May 09 2017
Washington, D.C. – U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee, delivered the following opening statement today at a hearing on the posture of U.S. Cyber Command:
“The committee meets today for a hearing on the posture of United States Cyber Command. We are pleased to welcome back Admiral Mike Rogers, the Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service. We are grateful for your many years of distinguished service and for your appearance before the committee today.
“Threats to the United States in cyberspace continue to grow in scope and severity. But our nation remains woefully unprepared to address these threats, which will be a defining feature of 21st century warfare.
“As a result, this committee has focused its attention on cybersecurity. We have expressed our concern at the lack of a strategy and policy for addressing our cyber threats. We were hopeful that after years without any serious effort to develop a cyber deterrence policy and strategy from the last administration, the new administration promised one within 90 days of the inauguration. But 90 days have come and gone, and no such policy and strategy has been provided.
“While inaction from the executive branch has been disheartening, this committee has not stood still. In fact, this committee has adopted more than 50 provisions over the past four years focused on organizing, empowering, and enabling the Department of Defense to deter and defend against threats in cyberspace.
“But cyber is an issue that requires an integrated, whole-of-government approach. We simply do not have that now. The very fact that each agency of government believes it is responsible for defending the homeland is emblematic of our dysfunction. We have developed seams that we know our adversaries will use against us, yet we have failed to summon the will to address those seams through reform.
“Our allies, most notably the United Kingdom, have recognized the need for a unified approach. I look forward to hearing from Admiral Rogers his assessment of the recently established National Cyber Security Centre in the UK, and whether a unified model would help address some of our deficiencies here in the United States.
“The Coast Guard also presents an interesting model that should be evaluated for addressing some of our cyber deficiencies. The Coast Guard has an interesting mix of authorities that may be just as applicable in cyberspace as they are in territorial waters. They are both an agency within the Department of Homeland Security as well as a branch of the Armed Services. They can operate both within the United States and internationally and can seamlessly transition from law enforcement to military authorities. A cyber analogue to the Coast Guard could be a powerful tool for addressing the gaps that impede our existing organizational structure. It could also serve as a much-needed cyber first response team, responsible for immediate triage and hand-off to the appropriate federal entity for further response, remediation, or law enforcement action.
“As for the efforts at the Department of Defense, I understand that Cyber Command is still on track to reaching Full Operational Capability for the training of the Cyber Mission Force in the fall of 2018. But unless we see dramatic changes in future budgets, I am concerned these forces will lack the tools required to protect, deter, and respond to malicious cyber behavior. In short, unless the services begin to prioritize and deliver the cyber weapons systems necessary to fight in cyberspace, we are heading down the path to a hollow cyber force.
“I also am concerned with the apparent lack of trained people ready to replace individuals at the conclusion of their first assignments on the Cyber Mission Force. Unfortunately, we have already heard about some puzzling issues. Specifically, out of the 127 Air Force cyber officers that completed their first tour on the cyber mission force, none went back to a cyber-related job. That is unacceptable and suggests a troubling lack of focus. It should be obvious the development of a steady pipeline of new talent and the retention of the ones we have trained already is essential to the success of the Cyber Mission Force.
“Admiral Rogers, we look to you to help us better understand if we should take a closer look at if the existing man, train, and equip roles of the services are sufficient or if we should consider a different model. Later this week we plan to have another cyber hearing with outside experts of which we plan to ask if we should be considering the creation of a Cyber Service.
“Admiral Rogers, we clearly have a lot to discuss. I thank you again for your willingness to appear today.”