United States Congress, Statement of Brig Gen Mary F O'Brien, USAF, to the Senate Armed Services Committee Closed Hearing Entitled "Cyber Threats to the United States" , April 4 2017. Top Secret.
National Security Archive
Brig Gen O’Brien’s 2017 Senate testimony reveals how the newly minted U.S. Cyber Command framed state and non‑state threats, set defensive priorities, and launched a joint task force against ISIS.
Source: United States Congress, Statement of Brig Gen Mary F O'Brien, USAF, to the Senate Armed Services Committee Closed Hearing Entitled "Cyber Threats to the United States" , April 4 2017. Top Secret. Date: Apr 4, 2017 Archive: FOIA Document
Editorial Analysis
Original analysis by the DriftSeas editorial desk. The complete primary-source document, transcribed from the National Security Archive scan, appears in full below.
A Testimony at the Dawn of the Cyber Age
On 4 April 2017 Brigadier General Mary F. O’Brien, then director of intelligence for U.S. Cyber Command, appeared before the Senate Armed Services Committee’s sub‑committee on emerging threats. The hearing was closed, the transcript classified Top Secret//NOFORN/FISA, and the purpose was to brief senior legislators on the evolving cyber threat landscape and on the operational posture of the newly created combatant command. O’Brien’s remarks were not a policy speech but a status report: she outlined Cyber Command’s three‑mission set, identified the nation‑state and non‑state actors that the command tracks, and described a joint task force—JTF ARES—dedicated to degrading ISIS through cyber means.
The testimony came at a watershed moment. In 2010 the Department of Defense had stood up U.S. Cyber Command as a response to the 2007 cyber‑espionage incidents attributed to China and the 2008 Russian “Titan Rain” intrusions. By 2015 the command had been elevated to a unified combatant command, reflecting the Pentagon’s recognition that cyberspace had become a warfighting domain on par with land, sea, air and space. The 2017 briefing therefore sits squarely in the first half‑decade of Cyber Command’s maturation, a period when the service was still defining its doctrine, building a joint workforce, and proving its relevance to conventional warfighting and counter‑terrorism.
Who Was Speaking, and Who Was Listening?
Brig Gen O’Brien represented the intelligence directorate of Cyber Command, a hybrid organization that pulls analysts from the Defense Intelligence Agency, the NSA, and the other services. Her dual role—as a senior officer in a combatant command and as a representative of the National Security Agency—underscores the blurred lines between offensive cyber operations and intelligence gathering. In the opening remarks she emphasized that defending Department of Defense networks remained the “No. 1 priority,” a phrase that mirrors the 2015 DoD Cyber Strategy and signals to Congress that the command’s core mission is protective rather than purely kinetic.
The audience included Chairman John Rounds (R‑WV) and Ranking Member Jack Nelson (D‑CO), both veterans of the post‑9/11 era who had overseen the expansion of cyber‑related appropriations. Their presence indicates that the hearing was part of the annual appropriations oversight process, where the committee evaluates whether to fund the command’s burgeoning budget, which at the time hovered around $7 billion. The closed nature of the session reflects the sensitivity of the intelligence sources and methods discussed, particularly the reference to “all‑source intelligence threat picture” and the mention of FISA‑protected material.
Reading Between the Lines
O’Brien’s enumeration of adversaries—Russia, China, Iran, North Korea, and ISIS—does more than list threats; it maps a hierarchy of strategic concern. By placing Russia and China alongside each other as “full‑scope cyber actors with capabilities equivalent to the US,” the testimony signals congressional awareness of a peer‑competitor challenge that would later dominate the 2018 National Defense Authorization Act debates. The inclusion of Iran and North Korea as “increasingly capable” hints at a growing worry about asymmetric actors that can exploit vulnerabilities in critical infrastructure without the resources of a great power.
The brief nod to ISIS as a “serious and complex threat… but not at the level of a state actor” is revealing. It acknowledges that non‑state groups can wield cyber tools—propaganda, recruitment, and limited sabotage—but that their operational reach remains bounded. Yet the subsequent description of JTF ARES, created in May 2016, demonstrates that the command was already integrating cyber operations into the broader counter‑ISIS campaign led by U.S. Central Command. The mention of “tremendous support from the intelligence community, to include NSA, DIA, NGA and CIA” underscores a whole‑of‑government approach, prefiguring the 2018 establishment of the Joint Cyber Center.
Finally, O’Brien’s emphasis on “innovative processes” and a “dedicated workforce” hints at the internal challenges Cyber Command faced: recruiting technically skilled personnel, developing doctrine, and balancing defensive and offensive missions. The reference to specialized recruiting and training programs points to the early stages of what would become the Cyber Talent Management Initiative, a later congressional priority.
Why This Testimony Still Matters
The 2017 briefing offers a rare, contemporaneous snapshot of how the Pentagon framed cyber threats to lawmakers at a time when the domain was still emerging from the shadows. It reveals the strategic calculus that has shaped subsequent policy: the focus on defending DoD networks, the elevation of peer competitors, and the integration of cyber tools into counter‑terrorism.
In the years following the hearing, Congress approved a permanent cyber budget line, mandated the creation of a Cyber Command deputy commander, and passed legislation to improve cyber workforce pipelines—all issues foreshadowed in O’Brien’s remarks. Moreover, the document’s declassification date—2042—means that for decades scholars will rely on this testimony as a primary source for understanding the early operational mindset of U.S. Cyber Command.
In short, Brig Gen O’Brien’s 2017 statement is more than a procedural briefing; it is a concise articulation of the United States’ nascent cyber strategy, the adversarial landscape it confronted, and the institutional reforms it set in motion. For historians of cyber warfare, it is a keystone that links the command’s formative years to the broader narrative of 21st‑century national security.
TOP SECRET//NOFORN/FISA
(U) Opening Statement
(U) Chairman Rounds, Ranking Member Nelson, and Members of the Sub-committee: I would like to thank you for your interest in cyber issues and this opportunity to discuss cyber threats on behalf of U.S. Cyber Command.
(U) ADM Rogers is both the Commander of U.S. Cyber Command and Director of the National Security Agency. However, as the Director of Intelligence, I am a representative of U.S. Cyber Command.
(U) Established in 2010, U.S. Cyber Command performs three vital missions: Defend the Department of Defense's information networks (which is our No. 1 priority), achieve combatant commander objectives, and, when directed, deter or defeat strategic threats to our Nation's interests and infrastructure.
(U) The state and malicious non-state actors of greatest concern to the U.S. in cyberspace have varying goals, from espionage to information control to accessing critical networks for future operations to exploit for commercial, scientific or technical gains. As their activities evolve, they pose an ever-increasing risk to Department of Defense systems, to the systems of other federal departments and agencies, to our national critical infrastructure, and to U.S. companies and interests.
(U) We continue to watch Russia, China, Iran, and North Korea closely in cyberspace. Russia and China are both very capable, full-scope cyber actors with capabilities equivalent to the US; Iran and North Korea represent increasingly capable challenges to U.S. interests. ISIS represents a serious and complex threat to the US, but not at the level of a state actor. (b)(1) Sec. 1.7(e)
Classified By: (b)(3) Derived From: Multiple Sources Dated: 20170330 Declassify On: 20420301
TOP SECRET//NOFORN/FISA
TOP SECRET//NOFORN/FISA (b)(1) Sec. 1.7(e) (S//NF) (b)(1) (b)(1) (S//REL TO USA, FVEY/FISA) (b)(1) (b)(1) (TS//NF/FISA) (b)(1) (b)(1) TOP SECRET//NOFORN/FISA
TOP SECRET//NOFORN/FISA (b)(1) (S//NF/FISA) (b)(1) (b)(1) (U//FOUO) Terrorist Groups, including the self-proclaimed Islamic State of Iraq and ash-Sham (ISIS), HAMAS, and Lebanese Hizballah use cyber for widely varied purposes, including to intimidate enemies, recruit fighters, incite violence, conduct or inspire attacks, and command and control operations. (U//FOUO) To support the U.S. CYBERCOM mission, the Intelligence Directorate is responsible for operationalizing and fusing intelligence gathered by the intelligence community to create an all-source intelligence threat picture in order to support cyber planning and operations. Additionally, we provide situational awareness, collection management, human intelligence in cyberspace, and counterintelligence deconfliction. (U//FOUO) Similar to other combatant command intelligence directorates, our dedicated workforce is composed of a cadre of Defense Intelligence Agency professionals as well as military members from all services. Given our global responsibility, we rely on regional subject matter experts as well as analysts who also possess an understanding of the technology that underpins the rapidly evolving cyber domain. In addition to the complex analytical requirements, we've also developed specialized recruiting and training programs to support the growth of our non-kinetic cyber targeting, TOP SECRET//NOFORN/FISA
TOP SECRET//NOFORN/FISA
detailed scientific and technical intelligence capability and cyber ISR collection management necessary to deliver support to operational effects. While many of the existing doctrinal tactics, techniques and procedures apply to intelligence support to cyber operations, our workforce is developing innovative processes to optimize cyber effects.
(U) Most recently, our dedicated workforce is using these processes and procedures to support the critical counter-ISIS effort. For example, in the fight against ISIS, our teams are conducting cyberspace operations in support of U.S. Central Command's ongoing efforts to degrade, dismantle, and ultimately defeat ISIS.
(U) In May 2016, USCYBERCOM established a cyber Joint Task Force, JTF ARES, with a specific mission to accomplish cyberspace objectives in support of counter-ISIS operations. This JTF, comprising operations and intelligence professionals from each of the military services, has created tremendous efficiency and flexibility in mission completion by facilitating unity of command and effort for our cyber resources. We have received tremendous support from the intelligence community, to include NSA, DIA, NGA and CIA.
(TS//REL TO USA, FVEY)(b)(1) (b)(1)
(U) Thank you so much for your interest in U.S. Cyber Command and your support for the men and women in uniform as we continue to achieve positive mission outcomes for our Nation.
(U) I look forward to your questions.
TOP SECRET//NOFORN/FISA
NATIONAL SECURITY ARCHIVE
National Security Archive, Suite 701, Gelman Library, The George Washington University, 2130 H Street, NW, Washington, D.C., 20037, Phone: 202/994-7000, Fax: 202/994-7005, nsarchiv@gwu.edu