 Good morning and welcome to our city hearing on defense in a digital era artificial intelligence Information technology and securing the Department of Defense Just a reminder of our three holy commandments on the city subcommittee. One is that we shall start on time check To five minutes. We will enforce the five minutes. I understand that you may not have the shot clock there So we'll give you a little bit of grace and we'll try and you got phones. So you can time yourself and Please try not to use obscure acronyms and jargon We want to communicate in simple and direct language that normal human beings in America can understand We are pleased to be joined today by the department's chief information officer, Mr. John Sherman and the inaugural chief digital and artificial intelligence officer Dr. Craig Martell I welcome both of you and especially Dr. Martell in your first appearance with the House Armed Services Committee You both have very Important jobs and our job is to ensure that you do your jobs well to underscore The stakes of your job and our job I would like to quote a recent report from our friends at the Australian Strategic Policy Institute, ASPE Quote research reveals that China has built the foundations to position itself as the world's leading science and technology Superpower by establishing a sometimes stunning lead and high-impact research Across the majority of critical and emerging technology domains including artificial intelligence and key quantum technology Areas in the long term China's leading research position means that it has set itself up to excel not just in Current technological development in almost all sectors, but in future technologies that don't yet exist Unchecked this could shift not just technological development and control But global power and influence to an authoritarian state where the development Testing an application of emerging critical and military technologies isn't open and transparent And where it can't be scrutinized by independent civil society and media in the in the more immediate term that lead could allow China to gain a stranglehold on the global supply of certain critical technologies Such risks are exacerbated because of the willingness of the CCP to use coercive techniques outside of the global rules-based order to punish governments and businesses Including withholding the supply of critical technologies unquote gentlemen I'm concerned that we are losing in key areas of the strategic competition with the CCP I would prefer that we win as we say in Green Bay winning isn't everything. It's the only thing So today I look forward to hearing from you how we can fight smarter and win this competition and with that I recognize the ranking member mr. Connor Thank you Chairman Gallagher, and I appreciate your Leadership on this committee and your bipartisan Spirit in which you've conducted the hearings. I would also like to welcome mr. John Sherman Did the DOD chief information officer and dr. Craig Martell the chief digital and artificial intelligence officer? Thank you for your service, and thank you for appearing before the subcommittee on the heels of the one-year anniversary of the War in Ukraine one constant theme that we have seen is ways that the war has been transformed and different from the past From the ubiquitous presence of tactical unarmed Unmanned aerial vehicles to the use of digital platforms It's obvious that the continued integration of advanced technologies and combat is an essential component of modern warfare And that is why the DOD's CIO and chief digital Intelligence and artificial intelligence officers appearance is so important one of the Things we need to focus on in the second year of the creation of the chief digital and artificial AI artificial intelligence officer is The challenges that you have encountered and ways that we can offer assistance Deconflicting some of the duties is important one of the other and pre important issues is the recruitment of talent and the retention of talent and how we do a Good job in in recruiting the top talent. I know we have a Advantage of doing that in the private sector in Silicon Valley But we need our best and brightest in technology coming into the government And I want to get your thoughts on Additional steps that we can do For recruitment for the board of the growing importance of the electromagnetic spectrum and the highly visible role of the department spectrum usage Is something that I hope this committee can discuss Finally, I would like to hear your work about securing our networks and that of the defense industrial base That is absolutely Critical in any modern warfare. Thank you again for both of your appearance before this committee. Thank you. Mr. Sherman is recognized for five minutes Good morning chairman Gallagher ranking member conna and distinguished members of the subcommittee Thank you for the opportunity to testify here today Now last summer I also held the position of acting chief digital and artificial intelligence office Artificial intelligence officer, but as you note sir sitting next to me is dr. Craig Martell who is now the permanent CD AO We're privileged to have him on the DoD team and we work together on many key priorities that we're going to discuss today All of our modernization initiatives are focused on ensuring the joint force is prepared to win against peer and near-peer Competitors this means identifying and leveraging effective technologies and approaches to stay ahead of our pacing challenge of the People's Republic of China as well as any other nation or group that might seek to do us or our allies harm Succeeding in this space is why my team and I come to work every single day and it is our overriding mission imperative We also continue to take Take in lessons on how the digital landscape is constantly evolving from the battlefields of Ukraine and elsewhere And we endeavor constantly to strengthen our interoperability with allies and partners around the globe Driven by these priorities We have made key strides in digital modernization since I last testified before this subcommittee last year in December We announced the award of our new joint warfighting cloud capability or JWCC Which will provide us with enterprise cloud computing from four world-class companies at all three security Classification classification levels from the continental United States out to what we call the tactical edge Meaning an island in the western Pacific key terrain in Eastern Europe or even a ship at sea JWCC which supersedes the single vendor single award Jedi cloud procurement that we canceled in 2021 will enable the department to develop and deploy software in an agile secure and scalable manner While providing for data and compute and storage that will undergird efforts led by my CDIO colleague and others Additionally, we continue to strengthen the department cyber security posture Underscored by our zero trust strategy and implementation plan The concept of zero trust involves protecting critical data and assumes that an enemy is already on our network and that We must verify the credentials of everyone and everything and that there be no unrestricted lateral movement across our enterprise We plan to implement zero trust all across the department by 2027 and are working with the DOD components on their plans ongoing actions and investments to achieve this goal Meanwhile, we're pursuing multiple lines of efforts to strengthen the cyber security of the defense industrial-based companies through outreach provision of services alignment of DOD activities and preparation of the cyber cyber security maturity model certification program which will provide us with a Mechanism to verify that companies are handling sensitive DOD data and are instituting required cyber security measures We're also working with stakeholders in DOD to remediate the quote technical debt Unquote that is accrued on many of our key weapon systems while we didn't necessarily have to worry about terrorists and insurgents Hacking into our jets ships or tanks over the last 20 years We know that nation states will certainly try to do so Ensuring our service members operate and cyber survivable equipment is a top priority for the department In the same vein we continue to strengthen our command control and communications capabilities These include electromagnetic spectrum operations for which we in CIO have taken over department level oversight since this last year Representing the nexus of electronic warfare and spectrum operations Our force's ability to dominate in this domain is critical to fighting and winning on any modern battlefield All the while we never forget our success comes down to people We are releasing a new cyber workforce strategy and a related policy manual that will help us better identify recruit develop and retain top-notch talent also for the military and civilian members in DOD who have Strung had to struggle for far too long with IT systems that are simply difficult or slow to use We're doubling down on our efforts to improve user experience all across our enterprise using my office's budget certification authority my team and I are driving strategies and will hold organizations accountable for continued progress all of these activities rely on the strong support that this subcommittee has provided to DOD for many years Thank you for this backing and for the chance to testify here today. I look forward to answering your questions Thank you. Dr. Martel is recognized for five minutes Chairman Gallagher ranking member Kana and distinguished members of the subcommittee. Thank you for the opportunity to testify before you today This is my first appearance before Congress and I look forward to sharing the ongoing efforts of the chief digital and artificial intelligence office It's an honor for me to serve our nation as the first DOD CD AO the importance of this role the mission of the CD AO and our service to the warfighter are not lost on me From my experience as a professor of machine learning at the naval postgraduate school To my time leading machine learning teams at some of the most innovative technology companies in the US I'm proud to bring best practices and lessons learned To accelerate and scale data analytics and AI in support of the national security mission The Deputy Secretary of Defense established the CD AO in February of last year bringing together the authorities and resources of previously separate organizations Which included the DOD chief data officer the Joint Artificial Intelligence Center the Defense Digital Service and Edvana the advancing analytics office We recognize that data analytics and AI are core capabilities in supporting the Secretary of Defense's priorities to defend the nation Take care of our people and succeed through teamwork When I arrived in June my team and I assessed the data analytics and AI capabilities and gaps at all levels of the department We reviewed the recommendations from the National Security Commission on artificial intelligence We assessed existing digital technologies within the department partner organizations and the commercial sector From these efforts. We've identified four key strategic elements one Improving data quality. I'm gonna say that over and over again today to enabling advanced analytics and metrics three providing the appropriate AI scaffolding and Finally cultivating the key enablers for all of this We refer to this as our hierarchy of needs at the base of this hierarchy are the enablers Talent culture and leadership. These are the foundations of the work. We do in CDAO. This includes fostering and educated workforce Leveraging the strengths of the commercial and academic centers sectors and effectively integrating both our data and activities with our allies and partners In addition as a close partner to honorable Sherman in the office of the CIO They're delivering the storage security and computing infrastructure that this hierarchy depends upon We work very tightly on this Above these enablers the next labor is quality the next level is quality data as our number one priority Quality data will enable decision advantage by powering both the analytics and the AI layers of this hierarchy For example data paired with powerful analytics dashboards will allow us to see what we own and where it is Sounds simple remarkably important Similarly complex AI models will bring enhanced capabilities both to warfighting and to running the business These are not doable without quality data Addressing these challenges via this hierarchy of needs will drive the department to being data centric to being the data centric Organization needs to be now note this hierarchy is a logical hierarchy It doesn't mean we're not going to move forward on AI and getting things to the warfighter until data is perfect We're going to be doing all of these things simultaneously So based on this strategy, we are pursuing the following initiatives in 2023 one Creating the JADC to data integration layer, which will enable combatant commands as well as partner nations to access share and integrate data at all levels To providing the enterprise with the appropriate AI scaffolding Which includes the services and infrastructure most needed to accelerate AI development and adoption across the DOD three Conducting a talent management pilot for establishing a defense digital core a cadre of digital experts aligned to digital positions across the DOD and managed as a unified cohort and Finally supporting our business performance metrics to ensure progress on the goals laid out and the DOD strategic management plan and the national defense strategy implementation plan I Look forward to working closely with the subcommittee on these issues and others as we enable DOD's current and future use of data Analytics and AI for national security. Thank you Thank you, and I'll proceed to question and answer. I will recognize myself for five minutes Dr. Martel you sort of talked about the I think We're hinted at the tension in your job, which is it's all these things we need to do over the long term We need to improve just turn DOD into a data Centric organization, but in the short term our war fighters or joint war fighters our combatant commands have needs They have rising threats to have to confront At present joint all-domain command and control or JADC to textbook example of jargon It is increasingly siloed into individual service plans, which extends the timelines even more as I understand it The deputy secretary created your position primarily to help meet this urgent need that is to rapidly deliver Operational data centric and truly joint war fighting capabilities to the co-coms, especially Indo-Pacific command If this is your mission, and that's a mission I would support strongly Can you just tell us clearly what CDO is doing to deliver on it? You mentioned four things Maybe is that what you would say and that is what do you mean by scaffolding? Yeah? That's thank you for the question chairman Gallagher The sorry you're not in trouble. Okay. Did I do something wrong? I Think fundamental to the problem of the jatsi Is that we think about it as a product or a destination or a particular capability? I don't think that's right at all. We that's not how we look at it Jatsi to is simply a new way to do business It's being able to get the right data at the right time at the right time to the right place so we can jointly Exercise command and control across all domains from sensor to shooter So you mentioned that the services are stove piped, but I don't necessarily see that as a stove pipe They build systems that work for their particular needs and that's fine We shouldn't want to stop that we shouldn't want to dive deep into what they know how to do But what we need to do is get the data from those systems to a command level So that and have it flow easily to a command level so command command decisions Strategic command decisions can be made and and tasks down to shooters So we see our job is developing this data integration layer We can dive deeper into that the geeky aspects of it But this data integration layer which allows all of those systems to talk to it as a So that it can be shared where it needs to be when it needs to be if So your your office now has substantial staff and resources How it will be the fairest way for us to measure your success What are the right metrics so that the next time you come and testify before us? We can sort of fairly assess you on how you're doing your job Is it adoption of capabilities speed of delivery? Is it the number of experiments? Is the number of meetings dollars spent what would be the right metrics to judge your success? I hope it's not the number of meetings or dollar expense, right? I think it's very important to not have effort based metrics We need outcome based metrics and so we think about and to be clear It's still unclear to me. That's a weird sentence to be clear It's unclear, but it's still unclear to me how we're gonna Measure these things all the way down to the levels that we need to but what we're driving for is time to use ability If someone needs a new capability and we've provided the underlying scaffolding. How quickly can that capability be fielded? amount of data-driven decision-making and we think about this sort of in a number of ways but for Amount of data-driven decision-making per cocom per combatant command amount of data-driven decision-making Per three-star forum so we can actually measure These these fora and we can measure the number of dashboards being used which is providing data to those four and finally Time to usability how quickly so time to delivery is from a producer's perspective We're gonna get it to you how quickly can that then be used? So once it's delivered if it just sits on the shelf, that's also not sufficient It has to actually be used so what sort of best practices and training do we have to wrap around that so that the warfighter can use it? Hmm. I appreciate that Mr. Sherman, I may have to get to you in a second round of question Quickly though. Dr. Martell. Can you just explain again and just for a liberal arts major? What do you mean by the scaffolding that you're talking about? Thank you for the question chairman Gallagher Most people think about AI is a product that's delivered I think those products being delivered will be delivered best by our commercial sector But there are things that the DoD needs to do around that product that's being delivered that we're not doing for example What the product should be doing what a particular model should be doing say trying to detect something on the battlefield? We are the subject matter experts of that we should be just saying this is a this is be this is a this is be Getting that data labeled correctly should be our responsibility Currently we give that to industry as a responsibility, but I believe we should own that because that's our IP Simultaneously on the other side my time has expired. I have to hold myself to my own rules So we'll have to come back. Otherwise, it'll be a total hypocrite I just want to emphatically endorse what you said about meetings to paraphrase Drucker meetings are a concession to a deficient organization one either meets or one works one cannot do both So we should not use that as a metric. Mr. Connors recognized five minutes Thank you I'm reminded of the Oscar Wildquilt that the problem with socialism is too many damn meetings but I Appreciate I'm not sure if I'm supposed to respond to that I Appreciate your your testimony, you know, we had Dr. Eric Schmidt at my Oversight hearing and one of the points he made in the talent of cyber and tech is that He thought the DOD was doing a good job in recruiting a good job at the service academies But the challenge was really the ability for people in technology to rise to meaningful positions Obviously, you know, you don't have the multi-million dollar exits in Silicon Valley But the other thing that attracts people to these tech companies is their ability Not just to be grunt workers not just to be mid-level folks but to actually be in leadership and to be central in driving things and as as jamming and AI And so many of the theaters of modern war may involve technology What is the pathway to get people up the ladder so they feel empowered both Dr. Martell and then mr. Sherman Thank you that question ranking member conan I agree completely that we need to build pathways for tech folks in the department But I think one of the benefits we have is that all of our workforce is in getting increasingly technical As our technology is getting increasingly easier to use So one of the things where we need to depend upon as a nation is we have to continue those pushes So that we generate practitioners particularly in AI. It has been dominated by experts And and I would say for the last 15 years it's been dominated by experts But there's a movement now where there's enough commoditized tools where skilled practitioners can actually deliver the value that experts used to be able to do That's the tactic we're taking. How do we upskill the folks that are in the department now? And secondarily, how do we attract Maybe not those people who already know walking out of school from a top from a select group of schools that they're going to get A silicon valley job. What about those folks who are not sure they're going to get a silicon valley job Or a high-paying job that's still untapped talent in the united states How do we create a pathway and an extended apprenticeship so that then when they leave Working for the do d or working for the government. They're actually significantly better and more attractive to those industrial jobs I don't think hire to retire is the right solution. I think transforming them is the right solution I appreciate that dr. Bertholdt before mr. Sherman I would just say though that You shouldn't aim just to have the top folks go to silicon valley and get the next layer I mean a lot of the top folks in silicon valley vint surf who's at google came out of darpa and it was really The department of defense that led so much of the innovation that came up with the mouse that came up with drones That came up with the internet that came up uh gps with gps So, uh, you know the the hope would be that the best and brightest would still want to come to defense and really inverse as opposed to Going to silicon valley. Thank you for the comment I think that's right. I think they'll be more attractive if we have a robust workforce in place So I actually see this as a means to that Mr. Sherman and congressman I would just add to this couple points using every every excuse me Every arrow in our quiver that have been given to us by you all in congress things like cyber accepted service And other hiring authorities where we can pay folks a little bit more get them in the door more quickly And also think differently about how we manage folks career and not the traditional 30 year come in the door And have the traditional step up the ladder there now folks are never going to make the same amount of money in dod That's not what's going to bring them in here. It's going to be the mission Protecting us against the prc putting isis back on their heels those kind of things I saw this in the intelligence community as well But we have to think differently about the credentials that folks need to come in things like apprenticeships Looking, you know, what are the degree requirements? Maybe a four-year degree is not required Apprenticeships can be a way to go on this and then very importantly Recognizing that folks are going to come in and out of the door here And we have to partner with industry and I talk a lot publicly about this How are we going to do this where if someone comes to dod then goes to industry in silicon valley or austin or north caroline Or wherever and comes back How can we do this without having the security folks is hit explode Where they have to go through another year and a half or two years getting in the door We're gonna have to figure this out and to that point sir We have a new cyber workforce strategy is actually coming out this week One of the key pillars is exactly this point about creative approaches on how we get past the old think about how we manage tech careers on this sir All right. Well, I'll look forward to working with you and the chairman on this Mr. Gates is recognized for five minutes Dr. Montell it seems that for us to beat china at ai the first thing we have to do is catch up to china in ai, right? Thank you for that question congressman gates. Um, I don't actually think we're behind china with respect to ai I think that we're but I let me let me sharpen that With respect to technological capabilities We we are we are As far ahead as anyone with respect to talent We are as far as head as far ahead as anyone, although I think there's a danger there I think the fundamental difference is They are working. They are doubling down on on high quality data And high quality compute. So we have high quality compute But um, we need to double down on getting the data, right? I think you need to start my clock. Mr. Chairman. Thanks. Thanks for the extra time Oh darn it. Uh, so I I rescind everything I just said and we can start again. No. Yeah, this is all off the record It's still on the record. Yeah, uh, but mr. Gates gets it. Yeah, no, I got I guess mr. Chairman So most of the analysis I've seen indicates that they're way ahead. So your testimony is interesting because Um, it seemed you do appreciate and understand that it runs cross current to a lot of what we hear about china's current supremacy in ai Right I do congressman gates. Thank you. Um, I think we could have a more, uh Interesting conversation in a closed session. I'm happy to do that. Okay. Uh, so you talked about the data sets and I'm really interested in the ways that china builds those data sets where they get information Does china have the capability to collect intelligence? From the offshore oil rigs that they operate and own I think for that question congress gates, um, I'd rather tackle that in a closed session Uh, well, I don't know sometimes I worry we overclassified these things Like shouldn't the american people know if there's oil rigs offshore that are like using Chinese data to collect information So I I think uh, probably a more uh, more correct answer is um, my expertise doesn't extend to china to that to that degree Um, I think we're going to win any fight by providing quality data Create the right scaffolding. Well, yeah, let me ask another place Let me ask another place where um, where they may collect data So does china collect data from the cranes that they sell to us ports? Thank you that question. Um, I I'm not an expert on on china's Yeah, I I'm kind of concerned that that that an assessment of their ai capabilities Is gonna lash pretty closely to where they're getting these exquisite data sets, right? And so if they're if they're able to utilize ai to aggregate this massive amount of data that they get from The cranes that they sell our ports From the dji drones that our law enforcement fly around From the oil rigs that our us oil companies sell to them that that really is a an important plug into ai, don't you think? At congress gates, I actually do I think I think it's a very important point and I'm not trying to uh dismiss it When I said I I don't think they're further ahead with respect to ai I don't think they're further ahead with respect to the algorithm capabilities or the tech or the talent capabilities In fact, most algorithms are commoditized and anybody has access to them at this point If if in fact they are gathering data from more places that will in fact produce robust a b robust ai and If we need to gather we can have a really robust conversation about what data we should be gathering. I'm very open to that But i'm in agreement with you that getting the data right and getting the right data is what drives robust ai I've spent all my time with you talking about how china gets their data because I don't view Our ai scenario as in a bubble. I think we're in direct competition with china We win or they win and if we don't know who's ahead I do worry about getting to those deliverables in a way that we uh We can measure them and fund them and advance them. So hopefully we'll be able to have more fruitful discussion about How they collect data how we can integrate that into our broader cyber strategy and our a strategy I look forward to that. Thank you Thank you. Just before I recognize mr. Ryan. I want to recognize the stump family from Green Bay, wisconsin. They traveled all the way from america's district the 8th district of wisconsin to listen To our witnesses and engage in this discussion about ai and technology. So it's very important. Thank you Mr. Ryan's recognized for five minutes Thank you, mr. Chair and welcome to our guests from wisconsin And thank you to you both gentlemen for for being here today for your service Especially dr. Martel stepping into a new role and position In any organization is always a challenge and in the the biggest bureaucracy in the world. I'm sure And a joy it's been Not boring. So thank you for for stepping up and and both of your public service I wanted to actually build on what chairman gallagher was started was Getting towards with you dr. Martel. You were starting to talk about kind of the roles and Not authorities, but the roles and responsibilities when it comes to within jadsey too specifically Kind of who builds what you're talking about scaffolding and you were beginning to say we thought the role of commercial Partners is could you expand on that and to to be specific and sort of where my What i'd like to hear from you is how do we not a new problem, but how do we work better with and enable particularly smaller and and Less known, but I think often most talented companies to plug into the scaffolding that That we're building. Thank you for that question congressman ryan One of the things that's surprising was surprising to me when I got here is is how Acquisitions works you you set out a bunch of requirements and then five years later a product is delivered and the world has changed drastically in those five years That's the sort of thing we're trying to tackle. We're trying to be able to be efficient A flexible iterative iterative and experimental So our goal is to get a data layer which Allows for data to flow from any point to any other point And then apps can sit on top of that data layer. So a particular combatant commander a particular commander might want an app from one vendor and another combatant commander commander went on an app from another vendor and We need to see that data layer as the underpinning a marketplace that allows any vendor to show up and say I have a solution for this particular problem I think that's A much more iterative way an experimental way to get at To get at this as opposed to saying every commander you get the same thing when the commander Out on the ground might need something very different than something in a maritime domain And we need to allow for that marketplace both for the big players who produce real value and particularly in the ai space Three guys in a garage might actually change the game and we need to allow that to be available to them as well I agree my concern is time and urgency I mean we've heard many different timelines for potential major conflict, particularly with china And none of building a data integration layer Um against a bureaucracy that's not used to doing that. I mean how do you how quickly do you think we can build that? what can we do As as you know in our role as members of congress to enable that to accelerate that what authorities do you need? What resources do you need? Thank you for that uh for that offer congressman ryan. Um, I'll take it as a question for the record For probably the end of the year to get back with you with more specifics right now We're undergoing the guide experimentation series, which is global information dominance where we're actually testing these things We just did we just finished one. We're doing another one. Uh, next month, I believe With a key partner being into paycom and understanding how what we've learned for example, uh at ucom at european command Might be applicable in a maritime domain like in in the paycom like uh, so We'll have the point of those experiment that experimentation is to come up with a capabilities gap analysis So we can actually answer those sorts of questions for you. Great. Um, thank you. Um, I'm running short on time Mr. Sherman on cyber talent management Could you just continue to expand on that? Are there additional authorities you talked about the cyber accepted service? Are there additional authorities or tools that would be helpful to to advance that mission congressman? I think we have the tools at our disposal like cyber accepted service and targeted local management supplement Which is additional funding we can or pay we can provide to folks in in certain areas I think we just need to continue to use these authorities and continue sir to work with industry You all in congress and elsewhere as we generate ideas about how to think creatively about a 21st century workforce Some of whom may come in for a long career, but others very likely are going to come in and out As a matter of fact, we're going to want them to do that for careers like data scientists And others to not stay in government their whole time But go to industry and come back and figure out how we can do this in an agile way to stay ahead of the prc and others I appreciate that I I'd encourage you Think creatively if there are additional tools and authorities I think you're hearing from us. We want to give them so please come back and I yield back my one second Great use of time next up a son of Notre Dame. Mr. Fallon. Thank you, mr. Chairman You know when we talk about securing our networks Against our adversaries our enemies. It's absolutely, you know, I think it's critical that we understand exactly what we're up against And where our vulnerabilities may exist It doesn't do us much good to invest billions of dollars in security If there are entire swaths of our network that remain open and vulnerable, of course to hostile actors and as we Talk to folks in the industry I've come to learn that this was in fact Our reality in the do d information network in the not so distant past Thankfully, we've had, you know, we've taken the steps necessary to remedy the situation And I believe it's essential that we continue to invest in technology and secures our networks by leveraging new advances in technology With our network through the eyes We have to see Our network through the eyes of the enemy and where they would perceive vulnerabilities. So mr. Sherman How are you leveraging AI back technologies to discover and remediate vulnerabilities before our adversaries can exploit them? So in terms of AI back technologies, the main place we're going to apply that is what we call the big data platform Where we bring data together to assess what is going on on our networks But sir, if I could say AI is just part of this It really is to your point in your question about what we know the other side's doing is the partnership I have with general nakasoni at us cyber command in the national security agency To get threat informed intelligence about what the other side china rush, etc. Are doing against our networks And also again AI undergards some of this, but it really is that zero trust approach I noted in my opening a statement and statement where we assume an enemy's already on our network The burglar's already in the house and how do you prevent them from moving laterally throughout the house? And using what's called identity credential access management where it has to be verified Someone's identity along the way to make sure that they can't move to get to your most critical data So it's a new way of thinking about cyber security Not just at the perimeter or not even a defense in depth But a whole new way of thinking about you don't trust anything or anyone And that's what we're really doing to lock down our network, sir Kind of assuming that maybe the submarine is below the destroyer already right and you can't see him But you might be there. Dr. Martel, how do you see AI developing as a component of the DOD's cyber mission? And also, how can we remove barriers to entry for companies developing and deploying AI? Thank you for those questions, Congressman Allen I echo what mr. Honorable Sherman said that Um That it's mostly about data and it's mostly about zero trust and let me let me say that Zero trust underlies it it's a it's a uh It's a binary relationship. It goes both ways, right? So we can't build what we build without the zero trust underpinnings that mr. Sherman provides But I also think AI can provide some help to security particularly in anomaly detection So once we know the flows and we can track the flows of people through the zero trust architecture We can build systems that will help us detect whether it's a An anomalous flow something we might want to look at we might want to just sort of dive a little deeper there And uh, mr. Sherman as far as recruiting talent, you know, we if people come into our office And doesn't matter what industry they're in they have labor shortage They have labor need and now we're not even meeting our recruiting goals. I also sit on the arm services Uh Sorry, I We learned that last year in arm services that The navy the air force The army weren't hitting the recruiting goals So where are you all with the labor and you just mentioned about attracting that to how do you track that talent and Because it is competitive and and they can make so much more on the outside Sir, that is exactly what we've been getting after as well with this new cyber workforce strategy We have something called the defense cyber workforce framework sounds bureaucratic But it's where we've taken all of the 70 plus work roles in cyber and digital and with a fine fine tooth comb Much more granularity than you would see from the office of personnel and management on exactly the sort of work roles where we're going low Or we're right where we need to be and we might need to apply some new incentives Kind of with the rear stat of adjusting where we're getting low on maybe cyber defenders or software coders Or whatever and this has been a key tool. We've implemented We've added ai and data work roles And this has been enlightening for me as a cio about the levels of specificity We have to have to make sure when you start to see a kind of a warning light Hey, we're getting low on this type of work role. We need to apply some cyber accepted service or other types of Market supplement we can put against this. It's been a lot of pick and shovel work Sir But now we have a foundation to really look across a dashboard to see where we are particularly with our civilian But also working with our military workforce. So I would say we're making a good start on this We've got the tools we need and applying the authorities you all have given us to to address shortfalls Thank you both. Thank you. Uh, mr. Golden great marine is recognized Semper fine, man Sounds like a bad thing Dr. Martel in your preparatory marks You talked about the cyber workforce framework and you're referred to a pilot for defense digital core program Yeah I I wanted obviously the goal is to foster digital talent and everyone's we've had several rounds of questioning there So the national security commission on ai previously advised that Perhaps there should be a digital reserve core Which I think would be a nice compliment to what? You're talking about having a digital core. So is that something that you've thought about? Here in the house the four country caucus has been pushing for that We are a caucus of all vets. Tony Gonzalez has been the lead on that We've gotten it through the house and previous ndaas. It's always kind of suffered in the senate, but Could could either one of you or both of you comment on on whether or not that might be a way To have your cake and eat it too. I mean we just had a conversation about talent is going to the tech industry and the private sector Why not try and get some of those folks to serve while they're also out there in the private sector? Thank you for the question congressman golden Hallelujah, I think that would be amazing particularly because the defense digital core's goal is to see to figure out what talents needed across the department And to be able to bring that talent in and seed it But also manage it as a cohort because they're going to be ones these tuesdays and alone and no one wants that job Right and then and but if they're a cohort and they can share if they can share problems. They can share issues Um, we can we can much better manage and grow them right and give them real careers if we can do that seeding by folks coming in for Depending on how this works. We can talk about this afterwards. I'd love to but uh, even if it's you know Two weeks a year and a week in a month But then periodically for a year at a time that would that would lend itself very nicely to the way we're thinking about it Ditto on all he said and I would add to I think we need to push ourselves to think creatively about how we do this I mentioned security clearances, but not everyone needs a secret or top secret and particularly with the explosion of Remote work that how do we tap into talent where they don't have to all come move here to the beltway? They can stay in texas or massachusetts or Washington state or wherever they are and tap into that talent I definitely think that's something we ought to look at and again on that broader cyber strategy our third Goal on there as it's worded more finely than this but thank creatively and come up with creative solutions I think this would definitely fit on that that we would need to explore further Well, I suspected that you both would think that was a good idea So of course my audience is the committee itself and in the senate committee So I think that's something that we should push once again and hopefully get through In the next ndaa with the time remaining. I wanted to ask either one of you to field this question Which is pretty simple I think pat here was on to on to something talking about the urgency and how quick can you move What are you learning just looking at at the battlefield in ukraine right now about how you can adapt on the fly To start to use data to start to use apps and maybe even blend You know those emerging technologies with With the things that we already have in place right now Yeah, thanks for that follow up congressman golden We have lots of technology that we can bring to bear On solutions and on problems and we have lots of people willing to tackle those The things that I've seen that have worked well is when we get that technology in the hands of a large group of people Well trained and they're able to stand up quickly and deliver real value. I'm happy to go into a deeper in a closed session We better be secure We better be agile and we better move in a digital environment They're fighting World War two tactics But on a 21st century battlefield and we better adapt and we are taking lessons learned On this and particularly how we would look at a china scenario, but I think those pillars whether it's satellite communications Cyber security or as the ranking member noted Electromagnetic spectrum operations how we fight through spectrum and maneuver and survive there All these lessons are going to be relevant and and speed matters. So that's what I'm taking away from this Thank you. I'll yield back Dr. McCormick Thank you, mr. Chairman The committee has been closely following the perspective sharing of the 3.1 to 3.4 gigahertz spectrum And uh, obviously with with the amount of technology and communication that we're doing that's just parabolically expanding We have real concerns about Giving that up to the commercial industry, which would just gobble it up instantly and once you give it away You can't bring it back who ultimately makes the decision on whether that's Diversed from or not As it stands right now per a 2000 NDAA it would be the secretary of defense Basically making that decision on proposed legislation that the administration currently backs would be the president In his or her role as commander in chief, but based on Direct advice from the secretary of defense on that matter Would there be any reason for the secretary of defense to ever consider giving up any bandwidth? Not giving it up congressman, but figuring out how we could share it Sharing in terms of time and times in terms of geography or in terms of radio frequency So we could conduct our military training operations here in the u.s And homeland defense, but also giving our economy an ability to stay ahead of the chinese and areas like 5g With with the amount of technology that continues to expand and the amount of people that keep on burdening the the The gigahertz spectrum If we start sharing though, I don't understand how you ever grab it back and my concern is once we start sharing It's it's a bottomless pit In other words, they'll never be satisfied with what they get and they'll never want to give it back up And the fact that we in the military we get more and more advanced Needs Why would we once again? Why would we go there when there's there's got to be another way? Well, absolutely congressman We wouldn't want to vacate where we're shoved out and never to return again Sharing would be kind of joint ownership of this where if we're conducting military operations near an installation Conducting homeland or border security that we would have the military radars on and be able to operate And that the telecom providers would potentially have to switch to another area and we've got some examples We've done in past administrations working walking shoe gum But the band you noted sir is 3.1 to 3.45 is beachfront property both for long-range radars as well as telecom needs here And to the chairman's point about competition and dominating against china I have the cio equities for dod. I want our radars to work be able to protect this homeland keep our citizens safe But I also know economic dominance matters too. So i'm committed we have a study We're undertaking right now per the infrastructure investment jobs act that congress you all tasked us to do that culminates on 30 september No decisions would be recommended to be made until we can do our due diligence and figure out if sharing is even possible Okay, great. I'm I'm from camp penniless. I'm used to that people trying to gobble up a prime real estate there um When it comes to the battlefield and some of the technologies I'm a firm believer that we have the best staff nco's in the whole world And that's why we're working better under conditions where we don't have comms Obviously top-heavy organizations like russia and china don't have that luxury in order to have the same experiences Um, which brings to bear that our technologies in disrupting their communications become paramount Uh, as well as securing our own because it's always in a kid as an Anglico guy I've always had problems with disruption of of uh frequencies He loves the Anglico he loves Anglico I guess my question is do you feel like and this i'm not asking any secret questions Do you feel like we're putting enough investment into that counter calm and and calm abilities in the military So what you're talking about sir electromagnetic spectrum operations what we've done we did in vietnam We had to do in desert storm bosnia and elsewhere But to different degrees in afghanistan and iraq but as we get ready for china We better be able to fight and dominate in this space. So to your point sir I think investments from what I've seen are sufficient now, but this is something I'm gonna bird dog very carefully from my office here Particularly as we see the services starting to kind of regenerate electronic warfare and other capabilities Both to put the enemy back on their heels and ensure our nco's and our trigger pullers can stay in touch with one another As we've seen on the ukrainian battlefield all the dynamics with mso of how the russians are trying to use it And the ukrainians are using it that we cannot be cut off on this to be able to make sure we can conduct combat operations So your feeling is right now. We're doing adequate Will we need a big investment for the future to continue this? I think we need to keep a close eye on it here and monitor as we Regenerate this capability that we had in the cold war that we had to kind of maybe somewhat turn away from a bit during the War on terror as we regenerate it. I want to assure this committee. I'm going to keep a close close Side on this as we move forward how you Well, apologize for that. I got I got carried away with the gavel like like the ring of power it ultimately corrupts So I recognize mr. Letrell keep it handy Gentlemen, thank you for being here for ever today. You talk about data quality with one is one of your pillars And and I and I absolutely understand the importance of data quality. But as we move forward here Aggregating the data is obviously what's most important because you talk about sensor to shooter My question is are we utilizing retrospective data or prospective data only? Either one because as dirty as data is and we have to filter it And as mr. Golden said we're trying to keep pace with china But if we don't have the infrastructure in place, how are we going to clean that data to give that information back to the shooter as you say Thank you for that question congressman neutral. That's a um About a can of worms in a number of ways, right? So so do we wait till the data is clean before we act? No So we're going to have to act on dirty data until we until we get it, right? Um One way we tackle this is to say no new bad So we know that we have to deal with the the past stuff that the systems and the data that have been built That have been built in in ways that are not up to snuff But we need to make sure that things going forward are are doing things right So part of the way we think about this is as we built this infra new things that we bring on board are doing data Right, but we absolutely do have to go back and Recontract as contracts come up as as we have to reacquire things We have to part of what we're going to deliver are the contracting vehicles. It'll allow folks to specify This is what good data looks like and this is what getting getting data looks like Getting getting it right and the other thing I just want to add is um distributed governance And building cdo structures down through the components is extremely important of this It just it has to be aligned with incentives And it seems like such a slow process Considering the silos that we all work in especially in government. It's it's absolutely a slow processor But so we have to be able to do that slow process and get it right while simultaneously Still allowing for new folks to deliver value. I that that's that's a balance that we're gonna have to strike There's not going to be a way to to snap our fingers and just have a get it right fast sure This is going to be a follow up But we you and I are gonna have to meet because this this this is Sitting on a panel with a bunch of shooters right here Who's setting the inclusion criteria for the data that's inbound? And do we have that infrastructure? Well, we're talking about extra skill computing here I mean forget about pedoflaps if we're doing real-time Maneuverability, it's got to be quick. It has to be that lightning fast and given just the footprint of the american arsenal itself Does do d have that infrastructure? I know do e As far as I know has the fastest computer in the world's summit And I don't know if do d is even anywhere close to that well not for high Yes, we have high performance computers, but to your point. This is why that joint war fighting cloud capability We had to stick the landing on this and we got it now with four companies And no particular order oracle google amazon and microsoft all bringing their cloud computing capabilities and sir And I know you're familiar with this out to that tactical edge And that's where we're pressing whether it's out on an island inside the first island chain Or somewhere in eastern europe or sub-saharan africa to be able to have a special operators or whoever Cloud computing capabilities. Oh conus as well state-of-the-art and this is why j w cc And as we move past that jedi cloud procurement that had all the issues that we have this now And we're going to have it at all three security Classifications up to top secret which is going to be a game changer on this and that's why this has been so important, sir Is there a beta test in in process progress right or a scalable program? That's in place that you can that we could see so In real time um what we could show you we have cloud capabilities already underway in the department I'm talking all the way from where I can reach out to I can reach out to a operator on the ground saying this is what I I'm receiving this I think we could show you that and the other thing sir I'll tell you we're building off what the intelligence community has pioneered I know you've likely seen some of this yourself, sir So we are we're not reinventing any wheels on this we're riffing off what my ic counterparts have done So sir, we'll take that for the record and we'd be happy to try to set up a demo or something on that for you, sir That'd be great. Thank you. I yield back. Mr. Chairman. It's kiggins Thank you, mr. Chairman. Thank you to our panelists for being here today as a liberal arts major also I've done some reading about spectrum and the backbone of our communications network and using abundantly by the public and private sectors alike so the latest battleground over spectrum allocation involves the mid band Which is crucial not only for 5g and cellular data, but also for do d missile defense air navigation space asset tracking and several other critical uses Private spectrum for telecommunications use is vital for economic growth and global connectivity All the importance of federal spectrum allocated to do d for national security purposes cannot be overstated So given the competing interests between public and private sector spectrum needs What proposed solutions does your office think are Viable for band sharing going forward and are there other lower spectrum bands being explored for do d use Ma'am We're to the study we're conducting here on that 3.1 to 3.4 5 gigahertz. That's beachfront property I said for the radars as well as the telecoms We have a study underway culminates on 30 september that we've been leading since last year Sharing not vacating not where we get kicked out of it and where do d has to go find some other spectrum Which would be very difficult, but how do we walk and chew gum and figure out again from geography? Time and radio frequency use. How do we make all this orchestra work together with the telecoms in this highly congested But highly desirable space We're examining this right now and we would note that this is one of the most difficult parts of Band analysis we've ever done just because it is so desirable both for long-range radars to acquire missiles and so on But also for 5g propagation. So we're studying this But what I just talked about those three principles of time Geography and radio frequency or what we're thinking if we're going to find us a potential solution to this That's how it's going to be done with the telecoms And that's why I'm working so close with commerce and ntia and our interagency partners to make sure we look at the angles on this But protecting this country is paramount consideration on this Thank you. And then I uh, I A couple bases in my district. I represent Virginia's second district So master jet base oceana just listening to users over there And I don't know if this is the The right venue to ask but I just want to communicate some complaints of those guys when they got a lot going on right They're training to fly they're flying jets over there But they complain about the computers and and when you ask them what frustrates you about your job What can we do better? It's the computers and it's the time to log on and I don't know It's the security portals that they have to go through. It's the wi-fi capabilities. It's the age of the equipment So it's it's for me. It's the little things we talk about quality of life and recruitment retention for our armed forces and And that's what they communicate. I mean number one. It's infrastructure is a big one But but I mean computers is the second thing that they that they tell me. So I'm assuming this is your department I mean are those things that those little day-to-day things for those end users that they just show up And and they want to go home to their families at night too and they they get frustrated and uh, and I want to do Better for them. So so how can you help me do that? So we're going to lean in and the term we use is called user experience But really it's the fix our computers piece at what you're getting at and I got to tell you from my however much longer I'm in this job. This is going to this is a top priority here And we already have some wind in our sails on this as the budget comes out here shortly Some investments. We're making it's a multifaceted problem. It is. Yes some new hardware. It is. Yes having Cyber security scans that don't conflict with one another. It's having fiber on base down in Norfolk or else It's not having dated hardware like routers and switches and stuff that have been allowed to atrophy It's a multifaceted problem and just yesterday, ma'am I was talking to the Air Force's chief experience officer about how we do things like measure And not just go anecdotes because I hear a lot too from the sailors and airmen and guardians and everybody else But what can we do to really monitor the network to know when the spinny wheel is happening For the the sergeant at Fort Eustis and she's trying to get her maintenance report in We we're going to get after this because we're not going to fight with one hand tied behind our back And it is a quality of life issue ma'am. I'm dedicated to getting after this. Thank you so much. Please make that a priority And I yield back. Thank you Mr. DeLuzio Here's chairman Good afternoon. Good morning. Lost track of time a day. Good morning. Mr. Sherman. Dr. Martel. Thanks for being here Thanks for your work and your team's work to protect our information technology cyber security Our networks, I think folks often don't understand What goes into that good work? So thank you In our full committee hearing yesterday with north com south com assistant secretary for homeland defense hemispheric affairs One of the issues we touched on that I asked some questions about was Defense of our critical infrastructure, which I think is a place that obviously touches defense But certainly homeland security and other other parts of our You know vital defenses here and we talked about You know not just malicious actors in china and otherwise But one of some of the challenges coming from the fact that much of our critical infrastructure is privately owned It's not just under public control. So mr. Sherman. I'll start with you if you could talk about What those challenges are what we can do better what you know this subcommittee in our committee should be thinking about So the biggest thing is just what you said we're going to take this seriously here We need to work across the interagency as we work with homeland security SZA my friend jen easterly over there I've worked with her for years on how we work across all the industrial sectors now for us at dod the defense industrial base piece The defense critical infrastructure is where my line of sight is but this is going to take a whole of government Whole of industry and folks taking it seriously And this is where we could continue to use your assistance here on the subcommittee and the broader hask Is making sure co's and others don't see this as a nice to have We saw colonial pipeline two years ago in other places that this isn't just a blinky lights Something that you can invest in if you want to this this is critical An adverse actor can take down your entire whether it's a pipeline network We've seen technical debt and things like with air traffic control and things that have happened recently We've got to take this very seriously So department of fence we're focused on the department of fence information network But also our critical infrastructure And one thing I have is budget certification authority where I can hold services and others feet to the fire to make sure They're having appropriate investments And we need to do better on this on areas like defense critical infrastructure To make sure we're protecting that piece of our enterprise as well, sir Well as a follow-up, you know, how how would you and for folks who aren't as Doubt into what it is we're discussing the work that goes into defense critical infrastructure How do you compare where our defense industrial base is relative to other components of our critical infrastructure in this country? Sir, I think that would be hard for my seat as the dodo to do a holistic looking across Energy automotive and everything. I will know that say that In the defense side, we know that's where the chinese russians and others are trying to expropriate Plans blueprints and everything else and really trying to help Work with that industry to lock that down. I would just add Working with our interagency partners On all the different areas raising awareness of this. We have a new national cyber strategy There's been other executive orders and so forth working with you all here in congress to raise awareness about this And we've had some notable incidents I think that have been in the news that are raising companies awareness So we have to keep up the press and not stop on that And I'll ask maybe just one more follow-up is pieces of the way that we ensure cyber security and the defense industrial base Do you think have application to other components of our critical infrastructure in other sectors? I think it absolutely does as we Have standards that I know some may see in as onerous and we're working with industry to not make it onerous But to make sure there's there's something we can all hold ourselves to account and implementing basic cyber security The national institutes of standards and technology, which I know sounds bureaucratic has standards to be able to apply on basic things on principles like Two-factor authentication end-to-end Encryption and things that all companies ought to be able to looking at to do and I grew up in south texas and an area where we had a very small family company I know how it is to have federal regulations land on somebody in victoria texas or elsewhere But we've got to be thoughtful about whether it's a small company or a big one that everybody should take responsibility on this All right. Mr. Chairman. Thank you Mr. Chairman I yield back and I think I did use two acronyms north common south I apologize going into your social credit score fair enough. Um Mr. Villalota Thank you, mr. Chairman gentlemen appreciate you being here your leadership your dedication sharing your experiences with us I represent a suburban district east of New York City 750,000 people in suffolk county we mr. Chairman our america's district and Appreciate the dialogue we have here today Last september the government of suffolk county suffered a cyber attack That shut down many of the government services that my constituents rely upon Emergency dispatchers had to take down 911 calls by hand We had no access to the geo locating function. That's typically Normal there police were forced to use finicky radio transmissions and call instances And that uh, no access to email reporting from the field contractors were paid in paper checks That created a huge backlog of services In the county at the county's traffic agency people were unable to pay Pending tickets which created extra fees and became a huge hassle in suffolk county In addition to the major shutdown of Of government services the hackers who claimed responsibility for the attack threatened to slowly leak sensitive information That the government had at hand And unfortunately the situations like this aren't unique to suffolk county We are constantly hearing about cyber attacks data spillage and ransomware and phishing throughout the country Almost on a daily basis and if hackers can have such an effect on my county Um, I fear that there can be a larger government entity State or god forbid our federal government be subject to a similar attack The office of the cio as I understand it was responsible for the do d it enterprise Cyber security i2m a liberal arts major, so i'm leaning a little bit into this as well And I do understand that you have protection over our unclassified and classified networks So my question is this To both of you, please gentlemen What is your office doing to gather lessons learned from these state and local attacks? To ensure that their prevalence their impact is reduced prospectively, sir We work closely across the interagency. I mentioned dhs and scissor for example In department of homeland security to learn about and the very unfortunate attack against your district there, sir And elsewhere where we hear about attacks against schools industries and elsewhere And what we call the targets or excuse me tactics techniques and procedures ttps is the government acronym on that On how the adversary is is using these these mechanisms to Employ ransomware or to hack into systems I work very closely with the us cyber command and the national security agency Which is both under general paul maca sony and from them. I not only get the the cyber Aspects but also the threat based intelligence of what state and non-state actors are doing and how they're operating and evolving This is something I do every week and multiple days a week working with them to understand how we ought to be Defending differently. I mentioned earlier about a concept called zero trust where we assume an enemy is already on our network This is the state of the art on we've talked about it for a while But we're getting after it at the department defense On not just the old perimeter defend at the castle and moat and not even what we call defense in depth But really Preventing an adversary's ability to move across a network and hold data at risk as what happened in the attack you describe Sir, so we must be a learning organization and stay very up with the threat based intelligence on how an adversary is going to operate Can you describe what your interactions are or will be with state and local governments to that end? I understand that you've properly explained the big picture on what the issue is and how it should be attacked But I fear that that information that guidance Isn't getting to the local officials where the rubber meets the road sir My interaction would not be directed be through the department of homeland security who would interact with the state and locals there And also maybe obliquely where we have of course us military installations and garrisons That are relying on defense critical infrastructure power and so on coming on to those garrisons and bases and so on But primarily through dhs is where that interaction And where i'm going to be hearing about what's happening in your district and also where if we're seeing something from a national security perspective Us cyber command working with them could share that from a national security perspective. Thank you Switching gears for a moment Congress required the department of defense to establish a comprehensive framework for the cyber security of the defense industrial base in section 1648 of the 2020 ndaa Their support was a full two years late And yet didn't seem to address a host of problems that still seem apparent about how the do d Manages the defense industrial base cyber security Did section 1648 Forced any lasting change to how the department manages its support to the defense industrial base It absolutely motivated it and we've got to keep doing better on this front as we conduct outreach to the defense industrial base As we organize ourselves internally There's over a dozen do d entities large offices that are touching this sector here to make sure we're organizing properly and not double Double communicating or sending conflicting messages and also offering services as to the defense industrial base For example, the national security agency's cyber security collaboration center works has Your time has expired. However, I was going to ask that question in the second round So why don't we plant a flag there and we'll come back to it. Sorry. I'll be ready to audible. I'm a rule follower A catholic marine. So I'm sorry Mr. Keating is recognized for five minutes. Thank you, mr. Chairman. I just had one strain of questioning. Thank you both for being here I noticed dr. Martel your background on the private side. I noticed The experience, you know, as head of machine learning for lift and Head of machine intelligence for Dropbox as well as leading several i.e. teams initiatives at linkedin And also know the challenges we have with workforce and getting Trained educated people throughout our workforce. So I wasn't wondering given that background that you had What plans you might have to leverage From those experience and to expand knowledge and skill sets And in ai across the department of defense as a whole Can we do those kind of things internally as well? And can we expand what we have? Thank you for that question congressman keating. I was born in messachusetts, by the way Well, we won't hold that against you. Thank you Tough for you for the red socks this year. So I think perhaps but go bow socks So I think I think we have to get at two things here If you look at what a what talent used to be needed for ai it was phd level expertise As the tools become commoditized and as just education even even jpm e for example professional military education sorry sir professional military education Is starting to add more data more ai more more It literacy that the need for that expertise is going down. So I think there's two ways we can tackle this One is we need to upskill folks. We already have We've already built out 10 new work roles that are specific to ai with honorable Sherman's org That are specific to ai and data and my team has Is beginning to do analyses across the department about which components need which work roles Secondarily, I think we can we need to work with the services and the civilian orgs To be able to give actual careers to folks who want to do those sorts of work roles Currently, it's the case that you you if you're in the service, you might do a data Work role for for one tour and then you move on to something else. You're doing something completely different And in addition your promotion does not based upon being successful in the data aspects Your promotion is based upon for example, if you're an unrestricted line officer On on your leadership So we need to actually think hard about how we can have the careers and the motivations in those careers drive expertise in Data ai etc Simultaneously, I think we really need to tackle some untapped aspects of our workforce In the u.s. If you went to a select school You're going to have people pounding down your door to give you a very expensive job offer. I think that's great. And if we can Um motivate those folks to come into the service to come into government. That's wonderful But there's a number of folks who might be just below that level or just a little bit below that Where we can serve as an apprenticeship that transforms their capabilities And so we might take a hit on the on the front side where we're having to do extra work to bring them up to speed But at the end we have folks who are highly capable And my view is we actually want to encourage those highly capable folks to go out to industry Because that motivate motivates people to come in the other side of the pipeline now They might stay forever that would be awesome But if if we're seen as the one that ones that take you from not being able to get that amazing job Come work with us and then you get that amazing job. I'm very happy with that I'm really glad to hear that it really echoes what I learned Way back in my mba days in in massachusetts college bc So I really am pleased that you're going in that direction. Thank you so much and I yield back On to the second round. I want to pick up what we left off with mr. Lulotis question He mentioned that the section 1648 report was two years late. Additionally Dib cyber security is your responsibility, correct? I'm tracking however at least six separate offices within osd who have asserted leadership Some sort of leadership role in protecting the defense. I I did an acronym defense industrial base not dib defense industrial base To outside organizations and entities So two questions one is mr. Lulotis question What did the report force change and then two? What are you doing in your role to bring coherence to an effort that from my vantage point looks somewhat scattershot at present So to Riff off that earlier question. Yes, it has driven change congressman. Absolutely. It has On to the how are we organizing our self or victory here? So when I Got this last year looking Polling around dod. How many organizations are touching a defense industrial base company? Whether it's a smaller medium or one of the big primes And it's more it's 12 to 13 depending upon how we count it and I first held a meeting and brought all them in a room Defense contract management agency defense counterintelligence and security agency dod policy I go down a list But putting myself in the shoes and talking to a lot of companies How does this feel when you've got different entities either providing? Helpfully you're trying to be helpful providing information or coming to you with the requirement So what we've done my acting deputy who's also the chief information security officer has stood up a monthly cadence with these organizations to get ourselves aligned On the deb management council here. I think we call it something a little bit different But bringing these organizations who's sharing what who's talking to whom let's get aligned here and again Put ourselves in the shoes of the affected companies So maybe it could be helpful it could be threat based intelligence that maybe national security agencies providing through that collaboration center I mentioned or another entity And they need to be cross talking so if they hand something to one company They say also we've got this from another dod organization So that's what we're doing sir trying to align this and make it a little more sensible and less bureaucratic But you consider yourself the leader of that council Yes, sir of the six different offices that actually 12. Yes 12. Okay. Yes, sir 12 different offices Okay, mr. Dr. Martel, excuse me before jad c2. We had the joint information environment before the joint information environment. We had the Global information grid Have you reviewed those past efforts to understand Why they failed and what you might do differently so that jad c2 does not suffer the same fate Thank you that question chairman gallagher when I I've been in the office now eight months and I I've tried very hard to ignore history and the reason I have is As I started going down that rabbit hole. I felt myself being inculcated with the old ways of doing things So I've asked myself. What's the right solution? And and we're now just turning to making sure that this right solution maps correctly to our goal. So Look, I think the right solution is building out a marketplace that allows multiple vendors to bring apps to bear where these older solutions were And I'm going to for a lot to honorable Sherman because I believe these wonder his purview, but They were older. These older solutions had rigid requirements that were established Long time before delivery and by the time of delivery came the world has changed We need to create a marketplace and infrastructure that allows for that that dynamic change And that's how we're tackling jad c2 um Mr. Sherman In what little time I have left I'm I'm I'm pleased to hear that we're moving out on a multi-cloud Expeditiously, however, it seems we just lost the last two and a half years. Um, What lessons should we derive from that? Sir, do you mean in terms of the acquisition or what did we learn in the two years? Well both what so This is one area here that uh, that yes as a u.s. Government It shouldn't take us this many years to get enterprise cloud for the department of defense and we mention about the the ccp and if G on that side says something I he needs something that quickly he'll have it very quickly We have to do better as a whole of government here and being able to procure and acquire services for the department of Defense, this is an area. We did get through there's no protests It's ready to go But this is something that frankly sir, we should have been able to do more quickly and without all the bureaucratic and other issues It came up now on the the functional piece the upshot here We have what we've learned on the intelligent side with their multi cloud multi vendor approach And then also within the military services Their own cloud efforts you hear terms like cloud one and others That's the air force effort. We have a lot of lessons learned. We're integrating into this enterprise cloud efforts So we we're we're not at a standstill. We have a running start from what we did there, sir um, my time is about to expire Mr. Kana mr. Keating Mr. Luttrell any more questions You guys got off easy today Well with that, uh, I I just would emphasize A couple points as we close one. I think you saw a lot of interest in uh, in sort of general talent management and whether we are adequately using the authorities that congress Has given you particularly cyber accepted service authorities. I know we talked about that earlier this week mr. Sherman So I'd like to develop some sort of routine process whereby you can come and tell us Here's how these authorities are being used. Here's what we're learning and here's you know where we may need We could expand it or maybe we can't expand it. So I just would hope you would commit to that Going forward. Um, and then dr. Martell we had a little bit of a discussion about metrics I just would encourage you to think Through and and would welcome a follow-up discussion on what is achievable. I recognize that You know the pentagon's a massive aircraft carrier doesn't turn on a dime But what is achievable in the next two years? What can we really deliver to our war fighters within the next two years? And so I'd be eager to work with you on what are fair metrics in both of those areas going forward And with that the hearing is adjourned Oh, we're going to move into a closed section Closed briefing and now the hearing is adjourned There we go. Good thing I didn't hit the gavel