3/8/2018 3:20 PM

SELECT COMMITTEE ON INTELLIGENCE

UNITED STATES SENATE

Additional Prehearing Questions for Lieutenant
General Paul M. Nakasone
Upon his nomination to be Director of the National Security Agency

1

3/8/2018 3:20 PM

Responsibilities of the Director of the National Security Agency
QUESTION 1: The role of Director of the National Security Agency (DIRNSA) has been
performed differently depending on what the President has requested from the position. What
do you see as your role as DIRNSA, if confirmed to this position? How do you expect it to be
different than that of your predecessor?
The role of DIRNSA is to ensure the successful accomplishment of NSA's principal missions of
protecting national security systems, and applying the capabilities of Signals Intelligence
(SIGINT) to generate maximum insights in the areas of foreign intelligence and cyber security
in the defense of our Nation and our friends and allies around the world within our Nation's
legal framework and applicable policy guidance. The DIRNSA is equally responsible for the
recruitment, training, and retention of a world-class workforce that underpins this mission.
If confirmed, I believe what may be unique to my tenure as DIRNSA is the level of challenge
and complexity the future holds, including: increasing difficulties with the intelligence
collection mission given rapid technological evolution; ubiquitous encryption; the growing
capabilities of the private sector technology industry; ensuring continued network security from
both external and internal threats; and the continuing challenge to retain an elite workforce
given the many opportunities in the civilian sector.
QUESTION 2: The congressional intelligence committees have supported the Intelligence
Community’s (IC’s) evaluation of dual-hatting the Commander of
U.S. Cyber Command and DIRNSA positions. In the Joint Explanatory Statement
accompanying the Intelligence Authorization Act for Fiscal Year 2017 (P.L. 115- 31), the
committees directed the IC to review and assess the potential impacts and effects. Specifically,
the committees directed that the “organization of NSA should be examined to account for the
evolution of its mission since its establishment, the current structure of the intelligence
community, and the fact that the NSA is predominantly funded through the NIP.” In all of the
following, please include a discussion of the NSA’s structure, budgetary procedures, and
oversight responsibilities to Congress.

a. Which DIRNSA roles and responsibilities would be affected by a cessation
of the dual-hat regime?
Any decision with respect to terminating the dual-hat leadership arrangement must be made in
the best interests of the Nation and if directed, it must be conditions based – that is to say that
processes and decisions which enable effective mutual collaboration and deconfliction are well
established and operating. With that said, I believe terminating the dual hat leadership
arrangement would have only minor effects on the DIRNSA’s roles and responsibilities. The
Director’s primary responsibilities and NSA’s mission will be largely unaffected. Given my
2

3/8/2018 3:20 PM

current assignment, I lack further details to discuss the NSA’s budgetary structure, budgetary
procedures and oversight responsibilities to Congress. If confirmed, this is an area that I will
study further.

b. What in your view are the positive and negative aspects of a dual-hat regime?
Please include assessments of structure, budgetary procedures, and oversight of
NSA.
My experience is that the dual-hat arrangement has enabled the operationally close partnership
between USCYBERCOM and the NSA, which benefits both in the accomplishment of their
respective missions. Dual-hatting optimizes the integration and synchronization of SIGINT and
cyberspace operations. It enables decision making that balances competing equities under the
judgment of a single individual directly responsible for both organizations critical missions. If
terminated, such decisions will require close organizational collaboration enabled by processes
which build upon the operational integration achieved under the dual-hat arrangement, as well
as close working relationships between the leaders of both organizations.
That said, I believe that any decision to maintain or terminate the dual-hat leadership
arrangement must be conditions-based and in the best interests of the Nation. Each organization
faces different challenges and has different mission goals – a distinction that risked blurring
under dual-hatting and required continuous reinforcement of distinct mission focus for each
organization. Given my current assignment, I lack further details to discuss the NSA’s
budgetary structure, budgetary procedures and oversight responsibilities to Congress. If
confirmed, this is an area that I will study further.

c. What is your view on the dual-track supervision of NSA by the Secretary of Defense
and the Director of National Intelligence?
NSA is both a Combat Support Agency and a DoD component within the Intelligence
Community. Its mission is to help protect national security by providing both policy makers and
military commanders with the intelligence information and cybersecurity insights they need.
NSA has functioned effectively under this construct for decades, first, reporting to the Director
of Central Intelligence and then to the Director of National Intelligence, once created. Dualtrack supervision is appropriate and reflects the dual nature of NSA's mission.
QUESTION 3: Please describe the specific experiences you have had in your professional
career that will enable you to serve effectively as the head of the NSA. In addition, what lessons
have you drawn from the experiences of current and former DIRNSAs?
I am a career intelligence officer. For over three decades, I served in key intelligence
positions across Joint and Army forces in peace and war. I understand how to produce timely,
3

3/8/2018 3:20 PM

accurate, and valued intelligence, and what consumers’ demand of our intelligence products.
My most recent intelligence assignment was as the Director of Intelligence, International
Security Assistance Force Joint Command, Afghanistan.
My service has included formative assignments with the Joint Staff, Multi-National Forces Iraq,
U.S. Forces Afghanistan, and USCYBERCOM. These experiences have afforded me significant
insight into intelligence support at the strategic, operational, and tactical levels, with broadening
exposure to the interagency, coalition partners, commercial industry, and academia.
Finally, I have served within the NSA on three separate occasions. This includes assignments to
both Fort Gordon, Georgia and Fort Meade, Maryland. Over these multiple tours, I have
developed a deep appreciation and strong commitment to the people and mission of the NSA.
QUESTION 4: If confirmed as DIRNSA, what steps will you take to improve the integration,
coordination, and collaboration between NSA and the other IC agencies?
If confirmed, I will begin my analysis of the NSA’s integration, coordination, and collaboration
by looking inside the Agency. I would assess the degree of work being done by measuring the
NSA’s ability to enable SIGINT collection into other IC agency products, the placement of IC
agency personnel within the NSA, and the degree of familiarity the workforce has for its IC
counterparts.
I would then continue my assessment by seeking external views of the NSA’s ability to
integrate, coordinate, and collaborate within the other IC agencies. This feedback would come
principally from the Director of National Intelligence and his staff, the Office of the Under
Secretary of Defense for Intelligence, other members of the IC, and finally a discussion with our
key product consumers—the DoD, the Interagency, Joint Staff, and Combatant Commands.
QUESTION 5: If confirmed as DIRNSA, how will you ensure that the tasking of NSA
resources and personnel to support U.S. Cyber Command do not negatively impact NSA’s ability
to perform and fulfill core missions?
The dual hatted Director/Commander is supported by separate NSA and USCYBERCOM staffs.
A series of interagency support agreements and memorandums of agreement are also in place to
ensure the proper resource accounting occurs. I will make it my clear guidance that established
business rules and processes designed to limit such impact are followed and enforced. If
confirmed, part of my inherent responsibility under the dual-hat is to make such considerations a
core part of my decision making and to be accountable such that negative impacts do not occur.

4

3/8/2018 3:20 PM

Keeping the Congressional Intelligence Committees Fully and Currently Informed
QUESTION 6: What is your understanding of DIRNSA’s obligations under Title 50 of the
National Security Act of 1947, including DIRNSA’s obligation to appoint a Director of
Compliance?
Title 50 contains numerous obligations for the DIRNSA. If confirmed, I will work with the
NSA’s Office of General Counsel to ensure full compliance with the law. This includes 50 U.S.C.
3602, which requires that there be a Director of Compliance for the Agency.
QUESTION 7: Please assess how well the NSA is working with Congress and, specifically,
with the congressional intelligence committees.
It is my understanding that NSA works hard to keep Congress fully and currently informed. I am
aware that NSA witnesses routinely testify before Congress and that the NSA personnel prepare
briefings, papers, and notifications to Congress. I am also aware that at the recent hearing
regarding the Intelligence Community’s Worldwide Threat Assessment, the Chairman and Vice
Chairman thanked the Intelligence Community for providing access to intelligence products, legal
documents, and other materials necessary for Congress to carry out its oversight function. If
confirmed, I look forward to continuing those efforts to keep Congress informed of NSA’s
activities.
a. What information should NSA share with Congress?
I believe NSA should not only be responsive to congressional requests, but should also
proactively notify Congress of both successes and failures so that Congress can perform its
important oversight role.

b. What, if any, information should NSA withhold from the congressional
intelligence committees? Why?
NSA should not broadly withhold information from the congressional intelligence committees. In
some cases, as has been my understanding of past practices, it may be best to provide details
about NSA’s most sensitive sources and methods only to select congressional intelligence
leadership. To be clear, I do not believe the need to protect sensitive sources and methods
overrides the NSA’s obligation to inform Congress about its activities in a general sense. If
confirmed, I will work with the congressional intelligence committees and strive to provide them
with access to any materials required for their oversight of NSA operations.
QUESTION 8: Please describe your view of the NSA’s obligation to respond to requests for
information from Members of Congress.
If confirmed, I will work to ensure that my team understands Congress’s important role
overseeing NSA’s activities. To fulfill that oversight function, NSA is obliged to provide
5

3/8/2018 3:20 PM

information, as appropriate, to the committees with jurisdiction over NSA’s activities. I would
work with Members to understand the outcome they are trying to achieve, and to help get the
information that they need to fulfill this outcome.
QUESTION 9: Does NSA have a responsibility to correct the record, if it identifies
occasions where inaccurate information has been provided to the congressional
intelligence committees?
Yes. If confirmed, I will always be open with Congress and provide the best information available
at the time, and if my subordinates or I need to correct the record, I will make sure that occurs.
QUESTION 10: This Committee is conducting an investigation into Russia’s involvement in the
2016 U.S. election. If confirmed, will you support the Committee’s oversight investigation and
promptly provide any documents or briefings deemed necessary by the Committee?
Yes. I fully appreciate the significance of the Committee’s investigation into Russia’s
involvement in the 2016 elections. Accordingly, if confirmed, I commit to continuing to support
the Committee’s need for documents and briefings relevant to the investigation in accordance
with the procedures that have already been established.
Functions and Responsibilities of the National Security Agency
QUESTION 11: What do you consider to be the most important missions of the NSA?
Both of the NSA’s principal missions, protecting national security systems and collecting foreign
intelligence information, are paramount to the safety and security of our Nation. The two missions
also go hand-in-hand. Collecting foreign intelligence information on our adversaries’ attempts to
penetrate our networks informs how best to protect national security systems, the security of
which ensures (among other things) that adversaries remain unaware of our capabilities. Equally,
the NSA’s expertise in information assurance provides their operators insights into adversary
systems, providing new opportunities for foreign intelligence collection. Together, these selfreinforcing missions allow the collection of foreign intelligence information critical to national
security while protecting our Nation’s own sensitive information.
QUESTION 12: How well do you think the NSA has performed recently in each of these
missions?
I have limited awareness to assess this in my current assignment. There is always room for
improvement, but generally, I think the NSA continues to provide an extraordinary service by
generating high quality intelligence for our Nation’s leaders and cybersecurity solutions to protect
the most sensitive national security systems.
QUESTION 13: If confirmed, what missions do you expect to direct the NSA to prioritize over
6

3/8/2018 3:20 PM

others?
At a high level, it is clear that the Nation is at a growing risk from foreign malicious cyber actors,
so I expect to emphasize increasing cyber capabilities in order to ensure NSA has awareness of
foreign malicious cyber activities, including cyber attacks, and can provide policy makers with
unique and timely foreign intelligence information. If confirmed, I will be in a better position to
make fully informed assessments and establish clear priorities.
National Security Threats and Challenges Facing the Intelligence Community
QUESTION 14: What, in your view, are the current principal threats to national security most
relevant to the NSA?
Cyber threats, weapons of mass destruction (WMD), and terrorist activities are the current
principal threats to national security that are most relevant to the NSA. More specifically, growing
near-peer foreign military powers powers, terrorist organizations, transnational criminal
organizations, and other dangerous groups and individuals use cyber operations to achieve malign
strategic objectives. North Korea, Russia, and China all have state efforts to modernize, develop,
or acquire WMD, their delivery systems, or the underlying technologies. These efforts are a major
threat to the United States and to our partners. Terrorist organizations also continue to expand
their global presence, posing a persistent threat to the U.S. Homeland, its allies, and U.S. interests
abroad.
QUESTION 15: In your opinion, how has the NSA performed in adjusting its policies, resource
allocations, planning, training, and programs to address these threats?
Mindful that the NSA is a very large organization, I think the NSA has done an admirable job of
adjusting to a rapidly changing threat landscape. The adjustment from a Cold War focus toward
a foreign terrorism focus in the 1990s and 2000s was significant and challenging, but ultimately
resulted in the NSA producing critical intelligence in the global war on terrorism. In the same
manner, the Agency has made notable adjustments over the last decade to support success in the
foreign cyber arena, while still maintaining its foreign counter-terrorism abilities. This is an area
that I will be able to better assess, if confirmed.
QUESTION 16: What role do you see for the NSA, in particular, and the IC, as a whole, with
respect to the ongoing challenge of ubiquitous encryption as it pertains to foreign intelligence?
The prevalence of encryption and the complexity of the math behind it has increased with the
proliferation of computers, but the fundamental nature of encryption has not changed. Thus, the
NSA’s mission with regard to cryptology remains the same: develop robust encryption to protect
national security systems and work with Intelligence Community partners and U.S. allies to
ensure that the NSA has solutions to our adversaries’ encryption and can continue to produce the
foreign intelligence information that U.S. policymakers and military leaders rely upon. That said,
7

3/8/2018 3:20 PM

the Agency has previously stated publicly that the prevalence of encryption does create challenges
and requires the NSA to focus on more resource-intensive ways to produce foreign intelligence
information.
Foreign Intelligence Surveillance Act
QUESTION 17: The USA FREEDOM Act will sunset on December 15, 2019. What is your view
on its reauthorization?
I am familiar with the authority and aware the statute sunsets in less than two years, but, if
confirmed, I want to assess NSA’s use of the authority before formulating an answer. I will work
with my team to fully understand the USA FREEDOM Act’s utility, resource requirements,
compliance controls, and privacy protections. I believe it is important for the NSA to regularly
evaluate its collection activities and optimize the legal authorities and the resources provided by
Congress.
QUESTION 18: Has the transition from the NSA to the telecommunications companies
regarding the metadata collection and retention of call detail records affected the IC’s operational
capabilities? If so, how?
If confirmed, I will seek to understand and assess this specific issue as part of the process of
reviewing the USA FREEDOM Act.
Cybersecurity
QUESTION 19: As the nation’s cyber infrastructure becomes increasingly susceptible to
cyberattacks, can a single individual successfully execute both roles of DIRNSA and the head of
U.S. Cyber Command?
I believe that General Alexander and Admiral Rogers have demonstrated that a single leader can
successfully execute the roles of DIRNSA and Commander USCYBERCOM. The 2017 NDAA,
Section 1642 placed a limitation on termination of the dual hat arrangement unless six conditions
have been met. If confirmed, I will evaluate these conditions and provide my assessment to the
Secretary of Defense and the Chairman of the Joint Chiefs of Staff, who must certify these
conditions are met to ensure that termination does not pose risks to the operational effectiveness
of either organization that are unacceptable to the national security interests of the United States.
Ultimately, I believe that any decision must be conditions-based and in the best interests of the
Nation.
QUESTION 20: What changes to the respective cybersecurity roles would occur if the dual-hat
regime ceased to exist?
8

3/8/2018 3:20 PM

None; the cybersecurity roles of DIRNSA were not changed by the dual-hat arrangement, so
terminating the dual hat arrangement would equally have no effect. Of course, there will be some
practical consequences related to coordination that naturally flow from the new leadership
arrangement, but these could be mitigated by mutual support agreements and other preparations.
If confirmed, I would include this assessment in my recommendations to the Secretary of
Defense, Chairman of the Joint Chiefs of Staff, and Director of National Intelligence.
QUESTION 21: What role do you see for the NSA in defensive cybersecurity policies or
actions? What role do you see for NSA in supporting any U.S. Government offensive
cybersecurity policies or actions?
DIRNSA is the National Manager for National Security Systems and in this capacity works
closely with DoD to protect the Department of Defense information network (DODIN), as well as
the networks of other departments and agencies that process classified information. Regarding
defensive cybersecurity policies or actions more broadly, the NSA is a key player on a larger team
that includes DHS, FBI, and USCYBERCOM. NSA is an agency with many unique skill sets in
offensive cybersecurity policies and actions. NSA can and should advise on U.S. government
offensive cybersecurity policies when directed by policymakers, consistent with its authorities.
QUESTION 22: What should be the NSA’s role in helping to protect U.S. commercial computer
networks?
NSA’s mission is fundamentally one of collecting foreign intelligence information and protecting
national security systems, though the NSA certainly does contribute great insights into foreign
cybersecurity threats that help protect the private sector. Given that cyber attacks of significant
consequence on commercial computer networks can cause the loss of life or billions of dollars in
damage to an economy, it is paramount that the U.S. public and private sectors work together to
create a shared understanding of the threat. If confirmed, I am eager to take part in this
collaboration.
QUESTION 23: What cyber threat information (classified or unclassified) should be shared with
U.S. private sector entities, particularly critical infrastructure entities, to enable them to protect
their networks from possible cyberattacks?
While the responsibility for protecting privately-owned networks lies primarily with the system
owner, the U.S. Government has the responsibility to defend national interests more broadly. If
confirmed, my goal will be to continue to work with DHS and FBI to try to lean forward and
provide unclassified cyber threat information so that it is available for wide public use. When
threat information must remain classified, what is shared should depend on factors such as the
nature, duration, and severity of the threat, and the ability of the affected entity to receive
classified information.
QUESTION 24: It is now well understood that America’s election infrastructure is vulnerable to
9

3/8/2018 3:20 PM

cyber attacks.

a. If confirmed, how will you address this threat?
I believe this needs to be a whole-of-government solution. DHS and state and local governments
are the primary entities leading this effort, and if confirmed I will ensure the NSA and
USCYBERCOM continues to support this effort, consistent with their authorities. Our democracy
depends on it.

b. What actions should the NSA be taking to protect our election infrastructure
for the upcoming November 2018 federal elections?
I completely appreciate the importance of this issue to this Committee and the Nation.
NSA will provide support to the government effort, led by DHS, to guard against outside
interference in the November 2018 federal elections. If confirmed, I pledge that that
effort will have the NSA’s full support.

c. How, in your view, should the NSA work with other IC elements to prevent
and mitigate threats to our election systems?
I completely appreciate the importance of this issue to this Committee and the Nation.
NSA should provide support to the government effort, led by DHS, to guard against
outside interference in the November 2018 federal elections. If confirmed, I pledge that
that effort will have the NSA’s full support, including cooperation with other members
of the IC under coordinating direction of a lead agency.
QUESTION 25: In December 2015, the Cybersecurity Act of 2015 was enacted and signed into
law, thereby creating a voluntary information sharing process involving both public and private
sector entities.

a. In your view, is this process effective?
The process established by the Cybersecurity Act of 2015 was a great first step. I believe the key
is bi-directional information sharing. If confirmed, I will seek to better understand the frequency
with which this is occurring.

b. What recommendations do you have for this process going forward?
If confirmed, I will be better able to assess and provide more informed recommendations on this
issue.

10

3/8/2018 3:20 PM

NSA Capabilities
QUESTION 26: What is your assessment of the quality of current NSA intelligence
analysis? If confirmed, what additional steps would you take to improve intelligence
analysis, and what benchmarks will you use to judge the success of future NSA analytic
efforts?
From my previous experience at the NSA, I can say that I expect to find that the NSA presently
has a robust intelligence analysis program. NSA analysts are trained in the tradecraft of analysis,
and they do it well. To ensure that this program continues to improve, I believe that continuous
career growth is essential for current employees. The success of future NSA analytic efforts
would be judged by the feedback of our customers, principally the Nation’s policymakers and
military commanders, on the quality and usefulness of our foreign intelligence reporting.
QUESTION 27: What is your view of strategic analysis and its place within the NSA? Please
include your views about what constitutes such analysis, what steps should be taken to ensure
adequate strategic coverage of important issues, and what finished intelligence products NSA
should produce.
Strategic analysis is analysis that is generally more forward looking or that tries to take several
pieces of intelligence analysis and examine them for themes, patterns, or concepts in order to
address larger issues. Based on past experience, I believe the NSA must be competent in this
discipline so that it can assess the value of its reporting at informing strategic analysis, but the
overall role of strategic analytic reporting itself falls to all-source intelligence agencies. In this
way, strategic analysis is occurring every day at the NSA but not in the formal sense that it does at
all-source reporting agencies.
QUESTION 28: What are your views concerning the quality of intelligence collection
conducted by the NSA, and what is your assessment of the steps that have been taken to
date to improve that collection?
From my previous experience at the NSA, I can say that I expect to find that the quality is of very
high value. I believe the NSA has historically succeeded in response to changes in missions and
technology. If confirmed, I will be better able to assess and provide more informed
recommendations on this issue.
QUESTION 29: If confirmed, what additional steps would you pursue to improve intelligence
collection and what benchmarks will you use to judge the success of future collection efforts by
the NSA?
First, I would make a comprehensive assessment in order to better understand current challenges
and performance and determine what actions are necessary to improve collection. The success
of future collection efforts ultimately must be judged by the feedback of our customers,
11

3/8/2018 3:20 PM

principally the Nation’s policy makers and military commanders, on the quality and usefulness
of our foreign intelligence reporting that results from our collection efforts. NSA does not
collect foreign intelligence for its own purposes but in response to its customers’ intelligence
requirements, so ultimately, any benchmark must take into account their views.
QUESTION 30: What are your views on the role of foundational research to NSA’s mission?
From my previous experience at the NSA, I can say that I expect to find foundational research
remains a core component to its success. I am aware that the NSA has a robust in-house research
organization that has conducted pioneering research since the Agency’s creation. If confirmed, I
will be better able to assess and provide more informed recommendations on this issue.
NSA Personnel
QUESTION 31: The Committee’s most recent Intelligence Authorization bill, as well as the
Intelligence Authorization Act for Fiscal Year 2017 (P.L. 115-31), included provisions supporting
IC employment of those with science, technology, engineering, and mathematics (STEM)
backgrounds and expertise. If confirmed, how would you undertake outreach, recruitment, and
retention of employment candidates with STEM experience?
Recruiting, training, retaining, and empowering the best and brightest our Nation has to
offer is mission critical for the NSA. If confirmed, I will ensure that the NSA has a culture
where employees can thrive and feel proud of their mission. I understand that this
committee has led an effort in the 2018 Intelligence Authorization Act to ensure certain
STEM employees in mission critical roles can receive more compensation, and I am
supportive of that effort. In my experience, people who work at the NSA understand there
is a mission side to their job and don’t expect salary comparable to the private sector, but
it’s important that the Agency have some flexibility with compensation to remain as
financially attractive as possible.
QUESTION 32: What is your view of the principles that should guide the NSA in its use of
contractors, rather than full-time government employees, to fulfill intelligence-related functions?

a. Are there functions within the NSA that are particularly suited for the use of
contractors?
The Federal Government, including the Department of Defense, and the Intelligence Community
has long history of successfully using contractors. I will be better able to assess specific examples
relevant to this question if confirmed, but I believe there are certainly functions for which the
NSA can use contractors to achieve a positive outcome with savings to the taxpayer.

b. Are there some functions that should never be conducted by contractors, or for which
use of contractors should be discouraged or require specific DIRNSA approvals?
12

3/8/2018 3:20 PM

Contractors should not perform work roles and functions that are inherently governmental in
nature. Presently, I lack in-depth insight into specific work roles or functions; if confirmed, I
would seek to understand this through discussions with appropriate NSA personnel.

c. What consideration should the NSA give to the cost of contractors versus government
employees?
It is important to have the right workforce mix between civilian and contractor employees. If
confirmed, I will take into account the costs associated with either role in order to ensure the
NSA has achieved the right mix.

d. What does the NSA need in order to achieve an appropriate balance between
government civilians, military personnel, and contractors?
Foremost, is careful understanding of the Agency’s functional requirements. First,
understanding which functions are inherently governmental and not appropriate for
contract personnel. Second, determining what balance of personnel best fulfills functional
requirements in each area and the cost tradeoffs associated with it. If confirmed, I intend
to explore this area more.
QUESTION 33: If confirmed, what will you do to ensure that there are equal professional
opportunities for all members of the NSA workforce?
If confirmed, I will ensure equal professional opportunities for all the NSA workforce through
several important efforts. First, I will demonstrate through my words and deeds that diversity is
a key component of the Agency’s success. Second, I will support the continued work by the
Agency to ensure facilities are available to all people, with or without disabilities. Finally, I
will look to measure the Agency’s progress with diversity, ensuring our workforce and
leadership are reflective of both the people who work at the NSA and our Nation.
QUESTION 34: What is your assessment of the personnel accountability system in place at the
NSA?
It is my understanding that the NSA has robust measures to hold personnel accountable for their
actions. There is an independent Inspector General, confirmed with the advice and consent of
the Senate, who identifies and investigates wrongdoing. There is a strong Equal Employment
Opportunity program, and there are investigations, both routine and special, of security issues.
My impressions may be dated, but as I saw during my past assignments at NSA, the Agency
uses these programs to hold personnel accountable as appropriate.
QUESTION 35: What actions, if any, should be considered to ensure that the IC has a fair
process for handling personnel accountability, including serious misconduct allegations?
13

3/8/2018 3:20 PM

Speaking just from my previous experience at NSA, I believe equitable processes must be in place
that ensure for appropriate due process, and the independence of the Inspector General must be
sacrosanct. This is a very important area for further assessment, if I am confirmed.
Security Clearance Reform
QUESTION 36: What are your views on the security clearance process?
I am aware the Director of National Intelligence has ongoing efforts to examine and reform the
security clearance process. I support these initiatives as I believe the current process is
challenged by large backlogs of unfinished background investigations, lacks the technology that
might enhance broader data points, and takes too long to complete a background investigation
and final clearance to empower a trusted workforce.
QUESTION 37: If confirmed, what changes, if any, would you seek to make to this process?
I do intend to fully support any pilot that provides the opportunity to improve the background
investigation and security clearance process, leading to both greater effectiveness and efficiency
to recruit and hire an elite, trusted workforce. If confirmed, I will evaluate the proposals
presented and make an assessment of the changes that might be necessary.
Management of the National Security Agency
QUESTION 38: In what ways can DIRNSA achieve sufficient independence and distance from
political considerations to serve the nation with objective and dispassionate intelligence
collection and analysis?
If confirmed, I pledge to this Committee that I will follow in the footsteps of my predecessors to
ensure NSA continues its long tradition of providing professional, non-partisan intelligence to
any administration. Specifically, I will maintain and continue to encourage an environment
where analysts can feel comfortable creating accurate intelligence assessments, without regard
for the policy implications of any particular assessment.

a. If confirmed, how will you ensure this independence is maintained?
I have spent 31 years in the United States Army, over half of which have involved providing
intelligence to policy makers or military leaders. If confirmed, I will look to ensure the Agency’s
independent approach to analysis is maintained by dedicating the organization to effective
collection, objective analysis, and dispassionate reporting of conclusions as part of the larger
intelligence community. I will make it clear to leaders throughout the organization that the NSA's
first duty is to the Nation.
14

3/8/2018 3:20 PM

b. What is your view of DIRNSA’s responsibility to inform senior Administration
policy officials or their spokespersons when the available intelligence either does not
support or contradicts public statements they may have made?
The DIRNSA, like all leaders of the intelligence community, has a responsibility to
communicate clearly the analysis and conclusions of their organization. If there is a disconnect
with public statements, the DIRNSA then has a responsibility to re-communicate those
conclusions to Administration officials.
QUESTION 39: How would you resolve a situation in which the assessments of your analysts
are at odds with the policy aspirations of the administration?
I do not believe there is anything to resolve in such a situation. Clearly, the responsibility of
intelligence analysts is to make objective assessments and report their best judgment and
conclusions independent of such considerations. If confirmed, I would communicate the Agency's
conclusions objectively without regard to such conflicts.
QUESTION 40: What are your views of the current NSA culture and workforce?

a. What are your goals for NSA’s culture and workforce?
If confirmed, my goals for NSA’s culture and workforce center on emphasizing the uniqueness
and importance of the NSA’s mission with each person who works for the Agency. The phrases
that greet each employee as they enter into the Agency, like “Defend the Nation” and “Secure the
Future” capture the criticality of what the NSA does each day. I intend to make this a focal point
of what the Agency does, in concert with upholding full compliance with our laws and the
protection of Americans’ Constitutional rights.

b. If confirmed, what are the steps you plan to take to achieve these goals?
I would look to achieve these goals through strong and engaging interaction with the workforce
where I can provide my message; a continual dialogue with leaders within the Agency; a broad
strategic messaging campaign that touches all parts of the Agency; and ways to leverage feedback
as to the effectiveness of this message and its impact on the workforce.

c. How will you strengthen the relationship between the civilian and military members
of the NSA workforce?
I believe a close working relationship between the Director and Deputy Director sets the tone for
effective relationships between the civilian and military members of the NSA workforce. If
confirmed, I would also look to empower both civilian and military leaders in key leadership
15

3/8/2018 3:20 PM

positions. Finally, I would seek training and education venues that explain both the similarities
and differences of the civilian and military workforce components to ensure greater understanding
of the important roles each plays in accomplishing the Agency’s mission.
Transparency
QUESTION 41: Do you believe that intelligence agencies need some level of transparency to
ensure long-term public support for their activities?
Yes. Public trust is foundational to the Intelligence Community’s ability to conduct its activities,
and transparency to Congress and to the public is a critical part of earning and maintaining that
trust.
QUESTION 42: If confirmed, what would be your approach to transparency?
Given that many details about the NSA’s activities must remain classified, it is important that we
have the public’s trust in what we do. Transparency plays a vital role in gaining and maintaining
that trust.
My approach to transparency involves multifaceted objectives. First, the NSA must be open and
honest with its overseers, both in Congress and across the Executive and Judicial branches.
Because of the inherent confidentiality in much of the Agency’s work, NSA’s overseers act as a
surrogate, ensuring on the public’s behalf that the Agency carries out its activities in a manner
consistent with the rule of law.
Second, to the extent possible, the NSA must make available to the public information about its
activities in a manner that enhances public understanding without jeopardizing sensitive sources
and methods. Sharing information with the public is critical to facilitating responsible discussions
about the manner in which the Agency executes its mission and it engenders public trust in the
NSA.
Disclosures of Classified Information
QUESTION 43: In your view, does the NSA take appropriate precautions to protect classified
information and prevent, deter, investigate, and punish unauthorized disclosures of classified
information?
I believe that many appropriate precautions are in place; but that recent events demonstrate a
need to re-validate and improve in this area. Presently, I am unable to make a fully informed
judgement of this question; therefore, if confirmed, I intend to evaluate ongoing efforts to better
secure the network and secure the environment before providing my full assessment.

16

3/8/2018 3:20 PM

QUESTION 44: If confirmed, how will you ensure that appropriate and necessary precautions to
protect classified information are maintained and improved, if necessary?
If confirmed, I will better be able to assess what improvements, if any, are necessary. More
broadly, protecting classified information is vital for the NSA to execute its mission successfully.
Ensuring continuation and enhancement of the effective improvements made over the last several
years will be a primary focus for me.
QUESTION 45: If confirmed, how would you manage, and what priority would you give, to
addressing the following issues:

a. The vulnerability of NSA information systems to harm or espionage by trusted
insiders;

b. The vulnerability of NSA information systems to outside penetration;
c. The readiness of NSA to maintain continuity of operations;
d. The ability of NSA to adopt advanced information technology efficiently and
effectively; and

e. The NSA’s recruitment and retention of skilled STEM and information technology
professionals, including contractor personnel.
If confirmed, my priorities for the NSA will be to recruit and retain top talent, improve signals
intelligence (SIGINT) collection against critical adversaries, and ensure the security of NSA’s
network and enterprise. Each of these above issues falls within these top priorities. I see each of
these issues as significant components of the proposed priorities.
QUESTION 46: How do you think that individuals who mishandle, intentionally or
unintentionally, classified information should be dealt with? Would you draw distinctions based
on intent?
Mishandling classified information is an incredibly serious matter. Criminal penalties and
workplace discipline, including termination and revocation of security clearances, are all options
that should be considered based on the facts of the situation. Intent is certainly relevant under the
law and certain internal procedures, but the specifics of when and how it matters are difficult to
discuss without the facts of a particular case.

17