DOD to Congress: continuing resolution threatens modernization

The secretary of defense told Congress that 10 years ago he would have yawned at concerns about cyberthreats from adversaries. But in his testimony this week, James Mattis could not have been more emphatic about the need to invest in cybersecurity, cyber training and cyber capabilities.

Mattis, along with Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford, said at a June 15 House Appropriations Committee Defense Subcommittee hearing that the U.S. military is not keeping pace with changes in technology and advancements by adversaries like Russia, and that Congress is largely to blame.

"Continuing resolutions, coupled with sequestration, blocked new programs, prevented service growth, stalled industries' initiatives and placed troops at greater risk," Mattis said. "Despite the tremendous efforts of this committee, Congress as a whole has met the present challenge with lassitude, not leadership."

Mattis warned that unless Congress can meet the administration's request for $574 billion in base funding and $65 billion for overseas contingency operations, adversaries will continue to close the technology gap that for so long provided the U.S. with military superiority.

"Technological change … necessitates new investment, innovative approaches and new program starts that have been denied us by law when we have been forced to operate under continuing resolution," Mattis said.

The secretary called on Congress to end budget caps, fully fund the Pentagon today and ensure stable funding going forward so it can address technology challenges.

"An Army battalion in the field is now going to have assets that an Army battalion didn't have 10 years ago, for example, surveillance assets, drones," Mattis said. "We also have an enemy drone problem where we don't have the right defenses. Every Army battalion headquarters out there is probably going to come under cyberattack. That didn't happen 10, 20 years ago.

"So these new domains, these new technologies, highlight the need to avoid a continuing resolution," continued Mattis. "As you know, under a continuing resolution I can do zero about new starts to address the changing character of war."

Operating in the cyber domain requires additional training as well, Mattis and Dunford said. They warned that without proper funds, the Army cannot put all of its brigades through training rotations to ensure they are "full-spectrum ready," for the future fight.

Mattis said that DOD is looking to increase funding for U.S. Cyber Command to $8 billion as part of the mandate to separate it from the National Security Agency.

"We intend to make this a split that actually gains more unity of effort from a broader constituency, too, from other elements that are also engaged in the counter cyberthreat," he said.

Mattis also cautioned that DOD is facing an ongoing challenge of attracting and retaining cyber warriors, in no small part because salaries in the private sector are so much higher.

Another cyber concern raised during the hearing was a recent report that a malware framework tied to a Russian hacking group could be adapted to attack power grids around the world.

Mattis said the DOD collaborates with the FBI, Department of Homeland Security and Department of Energy, along with the private sector, to protect U.S. critical infrastructure.

"The No. 1 priority we have in the department is to defend our own DOD information technology network, and then we work in collaboration with the private and public sector to make sure that we share when there is a vulnerability and the solutions to those vulnerabilities," Dunford said.

"The actual protection of the power grid in the United States is not something we're responsible for but something we support … when United States CYBERCOM identifies vulnerabilities or solutions to address those vulnerabilities," he added.