Return to Transcripts main page
Armed Services Committee Holds Hearing on Cyber Threats. Aired 10:30-11a ET
Aired January 5, 2017 - 10:30 ET
THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.
[10:30:10] SEN. ROGER WICKER, (RD) MISSISSIPPI: Secretary Lettre mentioned that we should impose costs and perhaps after you answer I can ask him to expound on that also.
JAMES R. CLAPPER JR., DIRECTOR OF NATIONAL INTELLIGENCE : Well, we have had many discussions in the White House situation room that deputies committee, principals (ph) committee and NSE meetings about what to do when we have these attacks. I think this -- the Sony attack by the North Koreans is a case in point.
And there you get into the complexities of -- do you launch a counter cyber -- a counter cyber attack and your -- want to be careful here, but you have to use some other nations infrastructure in order to mount that attack. And, that gets into as I have learned complex legal issues involving international law. And, so the judgment was to impose some other cost other than a direct cyber retaliation.
WICKER: Did you recommend that the president's sanctions was -- were his actions in response to the Russian hacking part of your recommendation or did that come from someone else?
CLAPPER: Oh that was -- well, without going into internal decision making, I think that was a, you know, it was a consensus interagency view.
WICKER: Secretary Lettre, what about -- what about imposing costs? What did -- what did you mean by that?
MARCEL LETTRE, UNDERSECRETARY OF DEFENSE FOR INTELLIGENCE, DEPARTMENT OF DEFENSE: Well, as part of an approach that -- to
deterrence that takes each case as it comes up, case by case. We need to look at ways to respond -- first deter and then respond to attacks at a time and a place of our choosing that favors advantages that we have as we use all of the instruments available.
So we look to deny objectives and then impose costs as you indicated Senator. Imposing costs really can come from things like -- were announced last week with the sanctions that were applied in the case of the Russian hacking situation. But they can go more broadly than that.
From the militaries perspective, we're concerned, not just about Russia's cyber hacking, but also about a range of aggressive actions by Russia across multiple regions in the globe. And, so we look to impose costs on Russia by a range of measures across multiple regions in partnership with our allies, through NATO, where we can -- to push back on Russian actions and deter future aggressive actions. So that's a bit of what we mean by imposing costs here.
WICKER: Thank you.
SEN. JOHN MCCAIN, (R) ARIZONA: It seems that every attack is handled on a case by case basis and that's not a strategy.
SEN. CLAIRE MCCASKILL, (D) MISSOURI: Thank you.
I know this is probably confuse you a little bit General Clapper, but review again how long you have been working in intelligence?
CLAPPER: I started in 1963, so.
MCCASKILL: And, you enlisted in '63 correct?
CLAPPER: No I enlisted in the Marine Corp in 1961.
MCCASKILL: And, then transferred to the Air Force?
MCCASKILL: And you flew combat -- support for combat missions in Vietnam?
CLAPPER: I did two tours in Southeast Asia, one in Vietnam in 1965 and '66. And, then I was stationed in Thailand flying reconnaissance missions over Laos and Cambodia in 1970 and '71.
MCCASKILL: And, would you say that your experience in the military and especially your service for the government has always been for either political party and apolitical in terms of your mission and your job?
CLAPPER: Absolutely. I have served -- I toiled in the trenches in intelligence for every president since President Kennedy. I have served as a political appointee in both Republican and Democratic administrations.
MCCASKILL: Would say that ...
CLAPPER: So I am -- I am apolitical.
MCCASKILL: And by the way -- there are -- without getting into classified information, there are thousands of men and women who are working in the intelligence community right now, General Clapper, correct?
MCCASKILL: And, would you say that their experience in many instances mirrors yours? In terms of military experience, many of them being either active military or retired military?
[10:35:05] CLAPPER: Yes, a large part of the intelligence community work force, are military. And of course there are many former military, either those who completed full careers or those who served enlistments or briefly and then came to the intelligence community as civilians.
MCCASKILL: Would you think it any less important that we maintain the intelligence community as foundational apolitical block of our country in terms of its protection?
CLAPPER: I -- I could not feel stronger about exactly that. I think it's hugely important that the intelligence community conduct itself and be seen as independent, providing unvarnished, untainted, objective, accurate and timely relevant intelligence support to all policy makers, commanders, diplomats, et cetera.
MCCASKILL: Do, in fact, the intelligence community -- members of the intelligence community engage in life-threatening and very dangerous missions every day particularly as it relates to the war on terror?
CLAPPER: You only need to walk into the lobby CIA and look at the stars on the wall or the front lobby of NSA and a number of intelligence people that have paid the ultimate price in the service of their country.
MCCASKILL: So let's talk about who benefits from a president- elect trashing the intelligence community. Who benefits from that Director Clapper, the American people? Them losing confidence in the intelligence community and the work of the intelligence community. Who -- who actually is the benefactor of someone who is about to become commander-in-chief trashing the intelligence community?
CLAPPER: I think there is an important distinction here between healthy skepticism, which policy makers -- to include policy maker number one -- should always have for intelligence, but I think there's a difference between skepticism and disparagement.
MCCASKILL: And I assume that the biggest benefactors of the American people having less confidence in the intelligence community are, in fact, the actors you have named today; Iran, North Korea, China, Russia and ISIS.
CLAPPER: The intelligence community is not perfect. We are an organization of human beings and we're prone, sometimes, to make errors. I don't think the intelligence community gets the credit it's due for what it does day in and day out to keep this nation safe and secure and a number of plots to -- just one example, terrorist plots that have been thwarted. Both those focused on this country and other countries.
MCCASKILL: I just -- I wanna thank the Chairman and I want to thank Senator Graham and others. There have been others I can count on maybe a little bit more than one hand who have stood up in a non- political way to defend the intelligence community over the last few weeks.
The notion that the elected -- soon elected leader of this country would put Julian Assange on a pedestal compared to the men and women of the intelligence community and the military that is so deeply embedded in the intelligence community, I think it should bring about a hue and cry no matter whether you're a Republican or a Democrat, there should be howls.
And mark my word, if the roles were reversed, there would be howls from the Republican side of the aisle. Thank you, Mr. Chairman.
MCCAIN: Thank you for that non-partisan comment.
Director Clapper, how would you describe Mr. Assange?
CLAPPER: How would I describe...
MCCAIN: Mr. Assange?
CLAPPER: Well, he's holed up in the Ecuadoran embassy in London because he's under indictment, I believe, by the Swedish government for a sexual crime. He has -- in the interest of -- ostensibly opened this in transparency. He exposed -- and his prior exposures put people at risk by his doing that.
So I don't think those with the intelligence community have a whole lot of respect for him.
ADMIRAL MICHAEL S. ROGERS (USN), DIRECTOR, NATIONAL SECURITY AGENCY,
COMMANDER, U.S. CYBER COMMAND: I would add to those comments.
MCCAIN: Thank you.
SEN. DEB FISCHER, (R) NEBRASKA.: Thank you, Mr. Chairman.
And thank you, gentlemen, for being here today and I do thank you for your service.
[10:40:00] Gentlemen, as you all know, about a year ago Congress passed the Cybersecurity Information Sharing Act. And Director Clapper, could you comment on what steps have been taken to implement the act, in particular to provide cyber threat information in the possession of the federal government to non-government entities?
CLAPPER: There's been a lot of work done and this is principally through both the FBI and Department of Homeland Security to share more broadly with the private sector. This is -- prior to the enactment of this act, I think that this has been a theme that we have all worked -- worked hard, certainly one of the reasons for the creation of the Office of Director of National Intelligence was to assume a domestic role as well and to promote sharing as much as we can.
I think a lot of improvement has been made as I look back over the last 15 years, but there is more work to do. So we have done a lot of work with -- for example fusion centers, the 76 or so fusion centers that exist throughout the country to convey more information to them.
I have a network of 12 domestic DNI reps, Director of National Intelligence representatives, which are FBI special agents in charge, and we work through them -- those instrumentalities on a regional basis to convey more information, particularly on cyber threats to the private -- to state local officials as well as the private sector.
FISCHER: Thank you sir.
And Admiral Rogers, what is your assessment of the current state of information sharing between the government and private sector, especially regarding cybersecurity threats. And more importantly, what is the appropriate level of expectation to have with respect to that information sharing?
ROGERS: So, in some ways I characterize it as uneven. Some sector relationships -- as you heard General Clapper talk about the 16 sectors within the critical infrastructure of our nation. Some sectors, the relationship is very mature, information tends to flow very regularly. Other sectors it's not quite as mature. I think the positive side is with the legislation we now developed a frame work for how we do it.
I still am concerned on the government side -- I'll only speak for NSA and cyber command -- on the government side, I'm not entirely comfortable that the products that I am generating are optimized to achieve outcomes for our, you know, private counter parts. I'm always trying to mind our team. Our success needs to be defined by the (inaudible) not about what we think is the right format or the right things to share.
FISCHER: You think there's any additional legislation that's going to be required that -- I guess I'm asking, what do you need? Do you think there's proper authorities that are currently in place or do we need new legislation or do you -- do you guys just need to improve on your execution of it?
ROGERS: Probably all of the above, to be very honest. I look at -- what are the changes that we're gonna need collectively to create the workforce of the future? Does the current structure I work within a DOD and an intel framework, but I would argue this is kind of universal. It doesn't matter where you're working, when is the structure, what's the recruitment and the benefit process that we need to retain and attract a workforce?
I'm curious with a new administration coming in, their broad view of roles and responsibilities. Are they comfortable with the current structure? Will their view be that we need to fundamentally relook at something different? I'd be the first to acknowledge as I previously said this morning -- we have got to get faster. We have got to get faster.
FISCHER: You know you've talked about case by case and the ad hoc nature of the -- our policies when it comes to cyber space before this committee, manym many times. And, that's been an issue that this committee and the ETC Subcommittee in particular has tried to address by requiring strategies so that we can deter these hostile actors and delegations of authority, a definition of what an act of war in cyber space is.
You know we can go on and on. The chairman just mentioned, we don't have a strategy. Some of us just don't feel there's -- there's a strategy that's laid out there.
When you talk about speed and dealing with cyber attacks, I assume you are just referring to our -- our agencies and -- and responding to attack that is directly upon us.
[10:45:07] Do you think there needs to be any kind of consensus building on the international stage with our allies in order to increase speed or would that delay it even more trying to run this through -- through channels and trying to respond quickly?
Do we reach -- do we reach out to allies, or do we perform our first duty in protecting this country?
ROGERS: So we routinely do that now. You clearly have highlighted it's a bit of a double edged sword. But it goes to the point from my perspective; cyber just doesn't recognize many of these boundaries. And so when you're trying to deal with an incident, is this something that is truly totally domestic or has it originated from somewhere external derivation (ph)?
What kind of infrastructure did it pass through? There's a whole lot of complexity to this, so I -- I apologize. It's not a simple binary choice there, even as I acknowledge there are tradeoffs.
FISCHER: Thank you.
Thank you, Mr. Chair.
SEN. RICHARD BLUMENTHAL, (D) CONNECTICUT: Thanks Mr. Chairman.
I want to join Senator McCaskill in expressing my appreciation for the service of our intelligence community and to you, Mr. Chairman, for your very strong and courageous statements in support of the work of this committee to give credit and credibility to that intelligence community and to your statements also about the importance of cyber warfare. It's not the first time we've been here on this topic and you
have been resolute and steadfast in seeking to elevate public awareness and public consciousness about the importance of cyber attacks on this country and the threat of cyber warfare. And I want to explore a little bit why these demeaning and dismissive comments about our intelligence community are so dangerous to our nation.
Is it not true, Mr. Clapper, that public support for robust responses to cyber attacks on our nation depends on the credibility of our intelligence community and dismissing the conclusions -- very credible and significant conclusions about the Russian attack, undermines public support for actions that the president must take to deter and punish these kinds of actions?
CLAPPER: I do think that public trust and confidence in the intelligence community is -- is crucial. And both -- both in this country and I think the dependents that other countries -- other nations have, on the U.S. intelligence community. And I've received many expressions of concern from foreign counterparts about the, you know, the disparagement of the U.S. intelligence community, or I -- I should say what has been interpreted as disparagement of the intelligence community.
BLUMENTHAL: Well, there's no question about the disparagement. There's no question about the dismissing and demeaning of the intelligence community entirely unmerited, and would you agree in light of your saying, that you are even more resolute now in your conclusion about Russia involvement in this hacking, that comparing it to the judgment made about weapons of mass destruction in the Iraq situation is totally a red herring, totally wrong?
CLAPPER: I -- yes, I agree with that. I -- my fingerprints were on that national intelligence estimate, I was in the community then. That was 13 years ago. We have done many, many things to improve our processes, particularly with respect to national intelligence estimates, in order to prevent that from happening again. Whatever else you want to say about the intelligence community, it is a learning organization, and we do try to learn lessons.
It's a very difficult business and getting harder all the time. And there will be mistakes, but what we do try to do, as we did after the NIE from October 2002 and weapons of mass destruction in Iraq, was to learn from that, profit and make change. And our posture, with respect -- particularly with respect to very important document, the apex of our product line of national intelligence estimates, there's no -- it's a difference of night and day.
[10:50:10] BLUMENTHAL: I -- I appreciate the extraordinary humility of that statement, especially in light of the excellence and expertise that your organization and you personally have brought to this very, very difficult endeavor to provide and I'm quoting you, I think, "Unvarnished, untainted, timely, accurate information to the most critical national security decision that this nation makes."
And I want to express my appreciation for it and say that I think some of the disparagement has been a terrible disservice to our nation. And to the very brave and courageous men and women, who put their lives at risk so that this nation can be better informed in using our military and other force.
So I hope that we will see a change. And -- and also, join the chairman in saying that we need better policies on what constitutes a cyber attack on this nation and provide a more robust response, for example, against the Russians, not necessarily in cyber, but to impose stronger sanctions on their oil exports, on their use of foreign exchange.
The response to cyber attacks need not be one in the cyber domain. And in fact, might be even more effective if it hits their economy and their pocketbook and their livelihoods.
So Mr. Undersecretary, I appreciate your comments in that regard, I don't know whether you wanna comment in response to what I've said. And I'm out of time, so maybe we can get that in writing.
LETTRE: Mr. Blumenthal, I do wanna thank you on behalf of all the women and men of the intelligence community, I wanna thank you for that.
BLUMENTHAL: Thank you.
SEN. TOM COTTON, (R) ARKANSAS Thank you all for appearing before us and Mr. Secretary, Director Clapper, since this is your final appearance, I know you hope.
Thank you very much for your many years of service, Director Clapper, particularly you. I'll add my voice to Senators Blumenthal and McCaskill of my administration for the men and women in our intelligence agencies.
I've had a chance as a member of the intelligence committee to meet them here at hearings and at their headquarters and around the world. And they don't get the credit they often deserve.
The troops that we help provide for in this committee usually do because they wear uniforms and they're known in public, but intelligence officers don't wear uniforms and they're frequently undercover. So I wanna express my admiration and deepest respect and gratitude for what they do.
We've heard a lot of imprecise language here today and it's been in the media, as well, phrases like, hacked the election, undermine democracy, intervened in election. So I wanna be more precise, here.
Director Clapper, let's go to the October 7th statement. That says, quote, "The recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations was directed by the Russian government." Are we talking there, specifically, about the hack of the DNC and the hack of John Podesta's e-mails?
COTTON: Are we talking about anything else?
CLAPPER: Well, that was essentially at the time, what we were talking about.
COTTON: At the time, then, we -- it says that the recent disclosures through websites like DC Leaks and WikiLeaks, are consistent with the methods and motivations of Russian-directed efforts.
DNC e-mails were leaked first, I believe in July. Is that what the statement is talking about there?
CLAPPER: I believe so.
COTTON: Mr. Podesta's e-mails, I believe, were not leaked until that very day on October 7th, so was the statement referring to that yet or was that not intended to be included?
CLAPPER: I'd have to research the exact chronology of when John Podesta's e-mails were compromised. But I think thought, that -- that bears on my statement that our assessment now is even more resolute than it was with that statement on the 7th of October.
COTTON: Thank you.
Admiral Rogers, in November at the Wall Street Journal forum, you stated quote, "This was a conscious effort by a nation-state to attempt to achieve a specific effect," end quote.
By that, did you also refer to the hack of the DNC, the hack of John Podesta's e-mail and the leaks of those e-mails?
COTTON: Did you refer to anything else besides those two things?
ROGERS: Well, to be honest I don't remember the specifics of that one, particular 30-minute engagement. But clearly, as I said, what I -- what you outlined was part of my thought process.
And then, further on in that statement Director Clapper, the intelligence community says quote, "It would be extremely difficult for someone including a nation-state actor to alter actual ballet counts or election results by cyber attack or intrusion," end quote.
[10:55:02] And you stated that earlier today, as well that we have no evidence that no tallies were altered or manipulated in any way.
CLAPPER: That's correct.
COTTON: OK. So, that's what happened. Let's discuss why.
Director Clapper, in response to Senator Nelson, you stated that your report soon to be released will discuss the motive. Would you care to give any kind of preview today?
CLAPPER: I'd rather not.
COTTON: I didn't think so.
CLAPPER: There are actually more than one motive, so that -- that'll be described in the report.
COTTON: In your 53 years of intelligence, is ascertaining the motives, plans and intentions of foreign leaders among the hardest tasks that we ask our intelligence services to perform?
CLAPPER: It always has been.
COTTON: There's a widespread assumption -- this has been expressed by Secretary Clinton herself since the election -- that Vladimir Putin favored Donald Trump in this election.
Donald Trump has proposed to increase our defense budget, to accelerate nuclear modernization, to accelerate ballistic missile defenses, and to expand and accelerate oil and gas production which would obviously harm Russia's economy. Hillary Clinton opposed or at least was not as enthusiastic about all those measures.
Would each of those put the United States in a stronger strategic position against Russia?
CLAPPER: Certainly anything we do to enhance our military capabilities, absolutely.
COTTON: There is some contrary evidence, despite what the media speculates, that perhaps Donald Trump is not the best candidate for Russia.
OK, so that's what happened. That's why it happened, or at least a preview that we're going to know why it's happened. Let's move on to the impact.
Director Clapper, you said to Senator McCain earlier, quote, "the intelligence community cannot gauge the impact," end quote, on the election.
Is that because that kind of electoral analysis is not a task that's within the traditional responsibility and skill sets of intelligence services?
CLAPPER: That's correct.
COTTON: That's something that's more suited for someone like Sean Trende or Michael Barone or Nate Silver, election analysts that have written extensively on the election?
CLAPPER: Well, it certainly isn't the purview of the U.S. intelligence community.
COTTON: OK, thank you.
SEN. MARTIN HEINRICH, (D) NEW MEXICO: Thank you, Chairman.
Since this will likely be the last hearing that some of you will intend -- attend in front of this committee, I just want to thank you all for your service and thank all the men and women who work for you.
I want to say a special note of gratitude to Director Clapper for 50 years of incredible service to this country.
I think what makes America great has been our ability to elect leaders through a fair, through a peaceful, and a transparent process without fear of rigging or interference in elections. And unfortunately, in this past election, we know that interference occurred.
And when I say "interference," I want to be specific. It's not about someone physically stuffing ballot boxes or someone hacking our electronic voting machines to give one candidate more votes than the other. It's about selectively and deliberately releasing damaging information in hopes of furthering one's strategic objectives; in this case, Russia's strategic objectives.
I believe this is going to happen again unless there is a price to be paid.
This interference impacts the foundation of our democracy, our elections. Which is why I welcome the sanctions against Russia announced by the president and why I believe we need to be evaluating additional Russian sanctions. It's simply too important for both parties and for the future of our country.
Secretary Lettre, given the need for deterrence in this atmosphere, which, as you said, is not always achieved by a cyber response, how important are tools like sanctions to imposing the kind of clear costs that you articulated?
LETTRE: Sanctions are a very useful tool in that toolkit. And I think in the case of the current situation that we find ourselves in, it would be prudent to continue to look at other options to impose more sanctions on -- on Russian actors as the facts continue to develop.
HEINRICH: I would agree with that estimate and I hope that folks on both sides of the aisle will be looking at those additional tools.
For any of you who want to answer this, I'd like to know how -- how is the president-elect's at least inferred dismissive attitude towards the intelligence community broadly impacted morale in your agencies?
CLAPPER: Well, I haven't done a climate survey, but I -- I hardly think it helps it.
HEINRICH: Does anyone want to add to that?
ROGERS: I don't want to lose good, motivated people who want to help serve this nation because they feel they're not generating value to help that nation.
And I'm the first to acknowledge there's room for a wide range of opinions of the results we generate. We don't question that for one minute. And every intelligence professional knows that.