CHRG-116Hhrg40505.Pdf

CHRG-116Hhrg40505.Pdf

i [H.A.S.C. No. 116–43] SECURING THE NATION’S INTERNET ARCHITECTURE JOINT HEARING BEFORE THE SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES OF THE COMMITTEE ON ARMED SERVICES MEETING JOINTLY WITH THE SUBCOMMITTEE ON NATIONAL SECURITY OF THE COMMITTEE ON OVERSIGHT AND REFORM [Serial No. 116–57] HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTEENTH CONGRESS FIRST SESSION HEARING HELD SEPTEMBER 10, 2019 U.S. GOVERNMENT PUBLISHING OFFICE 40–505 WASHINGTON : 2020 COMMITTEE ON ARMED SERVICES SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES JAMES R. LANGEVIN, Rhode Island, Chairman RICK LARSEN, Washington ELISE M. STEFANIK, New York JIM COOPER, Tennessee SAM GRAVES, Missouri TULSI GABBARD, Hawaii RALPH LEE ABRAHAM, Louisiana ANTHONY G. BROWN, Maryland K. MICHAEL CONAWAY, Texas RO KHANNA, California AUSTIN SCOTT, Georgia WILLIAM R. KEATING, Massachusetts SCOTT DESJARLAIS, Tennessee ANDY KIM, New Jersey MIKE GALLAGHER, Wisconsin CHRISSY HOULAHAN, Pennsylvania MICHAEL WALTZ, Florida JASON CROW, Colorado, Vice Chair DON BACON, Nebraska ELISSA SLOTKIN, Michigan JIM BANKS, Indiana LORI TRAHAN, Massachusetts JOSH STIEFEL, Professional Staff Member PETER VILLANO, Professional Staff Member CAROLINE KEHRLI, Clerk COMMITTEE ON OVERSIGHT AND REFORM SUBCOMMITTEE ON NATIONAL SECURITY STEPHEN F. LYNCH, Massachusetts, Chairman JIM COOPER, Tennessee JODY B. HICE, Georgia, Ranking Minority PETER WELCH, Vermont Member HARLEY ROUDA, California PAUL A. GOSAR, Arizona DEBBIE WASSERMAN SCHULTZ, Florida VIRGINIA FOXX, North Carolina ROBIN L. KELLY, Illinois MARK MEADOWS, North Carolina MARK DESAULNIER, California MICHAEL CLOUD, Texas STACEY E. PLASKETT, Virgin Islands MARK E. GREEN, Tennessee BRENDA L. LAWRENCE, Michigan CLAY HIGGINS, Louisiana DAVE RAPALLO, Staff Director, Committee on Oversight and Reform DAN REBNORD, Staff Director, Subcommittee on National Security AMY STRATTON, Clerk (II) C O N T E N T S Page STATEMENTS PRESENTED BY MEMBERS OF CONGRESS Hice, Hon. Jody B., a Representative from Georgia, Ranking Member, Sub- committee on National Security, Committee on Oversight and Reform ......... 8 Langevin, Hon. James R., a Representative from Rhode Island, Chairman, Subcommittee on Intelligence and Emerging Threats and Capabilities, Committee on Armed Services ............................................................................ 1 Lynch, Hon. Stephen F., a Representative from Massachusetts, Chairman, Subcommittee on National Security, Committee on Oversight and Reform ... 6 Stefanik, Hon. Elise M., a Representative from New York, Ranking Member, Subcommittee on Intelligence and Emerging Threats and Capabilities, Committee on Armed Services ............................................................................ 4 WITNESSES Manfra, Jeanette, Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency, U.S. Department of Homeland Security ...... 9 Rinaldo, Diane, Acting Assistant Secretary for Communications and Informa- tion, and Administrator, National Telecommunications and Information Ad- ministration, U.S. Department of Commerce .................................................... 11 Wilson, B. Edwin, Deputy Assistant Secretary of Defense for Cyber Policy, Office of the Under Secretary of Defense for Policy, U.S. Department of Defense .................................................................................................................. 12 APPENDIX PREPARED STATEMENTS: Langevin, Hon. James R. ................................................................................. 43 Manfra, Jeanette .............................................................................................. 46 Rinaldo, Diane .................................................................................................. 54 Wilson, B. Edwin .............................................................................................. 61 DOCUMENTS SUBMITTED FOR THE RECORD: [There were no Documents submitted.] WITNESS RESPONSES TO QUESTIONS ASKED DURING THE HEARING: Mr. Waltz .......................................................................................................... 73 QUESTIONS SUBMITTED BY MEMBERS POST HEARING: Ms. Houlahan .................................................................................................... 82 Mr. Kim ............................................................................................................. 81 Ms. Stefanik ...................................................................................................... 77 (III) SECURING THE NATION’S INTERNET ARCHITECTURE HOUSE OF REPRESENTATIVES, COMMITTEE ON ARMED SERVICES, SUBCOMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES, MEETING JOINTLY WITH THE COMMITTEE ON OVERSIGHT AND RE- FORM, SUBCOMMITTEE ON NATIONAL SECURITY, Wash- ington, DC, Tuesday, September 10, 2019. The subcommittees met, pursuant to call, at 2:01 p.m., in room 2118, Rayburn House Office Building, Hon. James R. Langevin (chairman of the Subcommittee on Intelligence and Emerging Threats and Capabilities) presiding. OPENING STATEMENT OF HON. JAMES R. LANGEVIN, A REP- RESENTATIVE FROM RHODE ISLAND, CHAIRMAN, SUB- COMMITTEE ON INTELLIGENCE AND EMERGING THREATS AND CAPABILITIES, COMMITTEE ON ARMED SERVICES Mr. LANGEVIN. The subcommittee will come to order. So, good afternoon, everyone. I am pleased to welcome everyone here today to the joint hearing with the Committee on Oversight and Reform Subcommittee on National Security about the security of the Nation’s internet architecture. I am particularly thankful to my good friend Congressman Lynch from Massachusetts, my neigh- bor in New England, and his staff for working so diligently in mak- ing today possible, along with the ranking members of both sub- committees. Today we are here to conduct what I believe is much-needed oversight regarding the security of the internet’s underlying archi- tecture, namely, the components, physical sites, and the assets that are necessary for the internet to operate. Defending the United States assets in this global telecommuni- cations network requires a whole-of-government approach, and I am concerned that the government is not approaching the subject in a cohesive or comprehensive manner, creating significant risk for the Nation. Both the Oversight subcommittee and the Armed Services sub- committee are seeking a better understanding of the policies, regu- lations, and guidelines and interagency agreements that govern the protection of this critical infrastructure. To the extent that there are gaps, we are also interested in learning whether legislative so- lutions may be needed. Most people think of the internet as the sites they visit, the ap- plications they use, and the emails they send. In other words, the people’s understanding of what the internet is, is very much tied to how they engage with it. However, this leaves out an entire ar- chitecture that enables the flow of information around the world (1) 2 and into people’s palms. This architecture includes the high-capac- ity cables buried under the ground and laid below the sea, the cable landing stations that connect the cables from continent to continent, and the internet exchange points, or IXPs, that serve as a clearinghouse for data between internet service providers and content delivery networks. These are all examples of physical sites and tangible items that are required for the internet to operate ef- fectively. While these physical sites are critical components of the cyber landscape, they are generally viewed as distinct from the network’s protocols and software that are more familiar to people’s under- standing of the internet. However, they are just as important to internet operations. After all, unplugging a network cable is just as effective as a denial-of-service attack, maybe even more so. From the government’s perspective, attacking the subject of internet architecture security is difficult, due to the departments’ and agencies’ overlapping jurisdictions, responsibilities, and capa- bilities. And I am concerned that the executive branch has frag- mented internet architecture security among multiple departments as opposed to conceptualizing the internet as a single ecosystem with departments working collaboratively. For example, the Department of Homeland Security serves as the government lead for all critical infrastructure, and as the sector- specific agency for the telecommunications sector. Meanwhile, the Department of Commerce’s National Telecommunications and In- formation Administration, or NTIA, is principally responsible for advising the President on telecommunications and information pol- icy issues, and develops national policies on internet use and cyber- security. Separately, the Department of Defense is broadly responsible for defense of the Nation. Independent regulatory agencies, like the Federal Communications Commission, also have important respon- sibilities for ensuring security. To top it all off, many of these ex- change points are connected to international providers. So I have no doubt that these agencies work together broadly. However, I am very worried that by carving out discrete lanes in the road, there are seams left unaddressed in the middle, and I am concerned that internet architecture security is one of those seam issues. Holistic internet architecture security has been generally ne- glected, I believe, with organizations remaining firmly in their lanes rather than approaching the problem collectively. So,

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    90 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us