• 3 months ago
Earlier this month, Sen. Kirsten Gillibrand (D-NY) questioned Department of Defense nominees on cyber espionage and intelligence leaks during a Senate Armed Services Committee hearing.

Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:

https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript


Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Transcript
00:00Thank you Mr. Chairman. Ms. Wilkerson, in light of Jack Teixeira's leak of classified intelligence
00:07and his reportedly violent and racist online behavior that went undetected during his
00:12background investigation, what suggestions do you have to reform security clearance investigations
00:16and to prevent such people from having access to classified intelligence?
00:21Good morning Senator. I am certainly aware of the fact that Airman Teixeira did plead
00:29guilty to an unauthorized disclosure and am aware that the Secretary did direct a 45-day
00:37security review. And so certainly if confirmed, I would be focused on continuing to implement
00:44the Secretary's direction to enhance security in depth and that really looks across the whole
00:50of the department and looks to also focus a culture of individual and collective accountability.
01:00Dr. Silmeier, CISA and the NSA and the FBI have put out a joint advisory on the PRC actors known
01:07as Volt Typhoon. They have noted that the choice of targets and patterns of behavior is not
01:13consistent with traditional cyber espionage or intelligence gathering operations. If this is
01:18more akin to preparation of the battle space, how will you approach deterring a PRC attack on U.S.
01:24critical infrastructure? Good morning Senator. I think I would approach this from two standpoints.
01:31First, we have to enable and act. The first step is we have to enable the partners, the actual
01:36owners of those systems who control the security. We have to empower them with better information,
01:42more precise threat information. But then we also have to act. We have to act abroad
01:46to defend forward and disrupt our adversaries by imposing costs in this domain.
01:52How would you empower them? Better information sharing first. Secondly, these publications that
01:59our government agencies do release provide technical specificity about changes that can
02:05be made in configuration to keep them better protected. That doesn't sound reassuring. In fact,
02:11if you are preparing for a battle space where an adversary was going to bomb our subway system,
02:16you would have actionable items that you were going to do, that the Department of Defense can
02:20do, that our intelligence community could do. But just because it's in cyberspace, you basically
02:27declare that domain an undefendable domain where you're going to offer best practices,
02:32where you're going to offer information, where you're going to give vendors more guidance.
02:37It sounds absurd if you put it in that context. Can you please give me a little more reassurance
02:42that if China decides that the battle space is cyber and they shut down our electric grid,
02:46shut down our energy supply, shut down our banking system, zero out bank accounts,
02:52shut down our food supply, shut down our water supply, shut down anything they feel necessary,
02:56such as airfields, such as electric grids that service our bases, I can't imagine that there'd
03:03be no response by the DOD but best practices. I agree, Senator. I can't imagine that either,
03:11and that's why I would focus more from the cyber command side on the act, on the cost
03:16imposition, but I would do that not just in response but in the prevention and disruption
03:20as well before it occurs. So can you discuss prevention and
03:26obstruction before and disruption before? Can you discuss that in this setting?
03:31What I can say in this setting, Senator, is that my focus on building combat power,
03:36which is really about the people, the technology, to be able to impose those costs,
03:42that's the overriding priority I would bring to the job if confirmed. We'd have to be able to
03:49bring the technical talent needed not just to recruit them but keep them on the hardest missions
03:54focused on the targets you're exactly mentioning for long enough periods of time to develop that
03:59mastery and expertise so that if the order is given to impose those costs to prevent and disrupt
04:05ahead of time, we're ready. So this year's NDA, we have a requirement in it asking you to create
04:12a plan to how you're going to protect the DOD's ability to project power from our bases, project
04:18power from all of our supply chain that's necessary for our Department of Defense to function
04:25effectively from a cyber attack. A lot of times when we request a report or a study or a plan,
04:34it is delayed. Do I have your commitment then when the NDA gives you directives to prepare a
04:40plan, prepare a report, you will do so on a timely basis? Yes, Senator. Top priority to be timely
04:47with you and if that means I've got to come up in person and give a personal briefing before the
04:52paperwork clears, I'll do it. Thank you. Thank you, Mr. Chairman. Well, thank you very much.

Recommended