NNSA Principal Deputy Administrator Frank Rose Remarks at the CONCISE-UTSA Workshop, September 11, 2023

Thank you, Gwen, for that kind introduction and for the invitation to speak with you this afternoon.  

It was great to meet so many CONCISE students and alumni this morning, as well as getting to speak to their mentors from the Department of Energy’s national laboratories.  It is hard to overstate how much respect I have for CONCISE’s work in attracting, educating, and developing cybersecurity research skills for students from your four participating universities, which as I’ll explain shortly is critical for protecting our nation’s critical infrastructure for the next generation.

Before looking to the future, however, I think it is important today to take a moment to honor the past.  It was exactly 22 years ago, on a beautiful, late summer day like today, that the 19 al-Qa’ida terrorists hijacked four airplanes and turned them into guided missiles, killing nearly 3,000 Americans at the World Trade Center, the Pentagon, and in Pennsylvania.  Whereas most of the students here today either weren’t born yet or were too young to have any memory of that day – and I say this more as a reflection of my age than your youth – at the time I was working at the Defense Department and was only two corridors away from where American Airlines Flight 77 crashed into the E Ring.  Amidst the tragedy and heroism of that day, there was also the sense those horrific attacks shattered the illusion of America’s invulnerability in the post-Cold War world. 

Given that many national security experts warn that the next 9-11 could be a catastrophic cyberattack against America’s critical infrastructure, I think this workshop marks a timely confluence of remembering past threats, discussing present dangers, and engaging with the CONCISE students here today who will become the future experts helping to protect our nation. 

Therefore, this morning I’d like to focus my remarks on three specific topics:

1) The international threat environment, and how nuclear, cyber, and other strategic issues are interrelated;

2) How the National Nuclear Security Administration’s mission and partnerships enable us to address these challenges; and

3) How CONCISE and other Minority Serving Institutions fit in to what NNSA is doing to recruit and retain the next generation of highly-skilled scientists, engineers, and information technology and cybersecurity professionals to ensure we not only are meeting these challenges in the next 3-to-5 years, but for the next generation.

NNSA and the Emerging Threat Environment

Let’s begin by quickly surveying the emerging threat conditions that are shaping our decisions about nuclear and cybersecurity.  As the U.S. Director for National Intelligence’s recent Annual Threat Assessment concluded:

The United States and its allies will confront a complex and pivotal international security environment dominated by . . . strategic challenges [that] will intersect and interact in unpredictable ways, leading to mutually reinforcing effects that could challenge our ability to respond.

In addition to shared global challenges such as climate change, health security, narcotics trafficking, and terrorism, the D-N-I warns of an era of renewed nation-state conflict and strategic competition with great powers and rising regional powers. Indeed, prior to its invasion of Ukraine, Russia was already accelerating its nuclear modernization programs, especially in non-strategic weapons and delivery systems and novel, “exotic” weapons like an autonomous nuclear torpedo.  Although the United States and Russia were able to extend New START in early 2021 for another five years, Russia has since announced their suspension of implementation of the treaty.  And Putin’s ominous statements, and those of other Russian officials, hinting at the potential use of nuclear weapons in Ukraine are dangerous and irresponsible.

Russia’s unprovoked invasion of Ukraine has also featured an unprecedented event in the history of warfare: ongoing hostilities around—and armed seizure of—operating civil nuclear power plants.  The risks associated with military activities around Ukraine’s nuclear facilities cannot be overstated, as they undercut safety, hinder the International Atomic Energy Agency’s ability to fulfill its safeguards mandate, and increase the risk of a nuclear accident or incident that could affect large numbers of people in Ukraine and neighboring states, with impacts felt around the world.  Russia’s military attacks and seizures of nuclear facilities in Ukraine severely undermine Moscow’s claim to be a responsible nuclear power, and have been strongly condemned by the international community.

At the same time, China is expanding its political and economic influence and is in the midst of the largest ever nuclear force expansion and arsenal diversification in its history.  It is building hundreds of new I-C-B-M silos and is increasing the number and types of nuclear weapons without transparency in either its doctrine or forces.  Moreover, despite repeated attempts by the last several U.S. presidential administrations, Beijing has not shown any interest in engaging in either the strategic stability or arms control discussions expected of a responsible nuclear power.  This opacity makes determining an effective strategy more difficult, both in terms of maintaining deterrence and in finding a way to integrate China into a future arms control and strategic stability framework.

Looking beyond these peer competitors, North Korea has expanded its nuclear weapons stockpile and range of delivery capabilities and has resumed I-C-B-M testing.  Additionally, in stark contrast to the tenets of the Non-Proliferation Treaty, last year Kim Jong Un announced a new “Nuclear Forces Policy Law” that would permit Pyongyang to use nuclear weapons first against non-nuclear states.

And while Iran may or may not agree to the conditions necessary to return to the Joint Comprehensive Plan of Action, in the past five years it has expanded its nuclear program to operate more advanced centrifuges and enrich more uranium, including at levels closer to weapons grade.

In addition to the challenges these nations pose for our decisions about nuclear deterrence and nonproliferation, Beijing, Moscow, Tehran, and Pyongyang have also demonstrated the capability and intent to advance their interests at the expense of the United States and its allies through malicious cyber operations.  From the massive theft of American intellectual property and military designs; to the NotPetya ransomware attacks; to the SolarWinds breach in 2020, these nations have sought to use cyber operations to undermine U.S. strategic advantages.

Although such cyberattacks are clearly not as deadly as a potential nuclear attack, they threaten U.S. and allied interests in several ways that relate to nuclear strategy and security.  First, like nuclear threats, cyberattacks allow potential adversaries to directly attack our strategic interests – and possibly the U.S. homeland through attacks on critical infrastructure – without first having to defeat the U.S. military.  Because America’s economy, our basic services, and our military power are highly integrated with the Internet, we are more vulnerable to disruption than less “connected” states.  This asymmetric vulnerability makes offensive cyber capabilities a cost-effective method for adversaries to threaten and attack U.S. targets with strategic effects.

Moreover, just as the increasingly rapid pace of technological advancements have lowered the bar to the proliferation of weapons of mass destruction, emerging technologies and low entry-costs for significant cyber capabilities enable non-state actors to threaten our infrastructure and transnational cyber criminals to fuel a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide.

In the nuclear realm, this threat is particularly dangerous.  Iran and Russia have both shown a significant capability in compromising the Industrial Control Systems of various critical infrastructure systems.  Such an attack against a nuclear plant anywhere in the world could have catastrophic consequences.  Indeed, an intrusion on the early-warning satellites or command-and-control networks associated with the U.S. nuclear deterrent, or those of our adversaries – even if unintentional – could be misperceived as the start of a preemptive attack and trigger a potentially disastrous escalation cycle. 

Taken together, these developments make for a very complex international environment, one that is dramatically different from that which we faced 25 years ago.  These emerging global threat conditions inform NNSA’s decisions about how to approach our missions and are why NNSA Administrator Jill Hruby told Congress in April, “Not since the Manhattan project has there been a more challenging moment for the NNSA.”

NNSA’s Missions

Although some of you may be familiar with NNSA and its predecessor agencies, for those of you who are not, NNSA was established by Congress in 2000 with three enduring missions:

1. Ensuring the safety, security, and effectiveness of the U.S. nuclear weapons stockpile;

2. Reducing the threat of nuclear proliferation and nuclear terrorism around the world; and

3. Providing military effective nuclear propulsion for the U.S. Navy’s fleet of aircraft carriers and submarines.

To execute these missions, NNSA manages eight government-owned, contractor operated national laboratories, plants, and sites throughout the country.  These partners – and the nearly 60,000 scientists, engineers, technicians, managers, and support staff who comprise the Nuclear Security Enterprise’s workforce – apply world-class scientific, engineering, and technological capabilities to support nuclear security and global stability.

NNSA has the responsibility to design and build the nation’s nuclear stockpile, and to continue to maintain the stockpile without resuming nuclear explosive testing.  In order to provide nuclear warheads that meet safety, security, and performance requirements, NNSA is currently executing five warhead modernization programs. These warhead modernizations enhance the margin against failure, increase safety, improve security, replace limited life components, address component obsolescence, and support the U.S. Department of Defense’s delivery platform modernization.

What these modernization programs do not do is equally important.  Last year’s Nuclear Posture Review made clear that the Biden administration will take steps to reduce the role of nuclear weapons in our national security strategy.  We are not trying to match Russia’s large arsenal of non-strategic nuclear weapons on a weapon-for-weapon basis.  Instead, we are pursuing a qualitative and comprehensive approach towards maintaining a viable deterrent for the future at a time of rising threats.  Indeed, this modernization strategy is not solely aimed towards meeting near-term threats the United States may encounter over the next three to five years, but rather attempts to look forward in terms of decades to hedge against risk and prudently plan for future contingencies. 

To support this modernization effort, we are increasing investment in the science, technology, and engineering – ST&E – that serve as the foundation for science-based stockpile activities and develop new and innovative solutions for nuclear security.  The preeminent ST&E capabilities at NNSA’s laboratories, plants, and sites are essential tools for addressing the range of national security imperatives within our mission. We will build on our unparalleled science portfolio and accelerate the integration of leading-edge ST&E – to include new technologies such as exascale, quantum, and other advanced computing; artificial intelligence, data fusion, and open-source data collection; and advanced and additive manufacturing and automation – throughout operations to enable our modernization goals and strengthen our ability to defend against new threats.

It is worth noting here that potential adversaries do not need to directly attack the systems DoD depends upon to execute its nuclear deterrence mission to undermine our deterrent. According to the 2022 Nuclear Posture Review, the goals of U.S. nuclear forces are to:

• Deter all forms of strategic attack against the U.S. homeland or the territory of Allies and partners;
• Assure Allies and partners that the United States is willing and able to deter the range of strategic threats they face, and mitigate the risks they will assume in a crisis or conflict; and
• Achieve U.S. objectives if deterrence fails and the President concludes that the employment of nuclear weapons is necessary.

These goals can only be met if the President has full and complete confidence in the safety, security, and reliability of the U.S. nuclear weapons stockpile.  Cyberattacks against the Nuclear Security Enterprise’s supply chain could undermine this confidence, and therefore have significant strategic effects in the event of an unfolding crisis or conflict.

This is why one of Administrator Hruby’s top priorities upon arriving at NNSA was to improve our cybersecurity, and why we are investing in capabilities to address future cybersecurity challenges across the Nuclear Security Enterprise.  Our funding for Cyber and I-T has grown 42 percent from Fiscal Year 22 to Fiscal Year 24’s budget request. This funding goes towards strengthening our cyber infrastructure, cyber tools, and information technology by enabling us to implement a zero-trust architecture strategy, secure industrial control systems, and support work at our partner laboratories, plants and sites.

Yet the simple reality is that when it comes to leveraging innovation to meet future challenges, NNSA can’t do it alone.  Our success depends on our ability to collaborate, and thus we are working to strengthen partnerships with other government agencies, international partners, industry, academia, and the public to enhance collaboration, information sharing, and transparency.  Together with DOE elements such as the Office of the Chief Information Officer; the Office of Cybersecurity, Energy Security, and Emergency Response; and the Office of Science, NNSA is leveraging innovation to create new programs to address future cybersecurity challenges across the Nuclear Security Enterprise.

Forging productive relationships with these external collaborators allows new ideas to be created, refined, and developed, and improves how we enable science, production, and infrastructure. These enduring institutional relationships include working with Minority Serving Institutions – or M-S-I’s – to create opportunities for students to engage with NNSA and the broader Enterprise through internships, research projects, and other initiatives.

MSIPPs and Developing the Future Workforce

I think this final point is worth expanding upon.  For while NNSA is increasing investment in infrastructure and the science, technology, and engineering that underpins our national security missions, I believe one thing should be clear: in addition to investments in facilities and technology, we also must make a commitment to investing in people.  In fact, at my level as Deputy Administrator, cybersecurity is not really a technological challenge so much as a people challenge, which is why 87 percent of NNSA’s budget request for Cyber and I-T goes towards labor and workforce development.

As important as state-of-the-art facilities are, they mean nothing without the right people. The effectiveness and credibility of our nuclear deterrent, nuclear security, and counterthreat missions are directly supported by our scientific, engineering, and technological capabilities, or more precisely, by the work performed every day by the scientists, engineers, chemists, managers, technicians, and support staff that comprise the Nuclear Security Enterprise’s workforce. 

Yet even though the demanding global security environment noted above means that the Enterprise is facing our heaviest workload in decades, roughly one-third of our workforce will be eligible for retirement over the next five years.  Consequently, recruiting and retaining the next generation of highly-skilled scientists, engineers, and I-T and cybersecurity professionals is vital to our national security.

This is why NNSA is pursuing an aggressive hiring strategy of four-to-six thousand employees annually across the Nuclear Security Enterprise. To ensure our long-term mission success, however, we need to go beyond accelerated hiring and actually help to cultivate and grow a STEM workforce for the next generation.  To further help develop, train, and recruit the Enterprise’s workforce of the future, last year NNSA funded over $100 million in grants and cooperative agreements with top universities across the country.  We have also asked Congress for a 36 percent increase in funding for our Academic Programs and Community Support program in our Fiscal Year 2024 budget request.

NNSA has also significantly increased our outreach to diversify our nuclear security experts and ST&E workforce by increasing partnerships with Minority Serving Institutions, such as Historically Black Colleges and Universities, Tribal Colleges and Universities, and Hispanic Serving Institutions.  The Minority Serving Institutions Partnership Program (or M-S-I-P-P) is designed to build a sustainable STEM pathway that prepares a diverse workforce of world class talent through strategic partnerships between M-S-Is and the Nuclear Security Enterprise.  Currently, M-S-I-P-P supports 33 consortia consisting of 56 M-S-I partners as well as NNSA partner laboratories, production plants, and sites.  This approach has resulted in a 25% increase in recruitment, contributing to a more inclusive and dynamic workforce reflective of the nation.

The CONCISE Project is a prime example of this success in supporting this mission and building and sustaining a diverse and trained workforce.  The partnerships led by U-T-S-A, UNLV,  Savannah State University, and North Carolina A&T – and integral collaborations with Nevada Nuclear Security Site, Idaho National Laboratory, and Sandia National Laboratories – provide students with a pathway into the Nuclear Security Enterprise through its focus on STEM topics, particularly in the field of cybersecurity, and we look forward to welcoming more than 100 CONCISE graduates into the D-O-E/NNSA cyber workforce by the end of 2025. 

Conclusion

In conclusion, the bottom line is that in a complicated world with complex threats to our national security and global stability, we cannot afford to leave any talent on the table.  Strengthening our partnerships with M-S-Is ensures America has the scientific and technical expertise to protect NNSA’s critical assets and information, and to execute our nuclear security missions for the next 20 years and beyond.

I am grateful to Dr. Chen and her colleagues on CONCISE’s academic teams for allowing me to participate in this workshop, and for what you do each day to advance the knowledge of your students. 

Thank you to the University of Texas-San Antonio for being such gracious hosts. 

And thank you to the students here for allowing me the opportunity to speak with you today.  I look forward to your questions.