"Thank you, Mr. Chairman. And let me thank our distinguished witnesses for joining us this morning -- and for their many years of service to our nation.
"U.S. Strategic Command is in the midst of pivotal change as we proceed with the modernization of the nuclear weapons complex and the nuclear triad and further embed cyberdefense and cyberattack in the core mission competencies of 21st century warfare.
"On nuclear modernization, I am encouraged that even with the unprecedented level of defense spending uncertainty, the Department has maintained its commitment to modernizing the triad of nuclear delivery vehicles. Unfortunately, the same cannot be said for the National Nuclear Security Administration (NNSA) and their proposal to abandon or delay key elements of the nuclear weapons complex modernization plan. Ratification of the New START treaty was conditioned on a commitment by the President to modernize the weapons complex. Modernization is universally recognized as essential to the future viability of the nuclear weapons complex and a prerequisite for future reductions. It has now been just over a year since the treaty entered into force, and the President has already reneged on his commitment to modernization.
"Core to the Strategic Command mission is deterrence. However, as the frequency, sophistication, and intensity of cyber-related incidents continue to increase, it is apparent that this Administration's cyber deterrence policies have failed to curb malicious actions. The current deterrence framework, which is overly reliant on the development of defensive capabilities, has been unsuccessful in dissuading cyber-related aggression. Whether it's a nation state actively probing our national security networks, a terror organization seeking to obtain destructive cyber capabilities, or a criminal network's theft of intellectual property, we must do more to prevent, respond to, and deter cyber-threats. The inevitability of a large-scale cyberattack is an existential threat to our Nation, and a strategy overly reliant on defense does little to influence the psychology of attackers who operate in a world with few, if any, negative consequences for their actions.
"Last July, General Cartwright, the former Vice Chairman of the Joint Chiefs of Staff, criticized the Administration's reactive Strategy for Operating in Cyberspace, saying "If it's okay to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's very difficult to come up with a deterrent strategy.' I look forward to hearing from our witnesses if they believe that a strategy overly focused on defense is sustainable, and whether they agree more must be done to deter and dissuade those who look to hold U.S. interests at risk via cyberspace.
"The Senate will soon begin debate on cybersecurity legislation. The central themes in that debate will focus on how to improve information sharing across the spectrum and whether a new government bureaucracy will improve our cybersecurity. I have proposed legislation, the SECURE IT Act, that first focuses on removing legal hurdles that hinder information sharing, rather than adding regulations that would shift focus -- and precious resources -- away from the actual cyberthreat. If a timely response is essential, how would another layer of bureaucratic red tape be helpful?
"While the SECURE IT Act does not give new authorities to the National Security Agency or U.S. Cybercommand, few will deny that those institutions, not the Department of Homeland Security, are most capable of guarding against cyberthreats. Unfortunately, other legislative proposals favor prematurely adding more government bureaucracy, rather than focusing on accomplishing the objective of protecting our cyber interests.
"General Alexander, during an FBI-sponsored symposium at Fordham University, you stated that if a significant cyberattack against this country were being planned, there may not be much that either Cybercommand or NSA could legally do to discover and thwart such an attack in advance. You said, "In order to stop a cyberattack you have to see it in real time, and you have to have those authorities. Those are the conditions we've put on the table Now how and what the Congress chooses, that'll be a policy decision.' In a fight where the threat can materialize in milliseconds and quick action is essential, I look forward to better understanding what authorities you believe are needed to protect United States interests both at home and abroad.
"The Department of Defense is requesting nearly $3.4 billion for cybersecurity in fiscal year 2013 and almost $17.5 billion over the Future Years Defense Program. The cyber budget is one of the only areas of growth in the DOD budget because of broad agreement that addressing the cyberthreat must be among our highest priorities. I thank the witnesses for appearing before the committee today and look forward to their testimony."