 With mine sitting down and we can, we can get started in the interest of time. The subcommittee will come to order. This will likely be my final hearing as chairman of the subcommittee. And before we get underway, I want to thank, well, he's not here. I was going to add this whole nice thing prepared to thank Rokana for his partnership. We'll have to save all this happy stuff for when he actually gets here. But he's amazing and we've had a great partnership and being on this committee for eight years has been a highlight of my time in office. And I want to thank all the members and Matt and I have sat next to each other for eight years now and had a lot of late night debates during NDA markup. And I've, and often collaborations when it comes to AUMF issues. And I've sincerely enjoyed that. So today we're going to, we're going to hear from the department on its budget request and plan for cyberspace operations for the coming fiscal year. From 2013 to 2023, Congress tried to address force design and readiness through 24 different pieces of legislation. Civilian and military workforce issues via 45 separate provisions of law and cybersecurity of the defense industrial base and 42 provisions of law. That's a lot of activity through this latest NDA, we incorporated new requirements, reports and mandates into each of those same categories. And yet here we are. There are still significant issues with our force design. Our civilian and military workforce issues remain as challenging as they have been in the past 10 years. And several cyber incidents targeting the defense industrial base have demonstrated that we're as vulnerable now as we were a decade ago. And just as I said, when we were here a year ago for this same cyber posture hearing, insanity is doing the same thing over and over again and expecting different outcomes. I believe that almost everyone here today is familiar with a report published just two weeks ago by the foundation for the defense of democracies on the issue of a cyber force, a proposed new branch of the armed forces dedicated to the cyber domain. This new force would be responsible for organizing, training and equipping for the cyber domain, no different from the Navy for combat at sea or the air force as a service responsible for air warfare. The report is very compelling. And as I said in a event we did a couple of weeks ago, I came in as a skeptic, but I think they've raised some very important issues that need to be addressed. And it's a debate that's worth having because I think the status quo right now is unacceptable. But the arguments were not, the cogent arguments in the report are not the only thing that stood out, included in the report were personal accounts provided anonymously by more than 75 active and recently separated service members representing every military branch and ranked from E7 to 07 as well as senior civilians, not a single individual that was approached declined to respond, nor did any one of them argue in favor of the current approach in which the operational force is sourced from four separate military services. I therefore ask unanimous general consent to enter this report into the record. So ordered. I will admit, again, I had concerns at the start of this debate, but over the last 18 months, I've been presented with an astounding array of data and arguments in favor of a cyber force, as well as a number of convincing arguments opposing such a force. In my mind, the most logical way to address this question is a fully independent evaluation of the notional cyber force to be led by an entity other than the Department of Defense, other than the Department of Defense is critical. If anyone is opposed to a study of this question, I believe there's only one way to interpret that opposition, which is that if you're unwilling to ask the question, what you're really saying is that you're scared of the answer you might receive and the actions we will have to take to address the problem. When it comes to national security, that way of thinking, acceptance of risk because of fear, I think is unacceptable. And while I may not be chair of the subcommittee during this year's NDA markup, I hope my colleagues will make the right decision and work collectively to ensure the Department of Defense is directed to conduct such a study when the time comes. With that as context, I'm very eager to hear from both of our witnesses. Thank you for being here, each appearing for their inaugural cyber posture hearing. There's a whole set of elaborate initiation events that we have to do afterwards. It's highly top secret, but we're joined by Ms. Ashley Manning, a career senior executive performing the duties of Assistant Secretary of Defense for Cyber Policy and General Tim Hawk, the commander of the United States Cyber Command. Thank you both for appearing today. At this point, I would turn it over to the ranking member. He is not yet here. He is on his way from an oversight hearing, but I ask that his opening remarks be entered into the record. I ask unanimous consent for that to happen. And then something magically happens and it goes into the record. And with that, we go to Ms. Manning first, correct, for five minutes. Chairman Gallagher, ranking member Kana and distinguished members of the committee. Thank you for inviting me to testify on the Department of Defense's cyber posture and the advancements we continue to make operationalizing the department's priorities in cyberspace. It's an honor to appear alongside General Hawk. In my role performing the duties of the Assistant Secretary of Defense for Cyber Policy, I am committed to providing overall supervision of the department's policy for cyber, advancing the department's strategic approach to cyberspace and ensuring our readiness to counter emerging cyber threats. Mr. Chairman, I look forward to working with this committee through my newly established office to further these objectives. I come to this role as a career civilian with almost 20 years of service in the Department of Defense. I've had the privilege of working across a wide range of regional and functional issues, serving most recently as the acting Deputy Assistant Secretary of Defense for the Middle East and the principal director for plans and for posture. And in my previous positions, I have witnessed the cross cutting role cyber plays in the defense of our nation and our allies and partners. The president has nominated Dr. Michael Solmeier as the ASD for cyber policy. Should he be confirmed, I look forward to serving as the principal Deputy Assistant Secretary of Defense for cyber policy. Our national defense strategy makes clear that the People's Republic of China remains an enduring cyber threat and the department's pacing challenge in cyberspace, as the PRC continues to target US networks in prolonged campaigns of espionage and to pre-position its cyber forces for future operations. Russia remains a persistent threat to the United States and our allies and partners as it continues to leverage cyberspace to target critical infrastructure networks and enable its malign influence operations. The ongoing unprovoked further invasion of Ukraine serves as a stark reminder of Russia's willingness to employ cyber capabilities to disrupt defensive military operations and so discord. Following Hamas' attack against Israel on October 7th of last year, Iran has exploited cyberspace to create additional disruptions and challenges in Israel. While many of these malicious cyberspace activities have been relatively limited in their impact, the ability of both state and non-state actors to act against Israel in the immediate aftermath of the attack by Hamas is a reminder of what to expect in future conflicts. Additionally, the United States continues to face the still growing threat posed by for-profit cyber criminals that target a wide array of vulnerable sectors, conducting ransomware attacks that impact the daily lives of Americans across the country. In response to these evolving challenges, the department issued its fourth DOD cyber strategy last May. Looking ahead, we are committed to implementing our strategy and monitoring progress through the forthcoming cyber posture review in FY26. We understand the department cannot advance its defense priorities without a ready, capable and informed joint force. To achieve this end, we will invest in our people, in our capabilities and in our information needs to support and enable the full range of cyber activities. In partnership with US Cybercom, we are refining options for the Secretary on how to improve the way in which forces are presented to the command, to raise the readiness level of these forces, and to streamline support mechanisms to other combatant commands. These options will enable US Cybercom to fully exercise authorities in partnership with my office, including through enhanced budget control. As part of the FY26 budget cycle, DOD released its first ever department-wide cyber operations programming guidance. This guidance will shape future cyberspace operations investments, and will serve as a rubric for my office's certification of the budget's adequacy for FY26. With the authorities granted to us by Congress, the department will continue to build on the pathway laid out in the FY, or I'm sorry, in the 2023 DOD cyber strategy to provide a stronger cyber posture and protect the shared digital environment for those who intend to subvert our values and our interests. By pursuing integrated deterrence, which includes our cyber capabilities, the department will be ready to fight and win the nation's wars, with an ability to rapidly respond across the spectrum of conflict. Thank you for your continued support in this fight, and I look forward to answering your questions. Thank you. General, you recognized five minutes. Chairman Gallagher, ranking member Kana, and distinguished members of the committee, thank you for the opportunity to testify before you today. I am honored to testify beside Ms. Manning. Joining me today is Chief Master Sergeant Kenneth Bruce, the US Cyber Command and National Security Agency's senior enlisted leader. We are honored to represent the men and women of US Cyber Command. In an era defined by rapid technological advancement and increasing interconnectedness, cyberspace has emerged as a vital domain for protecting our national security. The People's Republic of China is our greatest strategic competitor and poses unique challenges due to its advanced cyber capabilities, state sponsored cyber operations around the globe, and a strategic focus on leveraging cyberspace for military, economic and political purposes. Russia's cyber espionage campaigns prioritize sensitive US government and military infrastructure and information and spread disinformation campaigns to influence public opinion and undermine our democratic processes. Iran, North Korea, terrorist organizations and transnational criminal groups also challenge US interests in cyberspace. And we are engaged in ongoing efforts to exploit vulnerabilities and are engaged in ongoing efforts to exploit vulnerabilities in US networks, conduct influence operations and erode our national security interests. With cyber operations becoming more sophisticated and frequent, it is vital to evolve our capabilities against new and novel threats. I am confident Cyber Command is well postured to meet the ever-evolving challenges we face today, creating advantage for the department and the nation. Our mission is to direct synchronizing coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners. We defend forward by countering cyber threats before they can reach US networks in critical infrastructure. These proactive defensive measures ranging from network hardening and threat hunting to information sharing bolster the resilience of our systems and foil potential cyber attacks before they can materialize. We are aligned with the national defense strategy and the DOD cyber strategy to protect Department of Defense information systems, support joint force commanders with cyberspace operations and defend the nation from significant cyber attacks. I am excited with what 2024 means for the maturation of US Cyber Command. This is a year of opportunity for us and I'd like to thank Congress for the service like enhanced budget control authorities granted by the 2022 NDAA and enacted with the FY24 appropriation. This authority creates tighter alignment between requirements and acquisition which will result in faster capability and fielding for our cyber mission force. Additionally, this committee has been instrumental in focusing attention on readiness across the cyber mission force. The studies you have authorized are driving us to do work needed to ensure we have the force structure and force generation strategy necessary to field a force of the highest quality today. I hope we have an opportunity to unpack several of these initiatives today. Since Cyber Command's elevation in 2018 to a unified combatant command, Cyber Command has worked to make most of its authorities, resources and support of these authorities. None is as vital to national security and the command as section 702 of the Foreign Intelligence Surveillance Act which is essential for identifying malicious cyber actors in protection of the nation and the Department of Defense. I am confident we are successful in our mission each and every day thanks to our people, our innovation and our partnerships, my top three priorities that ensure we deliver outcomes against national priorities in foreign intelligence and cybersecurity. First, our strength lies in our people, skilled cyber warriors who are dedicated to protecting the nation from threats posed by our rivals and adversaries in cyberspace. We win because of our people. Second, Cyber Command remains committed to a relentless approach and innovation to strengthen our military now and into the future. Our investment in technological innovation is key to maintaining our overmatch against our adversaries. Lastly, Cyber Command maintains our competitive advantage through sustained and deliberate partnerships. In addition to the unique partnership with the National Security Agency, Cyber Command further embraces a team approach working with my fellow combatant commanders and interagency partners while also collaborating with academic and industry experts and cooperating with our allies and partners by establishing collective security. I am extremely proud of the effort Cyber Command has achieved and the direction we are headed. I look forward to your questions. Thank you, General. You expressed, I believe, that the section 15, I'm recognizing myself for questions in case that was not apparent. The section 1533 study was looking at all options to include the establishment of a separate service and hence a separate analysis. What isn't necessary, but we required the department to do the study in the 2020 NDA, specifically to study the independent service idea as part of the cyber posture review. It seems to me that DOD ignored that requirement and then pointed us to a section in the posture review that included an assessment. But if you look at that section, no such assessment existed. With this context, I guess we'll want to address that. But why should we believe that the department will follow on with an objective analysis as part of the 1533 study given that it was ignored previous to this? Chairman Gallagher, I have no experience with the 2020 study. I can tell you what we're doing today. So we have taken that direction and we've really that's an area for us. It's really about the readiness of our force and how do we generate our force? So we have looked at that in combination with other studies that you have asked us to do this year. So there are other studies to look at our headquarters to look at our acquisition force to look at how we examine our architecture. And each of those we think make up a really good opportunity for us to evaluate what's the future of this force. So specific to your question on 1533 and the study that is underway. The bookends that are required by the law are the way it was done last year and a evaluation of a cyber service. We are going to look at both of those bookends and then look at options in between that would allow us to generate the force that we need. The other things that I think are that that I know we are doing today is the partnership we have with ASD cyber who is the other portion of the study. So being done with ASD cyber in OSD and cyber command, we owe that to the secretary in June and we are required to brief him in June the results of that study and we're moving at pace to ensure that we look at all the options that you directed. Now I'm on record as favoring something like a zero based budgeting for congressional studies because they accumulate over time and periodically we need to sort of clear them out. But when they are a matter of US law, they should be complied with. Ms. Manning, do you know how many congressional requirements the DOD is currently delinquent on? Thank you for your question, Mr. Chairman. This was actually one of the first questions I asked when I got into the seat and we are tracking 12 reports where our office is the Office of Primary Responsibility to be able to conduct and conclude these reports. I received a status update on all of these reports. There are a couple that have been delayed because they were independent studies that were dependent on getting funding and because of the continuing resolutions, it's gotten delayed a little bit. But my commitment is to you is to make progress on all of these reports and ensure that we are delivering them as quickly as possible. I would note that there are a myriad of other reports related to cyber that have been directed across the department and we are providing support as a coordinating entity on many of those those reports. And in the interim, if there are specific issues where you want to understand a bit more about what the department is doing and how we're addressing issues, myself and my team are always willing to come up and brief you on those. I appreciate that. We're tracking 40, but that may be a broader aperture than just your office. But we very much would like to clear the backlog and work with both of you on clearing the backlog because again, wherever those reports appear, it means that we we voted on it. We had a debate on it and it means there's questions we just need answers to. And so I just would welcome your commitment to clearing that backlog. Ms. Bannon, your office will also be assuming the responsibility for certifying the cyberspace operation budget within DoD. Last year, we were informed that the FY24 cyber ops budget was 7.4 billion. But then this year, the FY25 ops budget, if I'm correct, is 6.4 billion. What we're trying to understand is does this represent a net decrease or a confusion about categorizing investments? Can you share your view of what appears to be a net reduction of nearly one billion or more than 15 percent of the overall budget? Thank you for your question on on our budget, because it's really important that we get this right. So my understanding is that overall our cyber activities budget has increased by almost a billion dollars due to added investment in cybersecurity. The teams in both policy and in the office of the chief information officer reviewed the various efforts that are included in the in the different budgets and decided that certain portions of the cyber ops budget are actually better categorized as part of the cybersecurity budget. So there is no reduction. It's more of a recategorization of some of the activities that we are funding between the different budget categories. Thank you. My time has expired. Mr. Count has recognized for five minutes. Thank you, Mr. Chair. Apologies for being a few minutes late. We had a oversight hearing where I had to vote. General Hawk, great to see you again. I appreciated our conversation the other day. And Ms. Manning, thank you for your testimony. General Hawk, one of the things that we had discussed is the importance of getting young talent into our military service, particularly young talent and technology. And the military can also be a place where they develop initial skills and training, something that may be more accessible, frankly, for people than just starting in Silicon Valley, which often does not have as unfortunately broad-based hiring. Can you talk about efforts at creating recruiting programs at community colleges or historically black colleges, Hispanic serving institutes and other public universities across the country that would allow us to recruit folks and perhaps even recruit folks who may not have a four-year degree? I certainly rank a member. This is our important issue, is how do we grow talent and for U.S. Cyber Command for the Department, for the nation. And so when we look across what Cyber Command and NSA are responsible for, in Cyber Command we've now grown an academic network to allow us to partner with universities across the country. So we have right now around 120 universities in the National Security Agency around 430. Both those provide a really foundational opportunity for us to participate with our academic institutions on growing cyber curriculum and also working with a number of research institutions to be able to allow us to recruit that talent. So when we think about it internally to our organizations that's how we maintain our partnership, growing relationships with historically black colleges and universities and also looking at universities like University of Texas San Antonio that has a large number of first generation Americans and Hispanic Latino population drawing talent from across the country to be able to ensure that we have the highest qualified workforce. And do you need more flexibility from Congress and because I've heard mixed things in terms of you want someone to come for three years, four years and then they want to go on to the private sector. Are you able to do that? Are you able to have flexibility if you want to recruit someone who doesn't have a college degree and is talented or wants to do a few years or do you need more flexibility in the hiring? So last year, one of the studies that we executed was under section 1502 and it was about readiness and I'm required each year to provide a report on service readiness. In that report we identified five provisions that were all around personnel and administrative policies. So what we're really looking for is we're seeing good things happening in each of the services. We'd like them all to adapt each other's best practice. So as you identified in this NDAA section 1535 was to begin to drive those authorities across the department. And I think that would be an example of a step where we want to continue to provide updates on which types of provisions would help. And then we work together with the services to be able to enact those provisions. Ms. Manning, I don't know if you have any comments or thoughts on how we recruit more talent into our military. No, I would say first of all, I really applaud the efforts that are underway to tackle this issue. It's a real challenge across government in terms of how you recruit and retain top talent to support our ongoing efforts and really building out the workforce that's necessary for us to be able to accomplish our operational missions. So I think in addition to what we're doing within the department, I think looking at sharing best practices across other departments and agencies will help generate new ideas in terms of what more we can do as a government to ensure that we are bringing people in to be able to serve our missions. Well, thanks, and you don't have to answer it now. But I've just been told that there's some restrictions on people being able to be hired only for a few years that that's hard to do because of civil service protections. I don't know if that's the case or not. But I just I didn't know if Congress needs to act in any way to simplify that. What I would expect that you're referring to is our ability to have people leave and come back. And those are areas that I think we've got to work internally within the department in terms of of how we leverage the policies that we already have. But I think that's an area that we should be continue to explore that if somebody leaves and goes to industry, how do we bring that expertise back into our force? Not as if they're a new hire, but they're a returning expert back into the department. Thank you. Miss Manning, I think you're totally right when you say that China is prepositioning capabilities in advance of some deployment of them is one way China does that by having U.S.-based technology platforms that they own or control in order to preposition for their cyber capability. Thank you for your question. You know, as I said, PRC is really our pacing challenge. And as you note, they're using malicious cyber activity to counter U.S. conventional military power and to degrade the combat capability of the joint force. And we need to ensure that we are employing both defensive and offensive capabilities to strengthen our deterrence and gain our advantage. I defer to General Hock for more of the details when it comes to how we are operating. I'm really interested in the defensive part vis-a-vis like what China might be doing with technology platforms in the United States. Do you have anything to add on that, General? So I think the area where we've seen specific action that has concerned us is hacking activity at our critical infrastructure and at Guam. I think those are specific examples. In use of technology within the United States, having Huawei presence and things like that is risk. Right, so that's what I want to get into because I agree. The hacking is sort of like if they're breaking into your house. But the Huawei example you give is more like inviting them in the front door. Have either of you heard of this company called Tudor.com? So this is a technology platform that is owned by Chinese nationals through the Primavera Holding Limited Company. And it is principally used by Dadoa, by the Department of Defense's education system for military connected families. If you had a technology platform that was being used specifically by military families owned by Chinese nationals, would that raise any red flags based on what you're talking about regarding the need to be well resilient to that pre-positioning that Miss Manning discussed? I think we want to dive deeper and ensure that we're not bringing risk and by whomever we partner with in whatever company. Yeah, no, I would just encourage you because this one sort of I mean, I know how much you care about resilience, particularly with our service members and their families. We all know that their targets oftentimes. And so if we're inviting the Chinese in the front door here, I just would advise you to look at that. And I would draw your attention to the fact that Manny Diaz, the Commissioner of Education in the state of Florida, has advised superintendents of schools and charter schools to discontinue the use of this technology. And even after the state of Florida's Secretary of Education made that pronouncement based on these ties, the Department of Defense education system continued to offer that platform to students of military connected families in Florida and elsewhere. Shifting gears just briefly to this concept of the cyber force. I want to draw a finer point on what Mr. Connor was saying about recruitment. I've noticed anecdotally at our academy nights that we have in our district that we get a lot of students that are real interested in going to the academies and they're fired up about space force. And I never really understood how a focused mission set like that could really ignite a great deal of interest. And do you think that we could get the same type of positive effect with the cyber force to recruit specific people for a specific domain? General. So I think from our standpoint, what we have done is we've really focused on what are the services doing? How are they doing in terms of recruiting? One of the first. They're not doing great. So where they have done, Congressman, is in specific areas, particularly as I look, the area we focused on has been the Navy. And as we've looked at where the Navy's readiness has been. This past year, the Navy got 100% of their cyber warfare technicians in terms of their recruiting numbers. That shows me the services can do it and that a focused effort and continuing sustain that they'll be able to meet some of those. I'm open minded. I think Chairman Gallagher made some good points. And Mr. Chairman, before my time concludes, I wanted to thank you for your outstanding service as chairman of our subcommittee. Your great work on the House Armed Services Committee and in the House more broadly. It has certainly been to the country's benefit. And it's been to my personal benefit to sit next to you for seven years, eight years and to learn a great deal from you along the way. And I know many of our community members feel the same that the thoughtfulness you've brought to the position has certainly been a great, been a great benefit to all of us. So greatly appreciate it and yield back. Mr. Chairman, if I could speak out of order because I didn't know this was your last meeting and I don't know if there's an objection. But I just want to say from the democratic side that it's really been a pleasure working with you and you have displayed a patriotism and bipartisanship on this committee that I think has been a model for what leadership looks like even when we've disagreed. I have never questioned that you put the country's interests first and I know that this isn't going to be the last of your public service and you certainly have someone who's an admirer on this side. And I think very many of my colleagues feel the same. That's very nice. Okay, no one's left. Appreciate it. Mr. Riot. I guess I'm not allowed to say nice thing. So thank you, Mr. Chair. I'll leave it at that on many levels. And thank you both for being here. I want to build on some of the different directions some of my colleagues were taking, particularly honing in on as we continue to everyone's credit across the board develop more mature and robust and sort of broader cyber capability. I want to push and get your thoughts general on kind of that what is that right intersection point between cybercom services, co-coms. I know that's a very broad question. So maybe to hone it a little bit, can you let's talk about let's look actually at the UCOM AOR for example, just as in theory, how is that playing out right now? Where do you see the future going in terms of as we build more capability? How, what's the right handoff point to co-coms and services? So does that make sense? It does. And what I would first start with is, where are we today? In terms of now the authorities that you've given us in the department is given to U.S. Cyber Command. For the original standup of U.S. Cyber Command, our goal has been to become so com-like, to have service-like authorities. Two weeks ago when the appropriation passed, that is the first time that we've now had service-like authorities to do budget, to do acquisition, to set the training standards for the department. So now what we really want to be graded on is what is our ability to generate new capability? So as things emerge, so today our partnership with U.Com is really strong. And I was the component to U.Com as the Air Force Cyber Commander and the 16th Air Force Commander at the outset of Russia-Ukraine. And so that partnership is really about them driving priorities in that theater. And then how we leverage each of our components to be able to respond to that, to be able to do defensive activities at their priority, but also to be able to generate options that give a number of things to the Secretary and to the U.Com Commander that allow us to consider how we would impose costs based off of their guidance and direction. I think it has worked well. I think the area that we need to be able to accelerate is capability development. And how we use our budget control and our authorities to generate an acquisition, we should be able to develop things faster than anybody else in the department. The only thing we're developing is code. How do we do that faster? How do we get it in the hands of our cyber mission force faster? And you see that primarily happening or the large preponderance of it happening at me essentially rather than out there, where do you see that? We see increasingly that that would be a balance. We'll drive the requirement, we'll drive the overall acquisition oversight and the dollars, but we will also partner with the services. It'll just look different. Whereas before the services would be able to do that, we're doing that in support of their own forces, they presented, which was very disconnected from operations. We're now gonna be able to drive that. And we've got good service partnerships with their program offices and with their acquisition force. So we need to be able to move faster and we'd be able to recast those relationships that are more responsive. And last follow up on this thread. So am I hearing you right that the general direction though is more capability at the cybercom command level to push more technical capabilities out there. Do you have enough sort of people and capability at your level to do that? Like do you see the direction? Do we have the pace that we need? Do you have the resources you need to speed that up? So from our perspective, the department has asked us to be the integrator of the joint cyber war fighting architecture. That's the, those are the platforms and capabilities that cyber command fights from. So for that now, we've gotta be able to drive that with our authorities. Our team that we have from an acquisition perspective, I'm very confident in, they're small. We've now been given more resources. We have to hire quickly and we have to use the authorities that Congress has given us to be able to hire data scientists under what we previously knew as a section 1708 authority. We've now started to hire, we've got the policy in place. So we've gotta use all those tools to really accelerate our acquisition team to be able to meet those objectives. I only have 40 seconds, but as you look 10 years ahead or 20 even, in terms of the quality of the American, essentially you're getting to show up, what more do we need to do at the sort of community college level, high school level? I know that's a big question with 30 seconds, but. So I think we have an opportunity. We have expertise and we've got partnerships across the really the cadre of higher institutions that are really focused on cyber. We can help influence that curriculum. How do we accelerate the curriculum in a way that allows them to be able to adopt and then to be able to make it more available, particularly as technology changes. Because I think what we find when we receive somebody today, they have a good foundation, but they're not necessarily current. Not a date. Thank you and yield back, Mr. Chair. Dr. McCormack, sorry. Thank you, Mr. Chair. And at the risk of being gabbled out for being out of order in this, in this era of politics where people are vilified for agreeing and vilified for dissenting, Mr. Chair, you've been an honor to serve with you. My fellow Marine, let me just summarize by saying you could be my wingman anytime. This time I'm the top gun class, so I can say that. Considering we're at war, basically cyber war right now and our adversaries are attacking us regularly, almost momentarily. Around the clock, 24 hours a day, and how AI will affect that into the future and accelerate that process. A lot of times the perception at least is that we're always on the defense. I was hoping, generally, you could actually address that over the last two years, the new concepts such as persistent engagement. Hunt ford and defend ford have started to dominate the conversation, and I was hoping you could elaborate on how the wider concepts are distinct from each other as we go forward. Congressman, thank you for the question. So first, as we think about campaigning against any one of those adversaries that are targeting either our nation or the department, we really think of it through three lens. First, how do we generate insights? How do we understand what's underway? How do we communicate that to the broadest audience possible? How do we enable defense? That's enabling industry. It's enabling the department. It's enabling our foreign partners. And then what are our options to impose costs? Some of those are how we use our defensive force, and then others are how we partner across the interagency, and then how we generate options that allow us to contest in cyberspace. So I think from our perspective, we want to be able to bring a full menu of not only defensive activities, but those things that we can do from both the interagency and from the department to impose costs. Is there anything that we can do to keep you from being inhibited from doing what you need to do to be optimized to going forward using AI and other weapons that we have to be not just posturing defensively, but also being proactive? So I think what you've done is you have empowered us in a number of different ways in terms of how we have brought together our acquisition force and how we brought together our authorities. We will identify areas throughout this year as we begin to use those authorities that I suspect you'll start to see in budget requests for FY26. We're going to learn a lot with the establishment of our AI task force. We completed an AI roadmap last year and that lays out for us the technologies that we want to begin to experiment with and pilot and introduce to our force. Those will be areas that I would expect you're going to see from us in the future. That's great. With that said, now that we looked at, this was about interesting enough by our chair, as far as the integrated cyber command versus the individual departments, I've had plenty of people here testify, saying, well, we like kind of keep this in columns because each service has its own specific requirements. But as AI continues to be a problem of integration, whether it be on weapon systems, information collecting, dissemination of information, the way it needs to be integrated throughout a purple force, if you will. My concern is that we'll have difficulties integrating even different weapon systems, let alone the comprehensive battlefield, like when you talk about purple assets, whether it be electronic jamming or information gathering. I'm just wondering, is there a compromise in there that we could come to in information sharing, which is already the biggest problem we have in the military anyway. Which is kind of our Achilles heel, whether it be through comms or just getting the right information to the right people in the right way. That's my biggest concern. If we don't have a cyber command, how do we do that in an efficient way? So what I would, the way that I think the department looks at it, the deputy secretary has really empowered the CDAO to set our data standards and to do that across the department. And so when I look at our teammates that we have in the DOD-CIO, in CDAO, how do we enable their ability to go faster in some of those data standards? And I think we have a role to play in that. And I think we can help and assist, not only in how we set some of those standards, but how we think about defense of each of these activities from a cyber perspective from the outset as we begin to introduce some of those new technologies. Okay, I just, for the record, you can see a lot of congressmen are concerned about this integration process. China has a huge advantage in this one area, that they have one command structure, one government, they all agree on each other because it's kind of a monopolistic government and it's gonna be a lot easier for them to integrate AI throughout their weapons systems. The way they do their technologies, it's a lot less distractions, they're a lot more forkality. And I think if we get outpaced in the AI arena, we're in big, big trouble. So I hope we do a good job on that. Thank you, with that I yield. Mr. Moulton. Thank you, Mr. Chairman. And thank you very much for being here. A couple of weeks ago, the Foundation for Defense and Democracies Think Tank issued a report calling for a separate cyber force. And I suspect you've read this, I know this is not a new topic, it's something that I've discussed myself over the years. And I was curious, I mean, basically the main argument of the report is that because the individual services each run their own recruitment training and promotion systems for their cyber operations, those who get sent to US Cyber Command have inconsistent knowledge and qualifying experience. So General, how have these inconsistencies across the services impacted the effectiveness of US Cyber Command in executing its mission? So Congressman, first, if I address the study, one of the areas that I do think that as we go through this year, the 1533 study, and we evaluate all of the options available for force generation, we certainly are gonna look really closely at what are the implications of a cyber service. We will evaluate that. One of the other responsibilities that is in both our unified command plan and in the law is that I am responsible to evaluate the overall health of the DUD cyber workforce. So I'm responsible to do that in plain English, both through the Secretary of Defense and back to Congress. So I think from our perspective, those reports have allowed us to identify where our areas that the services could improve. And in doing so, it has also allowed us to build the partnership with the services on how do we work together to improve the readiness? Because I think what areas we had seen in the past was not necessarily from the recruiting perspective, but more so from the assignment and retention. And Congress has given us a number of authorities to the department that allow for retention incentives. What we were seeing was the services implement those differently. And so what we are encouraging and what we did in our 1502 report last year was to ask for some specific authorities that encouraged our ability for assignment policies and personnel policies to ensure that those trained individuals stay in our force. And we have seen the services respond to those requests. So we wanna be able to lock those in and then continue to work on other areas that will improve readiness within the force. Do you feel that you're doing enough to use the authorities that the Congress has given you? So I think now that we have budget control authority that we received last month, that now gives us a new series of options that will allow us to drive our priorities in training, in readiness. We're responsible for the advanced training of the department cyber force. How we use those dollars in many ways will determine our readiness and our proficiency. I'd like to ask just a couple of questions about deterrence. Deterrence is obviously important writ large, but of course when we look at a China attack on Taiwan, we wanna deter that from happening in the first place. Deterrence is tough in the cyber world because we worry about giving up our capabilities when we use them. How is your thinking about this evolving? And how do you think, I'd love to hear a general, a couple of comments, and then Ms. Manning, how do you think about this in the integrated deterrence environment? General Press, we could start with you. Just how, with cyber force, how do you think about deterrence? So from a cyber command perspective, what we really think about an integrated deterrence are who can we bring that's a partner that will allow us to be able to have the outcome we're trying to achieve? And for us, those partnerships look different than in some of the other domains. When we think about how the role that industry plays in terms of both creating the domain and also being the ones with their own sensors that are global in nature, how do we partner with industry? How do we partner with our foreign allies and partners that either bring capability or have the same common threat? How do we partner with our fellow combatant commanders? As they think about cybersecurity and defense and how do we integrate capabilities together to be able to have options? So I think for us, we have a unique set of partners and we've gotta be able to use our authorities and how we defend forward and do it every single day. Ms. Manning, how are you thinking about working with your counterparts and other agencies to fulfill this goal of integrated deterrence? No, thank you for your question, Congressman. We really do see cyber deterrence, as you mentioned, as part of overall integrated deterrence and thinking about integrating across the department, across domains, across the interagency and also with allies and partners and those private public partnerships that General Hock mentioned. And it's important that we work together with our interagency partners, with our partners in industry, with our allies and partners to really look at ways that we can deny adversaries the benefit of cyber attack. By one, being able to provide indications and warnings of threats to benefit our interagency partners and then also by imposing consequences on our adversaries by disrupting their operations. Thank you, Mr. Chairman. I should note the Section 1533 study that I referenced earlier was, I believe Mr. Moulin's amendment. So he deserves credit for provoking and stimulating the debate that led to the report he referenced. And so I thank him for that. Mr. Fallon is recognized. Thank you, Mr. Chairman, and thank you for your service to the country. I'm sorry to see you go. But as to quote, I'll say immortal words of Dr. Seuss, don't cry because it's over, smile because it happened. Last November, the North Texas Municipal Water District got hacked and it was a domestic, it was a domestic attack, but nonetheless, and they didn't shut it down, but they showed that they could have. And it reminded me of JBS and Colonial Pipeline. In general, I wanted to ask you, what have we learned because that's the greatest for what we all have is that these critical areas, water, electricity, energy, fuel, what have we learned from those attacks that we can employ within the Defense Department? So I'll give you a couple of different things, Congressman. One is this is an area that we've clearly identified that the PRC is targeting. So this wasn't in this case, but we know that's an area they're targeting. So from a national readiness perspective, we have to consider that. The other thing we think about is, what does it look like for defense critical infrastructure? Those things that are the nexus between our private infrastructure and those things the department would rely upon if we were mobilizing. So that's a partnership with Northcom, and it's a partnership with Homeland Security. I think those are areas that within the department, we've now focused, how do we think about that nexus and what will it mean for the department from a cybersecurity standpoint? So I think we have now been applying some of those lessons, we're gonna have to continue to scale as we think about it within the department. And then with, you mentioned that the CCP and like Volt Typhoon comes to mind. There's no doubt that they're actively probing, of course. Can you talk about the work that you're doing with industry partners? Because chain meet weakest link. If we've got some of our partners we're buttoned up and secures a uniform service or even along the DOD, but a private company that's working with us isn't, it doesn't get us anywhere. So can you talk to us about what we're doing to enhance particularly the cybersecurity of our partners? Yes Congressman, both Congress and the department have given Cyber Command and NSA authorities to work with our defense industrial base. And that information sharing component has now allowed us to establish over a thousand partnerships. And that allows us to exchange information, it allows us to do it in real time at an unclassified level so that we can make industry aware of those threats. As we think about those partnerships, now DOD-CIO has also funded additional activities that allow us to provide services to the defense industrial base. Protective DNS so that they have a service that would make it more difficult for a redirection attack or a spearfishing attack informed by NSA's knowledge. The other things we've been doing are scanning of various elements of the defense industrial base. We provide them a scan, we tell them what vulnerabilities we see and allow them to correct those vulnerabilities themselves. We're gonna continue to look at what other services we could provide but we're also looking at how can we extend those partnerships to a broader number that would ensure that we're covering the highest priority things that support the department. Thank you. And then when people come into our offices, they're all dying for labor. Doesn't matter what industry it is. I ask them, do you have job openings and they're all crying for labor. So particularly skilled labor, even more so. So I wanted to ask maybe Miss Manning as well, what can we do, if anything, do we need to do? I remember being a junior officer and the doctors got paid more because it's the market, right? You wanna have those medical doctors stay on after maybe they owe some time after going through medical school. But in particularly this field, it's just the high demand and they make quite a bit of money. Do we, is there incentive pay for folks in this service? And if, does it need to, do we need to ratchet it up? And I just wanted to kick that to both of you. You know, I think at this point, it's important that we consider all different ideas of how we can recruit and retain top talent. I think incentives are one tool that we have in our toolkit. I think also though, there's a sense of mission that comes with doing the work in the department. And so thinking about how we can make people feel really connected to the mission itself is another thing that we can think about. But I think really understanding, what is it that is motivating people to come to these jobs? What is allowing them to sustain careers in government long-term? And I think pay incentives are one of the tools we have at our disposal. I just don't want the canyon to be this big. You know, if it's 300 grand in the private market and it's 100 grand here, that's just too big of a canyon even if you're really rewarded if we can close it, that's kind of my point. Thank you. Mr. Chairman, I yield back. Mr. LaTroll. Thank you, Mr. Chairman. General, in December of 2022, SECDEP officially elevated cybercom's offensive arm. The Cyber National Mission Force to a subunified command. The logic was that it would provide greater enabling resources for this critical mission set. With how much adversary activity we have witnessed against DOD networks, it would appear that your defensive arm, armed joint forces, headquarters could similar benefit. Could you share your opinion? Thank you, Congressman. So when we stood up, when we elevated the Cyber National Mission Force, it was at a point so we now, that's about a third of our force and with a very distinct headquarters and assigned forces. That has now I think was absolutely the right thing for us to do. That we were allowing it to create an identity, we're allowing it to grow its own, the staff to expand its planning and then another capability development. I think we're seeing benefit from that. This is an area that we are going to look at in the 1533 study, which is as we start to think about or actually the 1537 study that you've asked us to do looking at our headquarters. What's the right way to position the joint force headquarters, DODN, in terms of the right resources and authorities to make sure that it has the capacity to really set the globe? That's the mission we've given them. When we have a crisis, we want them to set the globe. So I think it's an area that we're certainly going to evaluate. And it does look different as a headquarters also in terms of assigned forces, but it's something that we will definitely be looking at. Thank you for submitting. I apologize for walking into Mr. Fallon's questions. To expand or to create an expansiveness of talent, we wanted to reach out to academics, academia and institutes of higher performance, correct? Are we doing that in your opinion? I have universities in my district and then of course as I travel the state, the country, I have these discussions when it comes to cyber risks, cyber threats, cyberspace, artificial intelligence, machine learning and how it seems like we're missing the rising wave because our brilliant minds are traveling elsewhere. Are we creating effective narrative from your position in order to share that with the youth and say, hey, I say youth, but our next generation of computational mathematicians. I think there are two aspects to this. I think one is making folks see a career in government as something that they want to pursue and they see building the skills in cyber and in other fields as something where they can have a unique role in terms of defending our national security interests by having jobs you can really only do when you're in government. So how do we make working for the government sound cool? I think that's a really important point. And I think also beyond just making it sound cool, how do you have the- For lack of a better term, I'm sorry, I should just say something better. I think it needs to be relatable and we also though need the mechanisms to bring people into government. So looking at different tools like the cyber accepted service, looking at the presidential management tool, fellowship, looking at different scholarships and opportunities. I think all of this should be on the table so that we can give folks the opportunity not only to want to serve in government, but to be able to have the mechanisms to come in and be able to be a part of our team. Are we looking at having them serve in the various branches of armed services or just government in general? Because as we know, we're having trouble recruiting the bodies for those platforms. Is it both in between? Or is it just something we're trying to cast that wide net and fill all the silos? I would defer to the team who is responsible for personnel and readiness in terms of the overall policy. Oh, that's a great shift. But I think there are opportunities both within the command, within the services for individuals to come in and to serve. Generally got something on that one. So what I would give you is, what do we see that are things that are pretty exciting that are really looking at high schools and middle schools? I just attended the finals of cyber patriot. 5,000 schools across the country where they're doing cyber competitions in middle school and in high school and in ROTC programs. Those are the types of things that we wanna be able to do as early. We would like to see being done as early as possible so that we're really trying to capture people and what it looks like to be that can be both cool and really impactful things for our nation. They seem like they have the willingness to put a uniform on. I think what we've seen is they've done a really nice job of bringing people towards the technology. And then it's our job to be able to have opportunities with the ROTC programs that are in high school and also to be able to reach out and be able to explain what would you do if you came and worked with us, either as a civilian or in the military. That's our story that we've gotta tell. Yes, sir. Thank you, Mr. Chairman. Thank you. Does any other member have a follow-up question? Okay, the FDD, we're gonna have a classified session after this, but I think the FDD report that you've heard referenced numerous times here, again, I think, I mean, I'm biased because I worked with a lot of these people in the cyberspace salarium commission, I'll admit that, but I think what is most compelling in it is the testimony from active duty ranging from company grade to general grade officers. And I'd like to read one statement from Marine Corps captain and all wisdom emanates from Marine Corps captains as Mr. Molin and I know quite well. Leading in the cyberspace domain demands technical competency that cannot be taught in a 12 month school house alone. One of my worst professional experiences involved working underneath a woefully unprepared commander with a degree in culinary arts. Under no circumstance would a cyber officer be asked to lead a squadron of aircraft and yet the opposite is often true. That's just one of many quotes in the report that I think are worth reading. And again, I'm not biasing the outcome of the study you guys are gonna do or an independent study, but I just think it's fair to say at this point that the status quo is not getting the job done. So we're asking you to take a hard look at this problem and work in partnership with us to come up with a better model. As was referenced by some of my colleagues we've given so many authorities to DOD in the eight years I've been on this committee and it's all been well-intentioned. It just seems like it's not adding up or producing the outcome we want. And so I know you're both relatively new to your respective jobs and they're critically important jobs and our commitment is to work with you to get this right because the safety of our country and our citizens are quite literally hanging in the balance. And so we appreciate your time today. We look forward to the classified session. And finally, since he was not here when I said nice things about him, I just want to reiterate how much of a pleasure to spend a work with a ranking member, Ro Khanna, not just on this committee, but on many issues. One of my fondest memories is the op-ed we did on congressional reform together when we were impetuous freshman members of Congress. Still in the reform. Still in the reform, exactly. My biggest failure in my time here. Term limits didn't happen. We went to the White House together to talk about that. But Ro, you've always been incredibly, obviously smart and independent minded but you have a bias for action that I admire, that I think is rare among people in public service. And I also appreciate your sense of humor and that you take the mission but not yourself too seriously. So thank you for your productive partnership. Appreciate that. With that, the open hearing is adjourned and we'll move to a classified session.