That doesn't include coups or regime changes, so tangible evidence where we've tried to effect an outcome to our purpose.

Russia's done it some 36 times. In fact, when Russia apparently was trying to influence our election, we had the Israelis accusing us of trying to influence their election.

So, I'm not here to talk about that, but I am here to say that we live in a big glass house and there are a lot of rocks to throw. And I think that that -- that's consistent with what you said on other matters.

I want to get back to the purpose of the meeting, the foreign cyber threats. I think Admiral Rogers and Director Clapper, you all have this very difficult thing to communicate to policy people who may not have subject matter expertise in this space.

For example, Director Clapper, you were saying that one of the problems with a counterattack -- I think it was you; it could have been Admiral Rogers -- is that you may have to use an asset that's actually a presence on some other nation where that nation may or may not know that we have a presence there.

In fact, we have presences across cyberspace that are not known, that as a part of the counterattack -- that part of the counterattack could be nothing more than exposing our presences, because we know a lot of our adversaries may or may not be aware of presences that we have out there in appropriate locations. Is that correct?

CLAPPER: Yes.

And I think you've succinctly illustrated the complexities that you run into here.

TILLIS: So that is why, as thrilling as somebody who's written the precursors to phishing code before and stolen passwords as part of ethical hack testing, so I was paid to do this, that underscores the need for us to really be educated about the nature of this battlespace and how more often than not it's probably more prudent to seek a response that isn't a cyber response given the fluid nature.

I mean, we're in an environment now where we build -- we see a threat and we build a weapon system. It's on the water, it's in the air, it's on the ground. And then we kind of counter that threat and we come up with war plans to use that capability.

In cyberspace, major weapons systems get created in 24-hour cycles. You have no earthly idea whether or not you have a defensive capability against them.

So, if you all of a sudden think, "Let's go declare war in cyberspace," be careful what you ask for, because collectively, you could have -- there are 30 nations right now that have some level of cyber capability. There are four or five of them that are near-peer to the United States. There are two or three that I think are very threatening, and in some cases probably have superior capabilities to us in terms of presences. Maybe not as sophisticated but potentially, in a cyber context, more lethal.

So, I think, you know, there are a lot of questions -- one of the beauties of being a freshman -- I guess now I'm not a freshman -- being at the end of the dais, all the good questions have been asked.

(LAUGHTER) But one of the things that I would suggest that we do, is we as members really get educated on the nature of this threat and the manner in which we go about fighting it and understanding that the -- the iterative nature of weapons creations on the internet are unlike anything we've seen in recorded human history for warfare. And we need to understand that.

We also need to understand what the rules of engagement are going to be and how future AUMFs actually include a specific treatment for behaviors that are considered acts of war and then a whole litany of things that we should do for appropriate responses so that we can begin to make more tangible the consequences of inappropriate behavior in cyberspace.

And so that's not so much a diatribe but it probably is a speech, Mr. Chair.

The last thing I'll leave you with is, Admiral Rogers, I'd like for my office to get with you and continue to talk about how we get these bright people retained and recruited to stay up to speed with developing these threats. We need to understand that they are -- they are the secret to creating these weapons systems to counter the malicious acts like Russia, China, Iran and a number of other nations that are trying to develop against us.

Thank you.

MCCAIN: Senator Hirono?

HIRONO: Thank you, Mr. Chairman.

And thank you, gentlemen, for your service.

I -- I think it's clear that we have tremendous concerns about the Russian hacking in our elections. And I think it's more than ironic that we have a president-elect who kept talking about our elections being rigged, which I would consider trying to interfere with our elections to be a part of a rigged kind of an election. At the same time, he denied Russians' -- Russia's activities in this regard.

[00:11:45:07]

As some of this was already touched on, regarding the president- elect's attitude towards the intelligence community, the morale that -- the impact on morale.

So, going forward, as we are challenged by the need to have more cyber-aware or skilled cyber workforce, if this attitude toward the intelligence community doesn't change on the part of decision-makers, including the president, would you agree that it would make it that much harder, Director Clapper and Admiral Rogers, to attract the kind of cyber-experienced workforce that we need to protect our country?

CLAPPER: Well, it could.

I don't know that we could say it's -- the -- all -- some of these statements have had any impact on recruiting...

HIRONO: Or retention.

CLAPPER: It could. I think it could.

On retention, I think -- just maybe embellish what Admiral Rogers was saying, I do think that consideration needs to be given to having more flexibility, more latitude on compensation for our high-end cyber specialists who are lured away by industry, who're paying huge salaries. That's not why you're in the government, not why you serve in the intelligence community is not, obviously, for money.

But I do think that in those highly technical, high-end skill sets that we -- we badly need in the government, in the intelligence community, that it would be helpful to have more latitude on compensation as Mike was...

ROGERS: And I would agree...

HIRONO: Very briefly.

ROGERS: ... that both of these individuals (inaudible) within the last 24 hours (inaudible) using my authority as the director of NSA, I am going to authorize the following increased compensations for the high-end cyber part of our workforce, because I am just watching the loss (ph)...

HIRONO: Yes, of course.

And it's not just compensation that attracts people to what we're doing in our intelligence community, because service to the country is a very important motivation and, of course, I would think that morale would be very much attendant to that.

There was some discussion about what would constitute in the cyber arena an act of war. And, Director Clapper, I note in your testimony that I think that this is one of the reasons that we want to develop international norms in this arena.

So, who should be the key players in developing and agreeing to these international norms in the cyber arena?

And if the big players are U.S., China, Russia, if we don't have those players at the table to come up with these international norms, how realistic is it to develop and -- and adhere?

CLAPPER: Well, that's exactly the challenge. And those are the key nation-states that would need to engage.

And there has been work done under the auspice of the United Nations to attempt to come up with cyber norms but I think we're a ways away from those having -- having impact.

HIRONO: Would you agree, Admiral Rogers?

ROGERS: Yes, ma'am.

HIRONO: Turning to the awareness of the public as to the extent of the threat, a 2016 opinion piece by two members of the 9/11 Commission, basically they said that the most important thing government and leaders in the private sector can do is to clearly explain how severe this threat is and what the stakes are for the country.

So, Director Clapper, do you think that the general public understands the severity of the cyber threat and the stakes for the country?

And what should Americans keep in mind with regard to this threat? And what can ordinary Americans do to contend with this threat?

CLAPPER: I think there's always room for more -- more education. And certainly we have a role to play in the intelligence community in sharing as much information as we can on threats posed by both nation- states as well as non-nation-states.

And I think there are simple things that Americans can do to protect themselves. You know, be aware of the threat posed by spear phishing, for example, which is a very common tactic that's used yet today. We have a challenge in the government getting our people to respond appropriately to cyber threats.

So this is one case where communicate, communicate, communicate is -- is the watch word.

[00:11:50:00]

MCCAIN: Senator Cruz?

CRUZ: Thank you, Mr. Chairman.

Gentlemen, thank you for being here. Thank you for your service to our nation.

The topic of this hearing, cybersecurity, cyber attacks, is a growing threat to this country and one that I think will only become greater in the years ahead. We have seen in recent years, serious attacks from among others, Russia, China, North Korea.

Indeed it is with some irony, I spent a number of years in the private sector and to the best of my knowledge never had my information hacked and then all I had to was get elected to the United States Senate and the office of personnel management was promptly hacked and everyone on this bench had our information stolen by a -- by a foreign assault.

My question, Admiral Rogers, starting with you is, what do you see as the greatest cybersecurity threats facing our country and what specifically should we be doing about it to protect ourselves?

ROGERS: So a small question. (LAUGHTER)

When I look at the challenges and the threats, it's in no particular order. Significant extraction of information and insight that is generating economic advantage for others, that is a routine (ph) operational advantage at times for us as a nation. That is as you have seen in this Russian piece where not just the extraction, but then the use of this information as a whole other dimension.

And what concerns me beyond all that is, what happens if we start to move in an environment in which, not only is information being, I've heard some people use the phrase weaponized, what happens when now we start peoples -- we see people suddenly manipulating our network, so we can't believe that data that we're looking at.

That would be a real fundamental game changer to me and to me it's only a question of the when, not the if this is going to happen. And what happens when the non-state actor decides that cyber offers an asymmetric advantage to them because their sense of risk and their willingness to destroy the status quo is significantly different and greater than a typical nation state. Those are the kinds of long-term things.

So as we've talked about more broadly today, we've gotta get better on the defensive side. Because part of deterrence is making it harder for them to succeed, I acknowledge that. But a defensive strategy alone isn't going to work. It is a resource intensive approach to doing business and it puts us on the wrong end of the cost equation. That's a losing strategy for us, but it is a component of the strategy.

We have got to ask ourselves, how do we change this broader dynamic to go to the point you've heard repeatedly today, how do we convince nations and other actors out there that there's a price to pay for this behavior. That in fact it is not in your best interest...

CRUZ: And what should that price be?

ROGERS: Oh, it's a wide -- it's a wide range of things here. There's no one silver bullet, which is another point I would make. If we're looking for the perfect solution, there isn't one. This will be a variety of incremental solutions and efforts that are going to play out over time. There is no one single approach here.

CRUZ: Wow, and your point about manipulating data, about a month ago I chaired a different committee -- a hearing on artificial intelligence and our growing -- economies growing reliance on artificial intelligence and one of the things that the witnesses testified there was concern on the cybersecurity side of a hack that would modify the big data that is being relied on for artificial intelligence to change the decision making in a way that no one's even aware it's been changed and I think that's a -- a threat.

I hope that -- that y'all are examining closely and it's the sort of threat that could have significant repercussions without anyone even being aware that it's happening.

Let me shift to a -- to a different topic. Director Clapper, you've testified before this committee that Cuba's an intelligence threat on -- on par with Iran and listed below only Russia and China. And there're reports that the Lourdes, the Russian operated signal intelligence base in Cuba, will be reopened and then additionally this past summer Russia and Nicaragua struck a deal to increase military and intelligence cooperation.

And resulting in an influx of Russian tanks into Managua and a agreement to build an electronic intelligence base which maybe disguises satellite navigation tracking station. To the best of your knowledge, what is Russia's strategy in the Western Hemisphere and how are concerned are you about the Russians expanding their influence in Cuba and Nicaragua?

CLAPPER: Well, the Russians are bent on establishing both a presence in -- in the Western Hemisphere and they're looking for opportunities to expand military corporation, sell equipment, air bases, as well as intelligence-gathering facilities. And so it's just another extension of their aggressiveness in pursuing these interests.

[00:11:55:07]

And with respect to Cuba, Cuba's always had a long-standing very capable intelligence capabilities. And I don't see a reduction of that of -- of -- of those capabilities.

CRUZ: Thank you.

MCCAIN: (OFF-MIKE)

KAINE: Thank you, Mr. Chair.

And thanks to the witnesses for today and for your service.

And, Mr. Chair, I appreciate you calling this hearing. I think hearing is a test of this body, the Article I branch, Congress, this hearing and others to follow.

I was chairman of the Democratic National Committee for a couple of years. And we had a file cabinet in the basement that had a plaque over it. It was a file cabinet that was rifled by burglars in an invasion of the Democratic National Committee in 1972. It was a bungled effort to take some files and plant some listening devices.

That small event led to one of the most searching and momentous congressional inquiries in the history of this country. It was not partisan.

One of the leaders of the congressional investigation was a great Virginian, Caldwell Butler -- who was my father-in-law's law partner in Roanoke, Virginia, before he went to Congress -- played a major role.

It was not an investigation driven because something affected the election. The 1972 presidential election was the most one-sided in the modern era.

But it was a high moment for Congress because Congress in a bipartisan way stood for the principle that you couldn't undertake efforts to influence an American presidential election and have there be no consequence. The item that we'll discuss and we'll discuss more when the hearing comes out is -- is different. That was a -- a -- a burglary of a party headquarters that was directed to some degree from the office of the president. But this is very serious.

The combined intelligence of this country has concluded that efforts were undertaken to influence an election by and adversary, an adversary that General Joe Dunford, the head of the Joint Chiefs of Staff, said in testimony before this hearing was the -- in his view, the principal adversary of the United States at this point. In addition, the attack was not just a party headquarters.

The October 7 letter that you've referred to talked about attacks on individuals, current and former public officials of -- with significant positions, and also attacks on State Boards of elections. The letter of October 7 traced those attacks to Russian entities -- Russian companies and didn't ascribe at least in that letter that -- to directed by the Russian government. But I'm curious about what the full report will show.

It is my hope that this Congress is willing to stand in a bipartisan way for the integrity of the American electoral process and will show the same backbone and determination to get all the facts and get them on the table as the Congress did in 1974. There was another Congressional inquiry that was directed after the attacks on 9/11.

And there was a powerful phrase in that report that I just want to read. The commission concluded quote, "The most important failure was one of imagination. We do not believe leaders understood the gravity of the threat." And that's something I think we'll all have to grapple with.

Did we have sufficient warning signs? I think we did. And having had sufficient warning signs, why did we not take it more seriously?

That question is every bit as important as a question about what a foreign government, an adversary did and how we can stop it from happening.

Three quick points. One, is the report next week that's gonna be issued not solely going to be confined to issues of hacking, but also get into the dimension of this dissemination of fake news? Will that be one of the subject matters covered?

CLAPPER: Without preempting the report, we will describe the -- the full range of activities that the Russians undertook.

KAINE: I think that is incredibly important.

You know, I had a little role in this election. I was along for the ride for 105 days and was the subject of a couple of fake news stories. And it was interesting.

There were at least three that the mainstream media didn't cover because they were so incredible that like, why would they? But I looked at one of the stories that had been shared 800,000 times.

KAINE: And when I see an administration who is put in place as the proposed national security adviser, someone who traffics in these fake news stories and re-tweets them and shares them, who betrays a sense of either gullibility or malice that would kind of be -- that these are stories that most fourth graders would find incredible that a national security adviser would find them believable enough to share them causes me great concern.