Chi- 1 MICHIGAN LIEBEFIMAN CUHHECIICUI JACK REED LELAND Dru-aft 1 serum Hawaii i HELSDH HLHHASKA tear L Lia-1v UDALL COLORADO new HAG-1H noth CAHuttrt- t mast-C BEGICH ALASKA JCE yank-ea Patv Lieutenant LEW vote F CHAFU JUHH MI tint JAMES INHUFEOKLAHUMA Athenian SAKBY GEORGIA 0 3th HFIUWH MASSACHUSETTS PORTER-H CHID KHLY IL Mw HE SUSAN Gt 1 INS JEJIIH trans Davin tit l H_ Luutslavm 0 DL UDELS STAN ANNE S- le STAFF General Keith Alexander Director National Security Agency Commander U S Cyber Command Fort George G Meade MD 20755-6000 Dear General Alexander nittd tters gamut March 29 2012 Dttring your testimony before tlte Senate Armed Services Committee earlier this week on the roles and teSponsibilities of US Cyber Command and the National Security Agency in protecting the United States from the threats we face in the cyber domain you stated unequivocally that the U S Government needs no additional authorities to deter and defend against cyber attacks on our nation Yet just last November in rentarks at the U S Strategic Command Cyber and Space Symposium you stated that we have to have tnorc authorities to protect ourselves in cyberspace we can tjust defend I do not understand what you to abandon this latter view which is consistent with the views of former Vice Chairman ofthe Joint Chiefs of Staff General James Cartwright who asserted that we are on the bad side ofa divergent threat and must shift front a strategy that focuses 90 percent of our resources on playing defense to one that imposes meaningful consequences to those who look to hold U S interests at risk via cyberspace A February 27 2012 article in the Washington Post suggests that the White House cautioned you to refrain from publicly arguing for expanded governtnent authorities related to cyber security and defense The article quotes an Administration official as saying you were reminded that making statements inconsistent with official Administration policy is undermining the commandcr-in-chicf I was very disappointed that your testimony to this ommittce appears to have been more heavily influenced by hitc House policy rather than your best military and technical advice and expertise As I stated at the hearing view the inevitability ofa large scale cyber attack as an existential threat to our nation Therefore I am deeply concerned by your endorsement of the Administration s proposal to appoint the Department ofHomeland Security as the lead agency responsible for ensuring domestic security against cyber attacks Our vulnerability to cyber attacks will not be rcmediated by creating additional layers ofbureaueracy in an agency already failing in several of its core missions including aviation security and border control I do not understand why you believe DI-IS can more effectively protect our nation s critical infrastructure better than US Cyber omntand or the National Security Agency Please respoan to the following questions in unclassified form with a classified annex ti necessary I hat additional authorities do you believe are necessary to defend the United States from a cyberattack initiated by a peer-competitor like China er Russia Which agency within the federal government has the most cybersecurity expertise and is most capable ol'protecting our critical infrastructure Does the Department of Defense rely on any critical infrastructure that under the Administration s proposals would be subject to Department of Homeland Security oversight Can the Department ol Homeland Security currently protect our national interest in the cyber realm without NSA involvement Do you believe we are deterring and dissuading our adversaries in cyberspace With respect to imposing requirements on the private sector if the rate of technological advances outpaces the implementation of performance requirements and regulation how would imposing additional regulations better protect us from a catastrophic cyber attack Thank you for your attention to this important matter Sincerely 77' John McCain Ranking Member