CONTENTS CHRONOLOGICAL LIST OF WITNESSES CYBER SECURITY AND CRITICAL INFRASTRUCTURE PROTECTION MARCH 1, 2000 Page Money, Hon. Arthur L., Assistant Secretary of Defense for Command, Control, 7 Vatis, Michael A., Deputy Assistant Director and Chief, National Infrastruc- Campbell, Maj. Gen. John H., U.S. Air Force, Vice Director, Defense Informa- Cross, Stephen E., Director, Software Engineering Institute, Carnegie Mellon Faga, Martin C., Executive Vice President and General Manager, The Mitre COOPERATIVE THREAT REDUCTION PROGRAM AND THE DEPARTMENT OF ENERGY'S 11 36 39 68 MARCH 6, 2000 Johnson, Harold J., Associate Director for International Relations and Trade Koch, Susan J., Deputy Assistant Secretary of Defense for Threat Reduction Gottemoeller, Rose E., Assistant Secretary of Energy for Nonproliferation THE DEFENSE SCIENCE AND TECHNOLOGY PROGRAM Carter, Ashton B., Professor of Science and International Affairs, Harvard 194 Gansler, Jacques S., Under Secretary, Acquisition, Technology and Logistics, 251 Etter, Delores M., Deputy Under Secretary, Science and Technology, Depart- 269 Hoeper, Hon. Paul J., Assistant Secretary of the Army for Research, Develop- 282 Buchanan, Dr. H. Lee, III, Assistant Secretary of the Navy for Research, Delaney, Hon. Lawrence J., Assistant Secretary of the Air Force for Acquisi- 288 306 Fernandez, Dr. Frank L., Director of the Defense Advanced Research Projects 315 POLICIES AND PROGRAMS TO COMBAT TERRORISM MARCH 24, 2000 Page Sheridan, Hon. Brian E., Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict Berkowsky, Pamela B., Assistant to the Secretary of Defense for Civil Support Cragin, Charles L., Principal Deputy Assistant Secretary of Defense for Reserve Affairs 386 393 397 Gehman, Adm. Harold W., Jr., USN, Commander in Chief, U.S. Joint Forces 399 JOINT REQUIREMENTS CAPABILITIES AND EXPERIMENTATION APRIL 4, 2000 Myers, Gen. Richard B., USAF, Vice Chairman, Joint Chiefs of Staff 457 460 DEPARTMENT OF DEFENSE AUTHORIZATION FOR APPROPRIATIONS FOR FISCAL YEAR 2001 AND THE FUTURE YEARS DEFENSE PROGRAM The subcommittee met, pursuant to notice, at 4:04 p.m. in room SR-222, Russell Senate Office Building, Senator Pat Roberts (chairman of the subcommittee) presiding. Committee members present: Senators Roberts (presiding) and Santorum. Professional staff members present: Charles W. Alsup, Pamela L. Farrell, and Eric H. Thoemmes. Minority staff member present: Creighton Greene, professional staff member. Staff assistants present: Sharen E. Reaves and Suzanne K.L. Ross. Committee members' assistants present: Walter E. (Skip) Fischer, assistant to Senator McCain; George M. Bernier III, assistant to Senator Santorum; Robert Alan McCurry, assistant to Senator Roberts; Arch Galloway, assistant to Senator Sessions; Menda S. Fife, assistant to Senator Kennedy; and G. Wayne Glass, assistant to Senator Bingaman. OPENING STATEMENT OF SENATOR PAT ROBERTS, CHAIRMAN Senator ROBERTS. The subcommittee will come to order. The Subcommittee on Emerging Threats and Capabilities will now continue to receive testimony on cyber security and critical infrastructure protection. We have just received a classified briefing on the information warfare threat that faces our country, with particular emphasis on the threat that faces the Department of Defense. Let me reiterate my welcome to our witnesses: The Hon. Arthur L. Money, the Assistant Secretary of Defense for Command, Control, and Communications and Intelligence; Maj. Gen. Thomas B. Goslin, Jr., the Director of Operations at U.S. Space Command; Maj. Gen. John H. Campbell, the Director of the Joint Task Force for Computer Network Defense; and Michael A. Vatis, the Director of the FBI National Infrastructure Protection Center. Now, following our first panel we will hear from Stephen E. Cross, Director of the Software Engineering Institute at Carnegie Mellon University; and, Martin C. Faga, Executive Vice President and General Manager of the MITRE Corporation. Both of these distinguished gentlemen have extensive experience in government and are responsible for running important federally funded research and development centers specializing in information systems security and information assurance. Last March, the subcommittee held a hearing on information warfare and critical infrastructure protection. In the intervening year the threat has continued to grow, and that is probably the understatement of the hearing. Fortunately, our capabilities and organizations for dealing with this threat have also improved. What we hope to find out today is whether we are gaining ground on the threat or falling behind in this race. Last year, the subcommittee held extensive testimony from expert witnesses, several of whom are again here today, on how the Department of Defense and the rest of the Federal Government is implementing Presidential Decision Directive 63. This directive sets forth broad policy and organizational guidelines for cyber security in the government, and between the government and the private sector. Recently the President released a new national plan for information systems protection. I look forward to hearing the views from both of our panels on this plan and what they are doing to implement it. At last year's hearing, Secretary Money, you identified a rather significant list of funding shortfalls facing the Department of Defense in its attempt to secure the Department's information systems. I look forward to hearing from you today on the status of this effort, how your fiscal year 2001 budget request addresses the problems you raised last year, and whether or not you still face the funding shortfalls. Last year, Mr. Vatis provided the subcommittee an extremely useful overview of the National Infrastructure and Protection Center, the unique authorities that it does possess for dealing with information warfare threats, and how it is dealing with the Department of Defense in this effort. I look forward to receiving an update on what we call the NIPC. Finally, I look forward to hearing from our DOD witnesses on their efforts to fulfil the Information Assurance Initiative, which was enacted as Section 1043 of the National Defense Authorization Act of Fiscal Year 2000, and in particular, and I want to emphasize this, I look forward to a status report on the information assurance test bed which was designed to plan and facilitate cyber security simulations, war games, exercises, and experiments within the Department of Defense (DOD) and between the DOD and other governmental and private organizations. Let me emphasize that again: to plan and facilitate cyber security simulations, war games, exercises and experiments, not only within the Department of Defense, but between the Department of Defense and other governmental and private organizations. |