Thank you, Mr. Chairman, for holding this timely and important hearing today.  And welcome to our distinguished witnesses.  We greatly appreciate your work and service on behalf of the nation.

We have asked you to testify on a diverse and complex set of issues, each of which might merit a separate hearing – President Obama’s Commission on Enhancing National Cybersecurity, Secretary Ash Carter’s multiple Defense Science Board studies on cyber resilience and deterrence, and Professor Waxman’s research on international law and on this very important issue.  Each of these important projects seek to help the United States to define a coherent and effective cyber policy and strategy. 

Professor Waxman rightly observes that international law governing actions in cyberspace is, in important respects, an insufficient guide to behavior.  International law has inherent ambiguities and develops slowly in new areas like cyber.  However, Professor Waxman nonetheless urges that U.S. policy draw “sharper red lines” than exist today, a recommendation clearly in line with the views of our other witnesses, who emphasize the urgency of improving our deterrence and defensive capabilities.

One important element of Professor Waxman’s statement is the principle of sovereignty in international law.  In the physical world, international law does not allow the transit by armed aircraft through a nation’s airspace without permission, nor is it permissible to undertake military actions on the territory of non-belligerents.  By analogy, would this mean that it is illegal to send a cyber weapon to a distant target through the networks of other sovereign nations without their permission?  Would it be illegal to take down a Syrian jihadist website hosted on a server in, say, South Africa, without the host nation’s permission?  This committee has been asking these questions at least since General Alexander was nominated to lead a newly established Cyber Command seven years ago.  I would be interested in hearing each of the witnesses’ views on this critical issue.

The Defense Science Board Task Force on cyber deterrence that Dr. Miller co-chaired makes a noteworthy recommendation directly pertinent to cyber attacks, such as the Russian intervention in our election last year.  This Task Force report recommends that a key component of cyber deterrence is the development by the United States of capabilities to conduct what I will call “information operations” against the “most valued assets or relationships” of the leadership of a country that conducts a cyber attack on us.  The report specifically cites Russia, Iran, North Korea and China.  Dr. Miller, I am interested in concrete examples of these most-valued assets or relationships and what might be done to hold them at risk, and what goal that accomplishes.

The recommendation to develop a capability to conduct information operations is an important one.  However, I would note that we currently have very limited capabilities for mounting effective information operations of the sort called for in this report.  The report calls for assigning this responsibility to Cyber Command, but Cyber Command’s cyber mission forces were built for different roles.  They were built for defending networks against intrusion and for penetrating and disrupting others’ networks, but not for conceiving and conducting operations involving content or “cognitive” manipulation.  Other organizations in DoD are currently assigned responsibility for information operations, but they have been focused on supporting military forces in combat at the operational and tactical levels, not on strategic objectives.  I look forward to hearing our witnesses’ perspectives on specific steps to achieve this important capability – both within DoD and across the government.   

Mr. Chairman, these are difficult questions and I look forward to the testimony and discussion.