[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
BLACKOUT! ARE WE PREPARED TO MANAGE THE AFTERMATH OF A CYBERATTACK OR
OTHER FAILURE OF THE ELECTRICAL GRID?
=======================================================================
(114-39)
HEARING
BEFORE THE
SUBCOMMITTEE ON
ECONOMIC DEVELOPMENT, PUBLIC BUILDINGS, AND EMERGENCY MANAGEMENT
OF THE
COMMITTEE ON
TRANSPORTATION AND INFRASTRUCTURE
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
APRIL 14, 2016
__________
Printed for the use of the
Committee on Transportation and Infrastructure
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available online at: http://www.gpo.gov/fdsys/browse/
committee.action?chamber=house&committee=transportation
______
U.S. GOVERNMENT PUBLISHING OFFICE
99-931 PDF WASHINGTON : 2016
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON TRANSPORTATION AND INFRASTRUCTURE
BILL SHUSTER, Pennsylvania, Chairman
DON YOUNG, Alaska PETER A. DeFAZIO, Oregon
JOHN J. DUNCAN, Jr., Tennessee, ELEANOR HOLMES NORTON, District of
Vice Chair Columbia
JOHN L. MICA, Florida JERROLD NADLER, New York
FRANK A. LoBIONDO, New Jersey CORRINE BROWN, Florida
SAM GRAVES, Missouri EDDIE BERNICE JOHNSON, Texas
CANDICE S. MILLER, Michigan ELIJAH E. CUMMINGS, Maryland
DUNCAN HUNTER, California RICK LARSEN, Washington
ERIC A. ``RICK'' CRAWFORD, Arkansas MICHAEL E. CAPUANO, Massachusetts
LOU BARLETTA, Pennsylvania GRACE F. NAPOLITANO, California
BLAKE FARENTHOLD, Texas DANIEL LIPINSKI, Illinois
BOB GIBBS, Ohio STEVE COHEN, Tennessee
RICHARD L. HANNA, New York ALBIO SIRES, New Jersey
DANIEL WEBSTER, Florida DONNA F. EDWARDS, Maryland
JEFF DENHAM, California JOHN GARAMENDI, California
REID J. RIBBLE, Wisconsin ANDRE CARSON, Indiana
THOMAS MASSIE, Kentucky JANICE HAHN, California
MARK MEADOWS, North Carolina RICHARD M. NOLAN, Minnesota
SCOTT PERRY, Pennsylvania ANN KIRKPATRICK, Arizona
RODNEY DAVIS, Illinois DINA TITUS, Nevada
MARK SANFORD, South Carolina SEAN PATRICK MALONEY, New York
ROB WOODALL, Georgia ELIZABETH H. ESTY, Connecticut
TODD ROKITA, Indiana LOIS FRANKEL, Florida
JOHN KATKO, New York CHERI BUSTOS, Illinois
BRIAN BABIN, Texas JARED HUFFMAN, California
CRESENT HARDY, Nevada JULIA BROWNLEY, California
RYAN A. COSTELLO, Pennsylvania
GARRET GRAVES, Louisiana
MIMI WALTERS, California
BARBARA COMSTOCK, Virginia
CARLOS CURBELO, Florida
DAVID ROUZER, North Carolina
LEE M. ZELDIN, New York
MIKE BOST, Illinois
------
Subcommittee on Economic Development, Public Buildings, and Emergency
Management
LOU BARLETTA, Pennsylvania, Chairman
ERIC A. ``RICK'' CRAWFORD, Arkansas ANDRE CARSON, Indiana
THOMAS MASSIE, Kentucky ELEANOR HOLMES NORTON, District of
MARK MEADOWS, North Carolina Columbia
SCOTT PERRY, Pennsylvania ALBIO SIRES, New Jersey
RYAN A. COSTELLO, Pennsylvania DONNA F. EDWARDS, Maryland
BARBARA COMSTOCK, Virginia DINA TITUS, Nevada
CARLOS CURBELO, Florida PETER A. DeFAZIO, Oregon (Ex
DAVID ROUZER, North Carolina Officio)
BILL SHUSTER, Pennsylvania (Ex VACANCY
Officio)
CONTENTS
Page
Summary of Subject Matter........................................ iv
TESTIMONY
Panel 1
Hon. W. Craig Fugate, Administrator, Federal Emergency Management
Agency......................................................... 4
Patricia A. Hoffman, Assistant Secretary, Office of Electricity
Delivery and Energy Reliability, Department of Energy.......... 4
Caitlin A. Durkovich, Assistant Secretary for Infrastructure
Protection, National Protection and Programs Directorate,
Department of Homeland Security................................ 4
Richard Campbell, Specialist in Energy Policy, Congressional
Research Service............................................... 4
Panel 2
Gerry W. Cauley, President and Chief Executive Officer, North
American Electric Reliability Corporation...................... 28
William H. Spence, Chairman, President and Chief Executive
Officer, PPL Corporation....................................... 28
Bobbi J. Kilmer, President and Chief Executive Officer, Claverack
Rural Electric Cooperative..................................... 28
PREPARED STATEMENTS SUBMITTED BY MEMBERS OF CONGRESS
Hon. Andre Carson of Indiana..................................... 40
PREPARED STATEMENTS SUBMITTED BY WITNESSES
Hon. W. Craig Fugate............................................. 43
Patricia A. Hoffman.............................................. 49
Caitlin A. Durkovich............................................. 57
Richard Campbell................................................. 65
Gerry W. Cauley.................................................. 72
William H. Spence................................................ 80
Bobbi J. Kilmer.................................................. 90
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
BLACKOUT! ARE WE PREPARED TO MANAGE THE AFTERMATH OF A CYBERATTACK OR
OTHER FAILURE OF THE ELECTRICAL GRID?
----------
THURSDAY, APRIL 14, 2016
House of Representatives,
Subcommittee on Economic Development,
Public Buildings, and Emergency Management,
Committee on Transportation and Infrastructure,
Washington, DC.
The subcommittee met, pursuant to notice, at 10:05 a.m. in
room 2167, Rayburn House Office Building, Hon. Lou Barletta
(Chairman of the subcommittee) presiding.
Mr. Barletta. The committee will come to order. Today we
are holding a hearing to explore a critical and timely topic.
There have been numerous congressional hearings on
cybersecurity and how to stop the bad guys. What has not been
discussed in great detail is what the consequence will be from
a massive cyberattack that brings down, for example, a large
portion of the electrical grid for an extended period of time.
The purpose of today's hearing is to answer an important
question: With respect to cyberthreats to the electrical power
system, what consequences should the Federal Government tell
States and local governments to prepare for? In other words,
for how many people and for how long should States plan on
being without power?
The Federal Government does this now for almost every
significant hazard that we face. Whether it is a category 5
hurricane hitting Miami or an 8.0 earthquake in Los Angeles,
the Federal Government has realistic estimates or scenarios for
States and cities to plan. The Federal Government does not have
this basic planning scenario for a cyberthreat to the power
system, and there is a huge disparity in what different groups
think is a potential scenario for which States and local
governments should prepare.
And the difference would be significant for local
governments. If the power is out for a few days, it can be an
inconvenience, but if it is out for several weeks, or a month
or more, the local government has to potentially plan for
increased public safety, water treatment, sheltering, or
evacuation, fuel delivery for generators, and many other
contingencies.
What should we plan for? Ted Koppel, in his book, says that
we should plan on 6 to 18 months of uninterrupted blackouts.
The industry seems to say a cyberattack could, at most, cause
an interruption in terms of days, not weeks. And today we are
going to hear testimony from the Federal Emergency Management
Agency, the Department of Energy, the Department of Homeland
Security's National Protection and Programs Directorate, the
Congressional Research Service, the North American Electric
Reliability Corporation, and representatives from the
electrical industry. I hope to get an answer to this question
for State and local governments who are on the ground and will
be first charged with protection of people and property.
Imagine what we would do without electricity for a day, a
week, a month, a year. Virtually all critical infrastructure is
dependent on the electrical grid, particularly the lifeline
sectors: telecommunications, transportation, water, and
financial services. And if the goal of the bad guys is to
collapse the United States economic system, they are going to
try to cut off the power.
There have been reports of hacking attempts on electrical
facilities by foreign and domestic parties. Our national
security, public safety, economic competitiveness, and personal
privacy is at risk. According to the Department of Homeland
Security, the energy sector was the target of more than 40
percent of all reported cyberattacks.
And even more disconcerting was the December 2015
cyberattack on Ukraine's electric grid, which affected four
dozen substations and left one-quarter of a million people
without power. At the same time as the attack on the grid
itself, call centers were hit with a telephony denial-of-
service attack as customers were trying to report the outages.
If anyone thought this was a glitch, think again.
The electrical grid is not only under attack from
cyberspace, the electric power sector is all too familiar with
the devastation storms like Hurricane Sandy can leave behind,
or physical attacks like the 2013 incident at the Metcalf
substation in California. Thankfully, in the cases of storms
and physical attacks, the power sector has strong plans in
place and redundant systems to restore power quickly and to
avoid the loss of life and property.
But I am concerned about a cyberattack. Are there similar
plans in place for industry and for State and local government?
Will those redundancies provide the same types of protections?
Most recently, I have been discussing this topic with
constituents in my district, asking what they will do in their
communities if the power is out for a prolonged period of time.
Honestly, most of them don't know because we don't know what to
plan for. We have brought together the right people here to
tell us today.
We are also going to discuss what preparedness looks like,
best practices, and how we can achieve a greater level of
readiness, all the way down to the local mayors and township
supervisors. I am encouraged to hear all the industry talk
about an all-hazards approach and focusing on mitigating the
greatest risks, but I think there are some unique
characteristics of the cyberthreat that require specific
planning guidelines.
I know we cannot goldplate the system, but given the
interdependency of electricity with our daily lives, it is
crucial that we understand the risks and be prepared for the
likely consequences possible from the failure of that system.
I look forward to this conversation today, starting with
our witnesses, and I thank you all for being here.
I now call on Ranking Member DeFazio for his comments.
Mr. DeFazio. Thank you, Mr. Chairman. Mr. Chairman, you
certainly laid out well the potential threats of a cyberattack
against our critical electrical grid. We know there is constant
probing, some of it being done by nation-states, not just
terrorist groups, nation-states hostile to the U.S. And we need
to be certain that we are as prepared, well prepared, as we can
be. The Ukraine attack was perhaps a harbinger of things to
come.
The--I do believe, though, that the all-hazards approach
can also cover the cyberattack area. The issue of probably most
immediate concern to those of us who live in the Northwestern
United States is the threat of Cascadia subduction zone quake
in the magnitude of 9 or 9-plus, which will inevitably knock
out our grid. So, you know, there are going to be exercises
conducted, two exercises this year, with the cooperation of the
Department of Homeland Security and all the local and State
authorities in the region to simulate what would be possible in
the face of that sort of a disaster.
Many of the problems that could occur will be the same. You
know, the loss of transformers is particularly of concern, and
I am going to be probing that issue with some of the witnesses
today. There is a question whether the Federal Government
should be perhaps stockpiling these transformers, since now
they are basically custom orders. They take 6 to 18 months.
What if we lose a dozen large critical transformers because
of an earthquake, tsunami, or a cyberattack? You know, it seems
to me kind of a no-brainer that we should, either through
Government sources or through cooperation with the industry, be
creating a critical infrastructure component stockpile here in
the United States to deal with any and all of these sorts of
potential attacks. And a coordinated, physical attack and
cyberattack could, of course, be the most devastating, outside
of a massive earthquake/tsunami. And again, many of the same
issues arise.
And then one that doesn't get talked about very much any
more but we held a series of hearings on it years ago in the
Committee on Natural Resources--then called the Committee on
Interior and Insular Affairs--when we had jurisdiction over
nuclear power is the potential for a bomb in place. That is, a
nuclear plant. If you destroy the backup system--take over the
plant, destroy the backup system and the incoming power, you
can create a meltdown. And how good is the security at our
nuclear plants these days? I know this hearing isn't going to
get to that topic, I am not certain it is even within our
jurisdiction, but it is of concern to me, and I just wanted to
raise that issue, too.
So, like aviation, you know, electricity, the grid, the--
and nuclear plants are of interest to terrorist groups and
hostile nation-states, so we have got to be prepared. So I am
pleased you are holding this hearing today.
Mr. Barletta. Thank you. We will have two panels of
witnesses today. And on our first panel we will have
Administrator Fugate, the current Administrator of the Federal
Emergency Management Agency, the Federal coordinator for
consequence management; Assistant Secretary Hoffman from the
Department of Energy's Office of Electricity Delivery and
Energy Reliability--this is the office charged with
coordinating the Federal efforts to facilitate the recovery
from disruptions in the emergency and the energy supply;
Assistant Secretary Durkovich, the Assistant Secretary for
Infrastructure Protection from the Department of Homeland
Security; and Mr. Richard Campbell, an expert at the
Congressional Research Service in the electric power sector.
On our second panel we will be joined by Mr. Gerry Cauley,
the president and CEO of the North American Electric
Reliability Corporation, the international regulatory authority
whose mission is to assure the reliability of the bulk power
system in North America; Mr. William Spence, CEO of the PPL
Corporation, one of the largest investor-owned utility
companies in the United States; and Ms. Bobbi Kilmer, president
and CEO of the Claverack Rural Electric Cooperative, a
nonprofit electric utility serving 2,250 square miles in
northeastern Pennsylvania.
I ask unanimous consent that the witnesses' full statement
be included in the record.
[No response.]
Mr. Barletta. Without objection, so ordered. Since your
written testimony has been made a part of the record, the
subcommittee would request that you limit your oral testimony
to 5 minutes.
Let's start with our first panel. Administrator Fugate, you
may proceed.
TESTIMONY OF HON. W. CRAIG FUGATE, ADMINISTRATOR, FEDERAL
EMERGENCY MANAGEMENT AGENCY; PATRICIA A. HOFFMAN, ASSISTANT
SECRETARY, OFFICE OF ELECTRICITY DELIVERY AND ENERGY
RELIABILITY, DEPARTMENT OF ENERGY; CAITLIN A. DURKOVICH,
ASSISTANT SECRETARY FOR INFRASTRUCTURE PROTECTION, NATIONAL
PROTECTION AND PROGRAMS DIRECTORATE, DEPARTMENT OF HOMELAND
SECURITY; AND RICHARD CAMPBELL, SPECIALIST IN ENERGY POLICY,
CONGRESSIONAL RESEARCH SERVICE
Mr. Fugate. Thank you, Mr. Chairman, Ranking Members,
Members. I want to address your questions. What does a local
official need? What do they need to plan for? And I think,
based upon our experiences dealing with other hazards that have
caused disruptions, planning needs to be measured in weeks,
particularly if there is damage to infrastructure. And again,
with cyber, we have seen restoration potentially very quickly
if there is not physical damage. But if you do have damage to
things like very large transformers or generator capacity, that
will extend it.
We do know that it is important that in an initial
response, that you provide for safety and security. When lights
are out, power is out--we have had major metropolitan areas go
through this--you have a flurry of activity with people trapped
in elevators, traffic control, and the fact that initial
response may mean going out on patrol and looking for problems,
rather than waiting for the traditional call to 911, which may
or may not be impacted, as you have pointed out before, with
denial-of-service attacks.
Your next steps are pretty much, again, as the ranking
member points out, all hazards. You have to then provide for
the most immediate needs. Hopefully, your critical
infrastructure has power and emergency power, you have the fuel
supply you need. We have found in many cases communities
haven't planned for that. Either they don't have critical
equipment on backup power or they don't have adequate fuel
supplies--usually only enough fuel to run their weekly or
monthly test, but not to operate in a crisis.
Generators are very expensive. And so, in many cases, there
are other options, such as putting in transfer switches. The
idea is what are the things that are required to keep the
community up and running until power can be restored that are
lifelines? Water systems, wastewater treatment, communications,
your hospitals, and your 911 and other dispatch facilities.
Generally, these have emergency power, but it has to be planned
for real, not that it just works during the monthly test.
And then, as you have pointed out, Mr. Chairman, the
duration now starts driving additional issues. As we saw in New
Jersey and New York, the longer you have power disruptions, the
more you have cascading effects, from everything to not being
able to get to retail stores, grocery stores, others, gasoline
distribution. And again, as a community starts to try to
recover and get back to normal, these all become challenges.
So, the planning really is based upon safety, keeping your
primary life support systems up, focusing on the restoration of
the grid, and the reality that your residential areas will
probably be last to get power because you are going to try to
get your retail sectors and major core centers up first.
The industry has shown a lot of resiliency capabilities of
doing those things in physical destructions. And we think that
the lessons we have learned there would apply, again, to cyber.
But cyber has a lot of unknowns. And I will defer to my experts
to my left on what those impacts are, the potential threats,
and how likely these are.
But you said how big is big. We actually looked at a
natural phenomenon that is actually big, and that would be
geomagnetic storms. Because of the way our grid is built, and
the vulnerabilities to very large transformers, this
administration has already developed a working plan of what we
would do in the event of major geomagnetic storms, its impacts
on satellites and terrestrial systems.
We are working currently now on the lessons from the
previous power outages on the annex to add to the National
Response Framework to look at the power outages because of a
lot of the unique capabilities the Federal Government brings,
but also this has got to be a true working relationship with
the utilities. We cannot do this separate. It is a partnership.
It has got to involve all levels, because the primary place we
regulate power is at the States, through the, you know, utility
regulatory operations the--State managed.
That framework this summer will be going to our senior
leadership in the agencies to begin that process of concurrence
and updating it, but it serves as a framework if something was
to happen now, based upon our lessons from Sandy, and going all
the way back to previous hurricanes and other disruptions.
But the challenge is, I think, for people to look at
planning not for what they do every day, but what would happen
if power was out for not just hours but days or weeks. Do they
really understand what their capabilities are, and the things
they need to do to ensure that their critical lifelines have
enough power?
And trust me, sir, I have been through enough hurricanes to
find out too many facilities only had enough emergency power to
pass whatever requirements were there, but under full load in a
crisis they failed. They didn't operate them under loads, they
didn't maintain enough fuel in the systems for that. They did
not have contracts for firm deliveries when the crisis
occurred. So you really need to get people to focus on this,
that if you are going to provide emergency power it has got to
be for real, and it has got to be able to operate for long
periods of time.
And you need to really plan for this from the standpoint of
a phased approach, because oftentimes when this starts we don't
know how long it is going to be out. So we have immediate
response steps, but you also need to start asking the question
if power isn't on in 72 hours, what are the next things we have
to focus on? If we are out for a week, what are the next things
we have to focus on?
But I think the story from industry is also good. We have
learned a lot about how to get systems back up. We have learned
how to bypass fail systems. And, in many cases, the automation
has replaced the man in the middle. And sometimes we have to
put people back in and run less efficient systems, but we can
get power back.
So I think there is both a good news story, but there is
still a lot that we don't know. So against that we are not
going to be able to write a plan for everything that can
happen. We need to write plans based upon consequences. And
again, as we have a better understanding of the duration of
impacts, that will help us shape that guidance to State and
local officials for dealing with extensive power outages,
pretty much irregardless of the cause of it, but really looking
at it over the time phase of what would be happening and what
the next steps are.
But again, a lot of the lessons have been learned from
natural hazards. The question in cyber is how widespread and
how many jurisdictions simultaneously will be impacted. That is
probably the one difference that a physical specific such as a
hurricane or earthquake--we know the geographical area, which
cyber--it won't be defined by political or physical boundaries,
it would be systemwide. And that is another area that we ask
questions about.
But not much dissimilar to the threat from geomagnetic
storms. That is a hemispheric risk, and that is probably--when
you--outside of a A&P detonation in space, it is probably the
largest potential impact to the utilities, and again, a lot of
work has been done to minimize those impacts.
So, Mr. Chairman, I stand ready for questions, but I wanted
to try to answer your questions in my opening statements.
Mr. Barletta. Thank you for your testimony. Before we move
on I want to recognize the ranking member of the subcommittee,
Mr. Carson, for his opening statement.
Mr. Carson. Well, Chairman Barletta, thank--we had a
hearing with the CIA [Central Intelligence Agency] Director and
I didn't have access to my phone. And then, when I finally
escaped I saw the messages. But my apologies. But I want to
thank you guys.
Chairman, I think--for the sake of time, I think we should
still continue, because I was the one who was late, so thank
you.
Mr. Barletta. Thank you. We will now move on to Assistant
Secretary Hoffman. You may proceed.
Ms. Hoffman. Chairman Barletta, Ranking Member Carson,
members of the subcommittee, thank you very much for focusing
attention on the importance of being prepared for an outage,
and for the opportunity to discuss the Department of Energy's
role in helping ensure resilient, reliable, and flexible
electricity systems in an increasingly challenging environment.
Our economy, national security, even the health and safety
of citizens depend on reliable delivery of electricity. The
mission of the Office of Electricity Delivery and Energy
Reliability is to strengthen, transform, and improve our energy
infrastructure to ensure access to reliable, secure, and clean
sources of energy. We are committed to working with our public
and private sector partners to protect the Nation's critical
energy infrastructure, including the electric power grid, from
disruptions, whether it be caused by natural or manmade events,
including severe weather, physical attacks, and cyberattacks.
A crucial factor in meeting these challenges is to be
proactive, and cultivate what I call an ecosystem of
resilience, a network of owners and operators, regulators,
vendors, Federal partners, and consumers acting together to
strengthen our ability to prepare, respond, and recover. Our
organization works on indepth strategies, products, and tools
to inform and educate State and local officials in their energy
emergency preparedness activity. This is done through forums,
trainings, and tabletop exercises that include Federal, State,
and local energy officials.
In the area of cybersecurity, as part of the
administration's effort to improve electricity subsector
cybersecurity capabilities, the Department of Energy and
industry partners have developed the Electricity Subsector
Cybersecurity Capability Maturity Model. This is an evaluation
tool that helps organizations prioritize and develop
cybersecurity capabilities.
In April, DOE [Department of Energy] will lead Clear Path
IV in Portland, Oregon, and Washington, DC. Clear Path is an
interagency exercise focused on testing and evaluating the
energy sector roles and responsibilities and response plans
utilized for a Cascadia subduction zone 9.0 earthquake and
tsunami. When a response is required and needed, the Department
of Energy serves as lead agency for this response under the
National Response Framework and under FEMA's [Federal Emergency
Management Agency's] leadership.
The Department of Energy works with industry and Federal
partners to assess the impacts of disaster on local and
regional energy infrastructure, coordinate delivery of assets,
monitor and report on restoration efforts, and provide regular
situational awareness to key decisionmakers in the States, the
White House, and our interagency partners.
DOE also provides strategic leadership by requesting and
facilitating the development of an energy Information Sharing
and Analysis Center, as well as the development of an
Electricity Subsector Coordinating Council. This council is a
group of leaders from across the electric sector that meet
regularly with Government to coordinate and share information.
When power goes out, the local utility is the first responder.
Should any threat or emergency exceed the capability of any
local or private-sector resources, the Federal Government and
the electric sector, through the council, will engage in
coordinating a response to this type of a crisis.
Congress enacted several important new security measures in
the FAST Act [Fixing America's Surface Transportation Act].
This act affirms DOE's responsibility in cybersecurity
coordination, oil and gas information sharing, and the
development of a transformer reserve plan. In addition, the
FAST Act provides the Secretary of Energy with a new authority:
Upon declaration of a grid security emergency by the President,
the Secretary can issue orders to protect and restore critical
electric infrastructure, or defense critical electric
infrastructure. This authority allows DOE to respond as needed
to cyberthreats or physical threats to the grid. The Department
is actively engaging in the process and procedure for
implementing this new authority.
The keys to strengthening resilience are not only
understanding threat insight and response, but it is also
through innovation. Advanced technology and innovation in
cybersecurity storage microgrids will also help the industry
get ahead of these risks.
In conclusion, the threats will continue to evolve. DOE is
working diligently to stay ahead of the curve. To accomplish
this we must invest in resilience, encourage innovation, and
use the best practices to help raise the sector's cyber and
physical security maturity, as well as strengthen local
incident response and recovery capabilities.
Thank you for your time. And this concludes my remarks. I
look forward to any questions you have.
Mr. Barletta. Thank you for your testimony, Assistant
Secretary Hoffman.
Assistant Secretary Durkovich, you may proceed.
Ms. Durkovich. Good morning, Chairman Barletta, Ranking
Member Carson, and members of the subcommittee. My name is
Caitlin Durkovich, and I am the Assistant Secretary for
Infrastructure Protection within the National Protection and
Programs Directorate at the Department of Homeland Security.
Thank you for the opportunity to discuss how NPPD, which leads
the national effort to secure and enhance the resilience of our
Nation's infrastructure, fulfils its responsibility to support
the Federal Government's preparedness for, response to, and
recovery from all-hazard events, including the physical impacts
of cyber incidents.
I want to begin by acknowledging that protecting the
electric grid is a top priority of this administration and of
the Department of Homeland Security. It is also worth
underscoring, as you will hear from our industry partners
later, that the grid, by its very design, is resilient. It is a
complex network of electric infrastructure assets that has
built-in redundancies and can adapt to rapidly changing demand,
load, climate, and a host of other factors.
In short, the electric grid has been engineered with one
principle in mind: reliability. Thousands of companies work
together with the Government to run the most reliable grid in
the world. And while over 85 percent of the Nation's
electricity infrastructure is in private hands, the Federal
Government recognizes we must work in partnership with industry
to protect our grid because of its importance to national
security, economic prosperity, and community resilience.
I have the privilege of working with industries that span
the 16 critical infrastructure sectors, and can say with
confidence that the electric industry takes a multilayered
approach to risk management, and is committed to continuous
adaptation, based on lessons learned from real-world events and
exercises, and an understanding of the dynamic risk
environment. Industry and Government acknowledge, however, we
cannot stop every threat and natural hazard, and that we must
be prepared to respond to a range of events and their
consequences.
The Federal Government's voluntary partnership with the
electric sector, which is defined under the National
Infrastructure Protection Plan, reached new levels in 2012
following two important events. The first was a report
published by the Presidential advisory committee, the National
Infrastructure Advisory Council, in 2011 on the resilience of
the electric and nuclear sectors, and called for the most
senior executives from industry and Government to convene on a
regular basis to craft a risk management agenda that was
reflective of the increasingly chaotic threat environment.
Nearly a year later our country awoke to the scenes of an
earthquake, tsunami, and subsequent failure at the Fukushima
Nuclear Power Plant in Japan that put new emphasis on the need
for the public and private sector and the United States to come
together to plan for a catastrophic national incident.
For nearly 4 years now, 30 CEOs representing the breadth of
the electric power industry have comprised the Electricity
Subsector Coordinating Council, and meet regularly with their
counterparts at DHS [Department of Homeland Security], DOE, and
other members of the interagency to address the growing number
of sophisticated factors that put our grid at risk. This risk
management approach is focused on ensuring that the
consequences of the most catastrophic events are minimized, and
that the value of our relationship is strengthened by
identifying joint priorities enabled by robust information
sharing, continuous planning, and regular testing and exercise
of these plans.
Projects conducted through this partnership include action-
oriented information sharing around physical and cyber events,
including black energy: a 2013-2014 security outreach campaign
around threats to substations recommended security best
practices and the importance of reporting suspicious activity;
an Electricity Subsector Coordinating Council playbook, which
is a crisis management framework to enable senior executives
from industry and Government to coordinate effectively on
response and recovery issues; as well as work by DHS and DOE
with the Electricity Subsector Coordinating Council on efforts
to institutionalize coordination with other lifeline functions.
In addition to our ESCC [Electricity Subsector Coordinating
Council] work, DHS works directly with owners and operators to
help enhance their security and resilience posture, understand
dependencies and interdependencies, and exercise with their
State, local, tribal, and territorial partners for a range of
possible scenarios. This engagement would not be possible
without a cadre of security specialists around the country who
engage with asset owners on a regular basis to help them
understand the risk posed by cyber and physical threats,
perform assessments, share information, and ensure they are
connected to the broader homeland security community to include
State and local officials.
NPPD also works with partners across the Government in the
event of a needed response to a major disaster or attack
resulting in a failure of the electric grid. NPPD supports FEMA
during response operation, and helps provide an understanding
of the infrastructure of concern in an impacted area, and
decision support in prioritizing restoration and recovery, as
well as ensuring the resilience of our communications
infrastructure.
During a cyber or communication incident, NPPD's National
Cybersecurity and Communications Integration Center is able to
coordinate with State, local, and private-sector partners,
including law enforcement and intelligence communities, so that
the full capabilities of the Federal Government can be brought
to bear in a coordinated manner.
The Industrial Control Systems Cyber Emergency Response
Team is the response component of the NCCIC [National
Cybersecurity and Communications Integration Center] and
provides on-site support to private-sector industrial control
system owners and operators.
In conclusion, Government and industry have engaged in an
unprecedented effort to assess and mitigate the risks from
cyberattacks, physical sabotage, and natural disasters, all of
which can result in disruptions to the electric grid. In a
major step toward this unified approach, the Department
proposed to transition NPPD to an operational component, the
Cyber and Infrastructure Protection Agency. This transition
would elevate cyber operations and provide more comprehensive,
coordinated risk management support to our stakeholders that
reflect the growing convergence of cyber and physical threats.
Chairman Barletta, Ranking Member Carson, and members of
the subcommittee, thank you again for the opportunity to appear
before you today and to discuss NPPD's efforts in managing the
physical consequences of cyberthreats.
I look forward to your questions.
Mr. Barletta. Thank you for your testimony, Ms. Durkovich.
Mr. Campbell, you may proceed.
Mr. Campbell. Good morning, Chairman, Ranking Member, and
members of the subcommittee. My name is Richard Campbell. I am
a specialist in energy policy for the Congressional Research
Service, CRS. On behalf of CRS I would like to thank the
committee for inviting me here to testify today.
My testimony will provide background on the possible
consequences of a failure of the electric grid, the roles with
respect to parties, and some of the objective challenges in the
recovery efforts. I should note that CRS does not advocate
policy or take a position on specific legislation.
Electric power generation is vital to the commerce and
daily functioning of the United States. While the electric grid
has operated historically with a high level of reliability,
various parts of the electric power system are vulnerable to
failure due to natural, operational, or manmade events. Natural
events include severe weather and even solar storms.
Operational events can result from failures of grid components
or systems. And manmade events would include actual attacks on
the grid. The extent to which these events could damage the
grid would depend upon the severity of the incident.
Much of the infrastructure which serves the U.S. power grid
is aging. As the grid is modernized, new technologies utilizing
two-way communications and other digital capabilities are being
incorporated with Internet connectivity. While these advances
can improve the efficiency and performance of the grid----
Mr. Barletta. Mr. Campbell, excuse me. Can you pull the
microphone just a little closer? Thank you.
Mr. Campbell. While these advances can improve the
efficiency and performance of the grid, they may also increase
its vulnerability to cyberattacks launched from the Internet.
In 2014 the National Security Agency reported that it had
seen intrusions into industrial control systems with the
apparent technical capability to take down the controls to
operate U.S. power grids, water systems, and other critical
infrastructure. Although there has not been a cybersecurity
event resulting in a power outage in the United States, the
potential still exists for such attacks to cause a wide-scale,
long-lasting outage.
The first blackouts attributed to a cyberattack happened in
Ukraine in December 2015. The attack targeted industrial
control and operating systems in multiple regional utilities.
Other critical infrastructure was also targeted, apparently in
an attempt to impair recovery efforts. A report released by the
National Research Council in 2012 concluded that well-informed
terrorists could black out a large region of the country for
weeks or even months. It said that if such an attack occurred
during times of extreme weather, hundreds or thousands of
deaths could occur from heat stress or extended exposure to the
cold. A systematic attack of this sort could cost the U.S.
economy hundreds of billions of dollars.
Recovery from a well-planned cyber and physical attack on
the grid could be complicated by the cost and vulnerability of
critical components. For example, the strategic destruction of
a number of critical, high-voltage transformers could use up
the limited inventory of spare units, and it may take months or
even years to build new units.
The electric utility industry generally prepares for
outages from weather-related events, and views the potential
for a major cybersecurity attack or similar event as a low-
probability risk. If an event is severe enough to be a
federally declared disaster, then FEMA, the Federal Energy
Management Agency, can provide financial assistance to eligible
utilities for the recovery effort.
And in 2015 Congress gave the Department of Energy new
authority to order electric utilities and the North American
Electric Reliability Corporation, NERC, to implement emergency
security measures in the Fixing America's Surface
Transportation Act.
However, given the potential for damage to the Nation's
economy from a major attack on the grid, some might suggest
that the greater focus on recovery is needed, and should become
as much a part of the grid security strategy as the efforts to
secure the grid. A focus on recovery should consider the mutual
dependence and implications to other critical infrastructure of
an electric grid failure, and how quickly such impacts could
proliferate, if not planned for in advance.
Congress may also want to consider how the grid of the
future will address cyber and physical security concerns.
Incorporating elements to increase system resiliency as it
develops will aid in reducing the vulnerability of the system.
Finally, NERC has stated that after a major grid
disruption, restarting generation and energizing transmission
and distribution systems will be a first priority. Restoring
service to communications systems, fuel, water supply and
treatment and hospital customers will be a secondary priority.
Congress may want to consider how planning for the subsequent
restoration of services would proceed to ensure that all
civilian communities are kept informed, and they are treated as
equitably as possible in disaster recovery efforts.
This concludes my brief remarks. I look forward to your
questions.
Mr. Barletta. Thank you for your testimony, Mr. Campbell. I
will now begin the first round of questions, limited to 5
minutes for each Member. If there are additional questions
following the first round, we will have additional rounds of
questions as needed. And I will start with Administrator
Fugate.
Could you please walk the committee through a timeline of
consequences that we could expect to experience in the event of
a large-scale and a prolonged power outage which is the result
of a combined cyber and physical attack?
Let's assume over 10 million people are out of power in the
Northeast and it lasts for over a month.
Mr. Fugate. The first thing----
Mr. Barletta. I am not talking about how to turn the power
back on. But what consequences will State and local governments
and residents have to deal with because the power is out? And
this is my concern. I am going to put my mayor's hat back on.
And, you know, I have been listening to a lot of how prepared
we are, what we can--what is typical, what is unlikely, and
what we are going to do. But I am not convinced that we have
connected the dots all the way down to the local government.
I haven't talked to a mayor or a township supervisor yet.
When I ask them the question, ``In the event of an unusual and
an unlikely event that power is out in a cyberattack, how long
are you prepared to provide services?'' nobody can give me that
answer. You know, I know it is an unlikely event. So was the
chance of two planes running into the twin towers in New York,
very unlikely.
So, that is what I am hoping to get at today is, for
example, in the first few days--because these are the people--I
was a mayor. When something like this happens there is going to
be panic, and people are going to want to know how long can we
expect--and I don't know if anybody has yet given me a clear
answer.
In the event of both a physical attack and cyberattack, the
worst-case scenario--very unlikely, very unusual, but still, as
a mayor and a supervisor, I want to be prepared for that worst-
case circumstance. So, for example, in the first few days there
will be thousands of people stuck in elevators. After 3 or 4
days, hospitals and other critical infrastructure will need
fuel for generators. After a week, clean water and waste
disposal may be--may have serious problems. And at some point
people may start to self-evacuate in large numbers.
Please walk us through that timeline of increasing
consequences, as the duration of this scenario increases.
Mr. Fugate. Mr. Chairman, first challenge, having actually
had this happen during accidents where human error causes power
outages, we don't know at first how long it is going to be out.
And oftentimes you only know that you are having power outages;
you are not aware of what is happening outside. Situation
awareness will be key, because your initial response will not
be any different.
We have had numerous communities go through power outages
very substantial that resulted in having to do mass rescues and
elevator operations, deal with the traffic control issues,
hitting at commuter times with commuter rail being knocked off
with electricity. We have seen those. I think most communities
that are doing effective planning, those are things that they
will be doing almost from the beginning. What is critical--and
this goes back to what my partners to the left will be focused
on--is this a short-term duration or is it longer.
We faced this in Florida, actually, when I was still in the
State. We had power knocked out that was not occurring in any
set pattern. It was occurring all over the State
simultaneously. We didn't know what was going on. By the time
we had situational awareness, the next question was, ``Will
this go into the night hours?'' Because if so, the Governor
will call out the National Guard to provide additional law
enforcement support.
And so, again, you start focusing on those immediate things
of life safety. Also safety in your communities, because when
you lose power and you start seeing those disruptions, you have
to provide a much more visible form of policing and give people
a sense of safety in their communities. That is going to
require more manpower, more people on the streets. You start
looking at my generators are now running, what systems will
need refueling next? Is it going to be the next 72 hours?
And this is something I think is important. I learned this
the hard way. A lot of communities do not plan for refueling in
a crisis. And there are certain contractual things you have to
have to make sure you get deliveries, and those deliveries to
suppliers may not be local. Again, if you are talking 10
million people, we were shipping fuel as far away as
Philadelphia back into New Jersey and New York to provide gas.
We found all kinds of regulatory challenges.
But again, you start going, ``OK, my first step is pretty
much my emergency response. My next step is the next 72 hours.
Which of my critical facilities will start running out of fuel
or are having generator problems?'' This is--by this time we
would hopefully have assessed this is a much larger event than
local. We start looking at mobilizing resources from the
outside, generators, fuel, other things to keep those on.
It is key to keep the water systems and wastewater running.
Electricity has got a lot of problems, but water and wastewater
are almost impossible to make up the differences in dense
populations. There is not really a good way to manage that if
those systems go offline for extensive periods of time. And so
you continue to escalate.
Once you get to past my 72 hours--and I am starting to talk
my first week--now you start really looking at what does the
retail sector supply chain look like. Florida learned this hard
lesson, that many of our gas stations, grocery stores, and even
pharmacies now have emergency power, they have transfer
switches because, as we were dealing with power outages
measured in weeks, literally, from hurricanes--and some of our
duration of outages actually went to almost a month--we found
that retail was doing a lot of things that we had to start
supporting because they were bringing in generators, they were
getting themselves back open.
But we weren't doing it as a partnership, we actually found
ourselves competing with them. So you really want to plan this.
And I think most communities, that initial response, if they
have got good plans, they have done this, or they are prepared
to do it. It is once you get past 72 hours that I think that
they really need to start thinking through their plans. Where
are they going to get fuel? What kind of things do they have to
keep up? And then where will be the next points?
As we saw with New Jersey and New York, initially it was
the rescues and the trapped people and stuff like that. A lot
of people evacuated. But then it became the fuel, it became
pharmacies, grocery stores. And so you started seeing cascading
effects. And again, those are the things I think that, once you
are past 72 hours, you need to start planning out, OK, I am out
for 1 week, I am out for 2 weeks, I am out for 3 weeks. How
much of my core am I bringing up?
Again, the utilities aren't waiting. They are not going to
be nothing happening for a month. But you are not going to get
power back to everybody, and you are not going to get power
back particularly to a lot of your residential areas. So can
you get enough life support back up and running where people
that still don't have power can get the essentials? It won't be
easy, it will be difficult.
But the thing here now is to continue to trade off. Where
can I make activities to buy more time to keep my population
stable? Evacuations, maybe self-evacuating. Where people have
that option, they will. But you won't see large numbers,
because it is unlikely in widespread outages there is going to
be places to go to.
So again, it becomes this time of stabilization, continue
to look at the down-range impacts, what we are able to bring
up, where we prioritize that. But the reality is that almost
all these scenarios, including the cyber as well as the
physical, residential areas are probably going to be the last
ones to get that power. So can you get enough life support and
infrastructure going to keep the major supply lines up? And you
are not going to have everything. You are not going to have
what the normal consumption rates are. You may have to do what
Governor Christie did and go with rationing of gasoline to
start normalizing what is available versus demand signals.
But this means you have to plan out not just the power went
out, but now what are the impacts of that as you go through--
and then, hopefully, this is what our partners are working on,
is to give you better information about how much time are we
talking about before key systems come up. When will we get the
final power turned back on? Because in the absence of
information, I think that generates its own problems. If we
know that it is going to be out for 3 weeks, we can plan.
People are more resilient than we give them credit for. But the
lack of information, that in itself becomes a challenge.
So I ran over my time, Mr. Chairman, but I was trying to--
--
Mr. Barletta. That is OK, because it is important, because
that is what I am trying to get at, is are these
conversations--and who is responsible for these conversations
with people at the local level, because this is an unknown. If
there is a storm coming, a hurricane, an ice storm, a--we are
prepared for that. We can expect--we know what is coming. An
earthquake, not so. You don't know it is coming, but still we
have experience with that. But a widespread cyberattack with a
physical attack attached to it is unknown. And who is having
that conversation with people at the local level that--we don't
know. It could be out a week, it could be out longer than a
week. You need to be prepared.
And are those conversations actually happening? I don't--I
am not convinced that they are. And that is where the life will
be lost. And I think we need to begin to find out how do we
connect the dots. Who is responsible for having those
conversations down at the lowest level of the people who will
be first charged with trying to protect lives.
I am going to turn to Ranking Member Carson for his
questions.
Mr. Carson. Thank you very much, Chairman Barletta. Madam
Hoffman, your testimony notes that the Department's research
and development activities with respect to developing spare
transformer components, what is the cost to manufacturers when
we are making these alternative components? And has a domestic
manufacturer been identified so that we can ensure that there
is no disruption to its prior usage?
Ms. Hoffman. So thank you very much for the question.
Transformers are a very critical component to the electric
sector as was stated in the testimonies and some of the
conversations earlier.
With respect to transformers, the price of a transformer
ranges anywhere between $5 million and $10 million. And so
these are significant components. So what is our research
program, or what are the activities looking for, dealing with
the transformer issues? It is, first of all, looking at the
spare components that--and the spare transformers that industry
has, and then industry is looking at having spare capacity on
their system.
We are also looking at how do we develop the next
generation transformer, which might be a transformer that you
have the ability to produce more quickly, and also have more
standardization and flexibility. So that includes, in our
research component, the development of power electronics and
hybrid transformers.
Our 2017 budget request has a very strong program looking
at transformers, which is about $10 million, in which we are
going to look at developing the next generation transformers,
as well as doing testing of transformers to make sure we
understand any vulnerabilities that may exist.
Mr. Carson. Thank you. Administrator Fugate, in the event
of a widespread outage, what are FEMA's plans for communicating
with citizens on response and recovery efforts when there is
essentially zero electricity?
Mr. Fugate. Not much different than what we have faced in
other significant outages. We have a variety of tools.
First of all, within the emergency alert system, the radio
stations, TV stations, many of the--that have emergency power,
TV stations partner with radio stations. We can get signals.
And in addition, if we lose a--and this will be something that
we will be looking at in Oregon during the Cascadia--it is not
uncommon that you are going to lose radio and TV stations in
the area of impact.
But we work with the FCC [Federal Communications
Commission] for the nonimpacted stations to increase power to
get signal back in. That is why we continue to encourage
people, have that battery-operated radio. That is why we
encourage the idea of FM chips in cell phones, because we can
get signals in from the outside, but people need to receive it
to get the information.
But part of this is going to be where the information is
coming from. We are going to be working through the Governor's
office because Governors and their teams are going to be the
best information at the local level. Our job, really, on the
Federal side is to provide the backup and tools required. And
we are prepared to work with the FCC and broadcasters to get
signal from the outside. In addition, we have gone as far--and
we did this in the Sandy response--bring in satellite
communications and set up WiFi in some of the areas that have
lost some of the cellular communications.
But we have another backup, and, self-disclosure, I am an
amateur radio operator. But I think sometimes the more we look
at the complexity of our risk, we forget that we have some very
resilient systems that aren't part of Government, but they
oftentimes are the last thing running when everything else has
failed. So we look from everything from our systems and
satellite technology, working with nonimpacted stations how to
broadcast in, amateur radios are all part of that.
But it is important that people take the steps to be able
to get the information when we can get the signal in, and that
is why it may seem very passe in an area of streaming
everything that a battery-powered radio may be that lifeline of
communication link to get information, because we have seen,
even in large-scale--like Katrina--stations outside the area
get broadcast in, but you had to have a way to receive the
information.
Mr. Carson. And lastly, Madam Durkovich, have our most
critical transformers and substations within the bulk power
system been identified so that we have a clear comprehension of
system dependencies? And even cascading impacts from a
widespread power outage, regardless of the cost?
Ms. Durkovich. Thank you very much for that question,
Ranking Member Carson.
We work very closely with the utility owners, with our
partners at DOE, as well as NERC and FERC [Federal Energy
Regulatory Commission], to understand the most critical aspects
of the electric grid. We have a number of programs that we
leverage to help assess the vulnerabilities of these particular
assets, and to work with owners and operators to help enhance
the security and resilience to provide recommendations. But
equally important, as you will hear later from Gerry Cauley,
who is the president and CEO of NERC, we have a series of
standards that are intended to guide the security of some of
these most critical assets.
Increasingly within my office we are working to better
understand the dependencies and interdependencies on some of
these critical energy assets to be able to visualize what an
outage is--the impacts it is going to have to other key
lifeline sectors, and to be able to provide that information as
leaders to include Administrator Fugate and those of the
utilities working to get power restored. Thank you.
Mr. Carson. Thank you, ma'am.
Chairman, I yield back.
Mr. Barletta. Thank you. The Chair recognizes Mr. Meadows
for 5 minutes.
Mr. Meadows. Thank you, Mr. Chairman, for this important
topic. I think this is one of the interesting aspects that I
get asked about more than anything else.
Let me tell you why I am a little bit troubled here today
is that I hear a lot of rhetoric that acts like we have our act
together from a Federal standpoint, when really the vast
majority of the job that gets done is really with the
stakeholders, with those public utilities that, for years, have
been prepared for mass outages, but perhaps the scope of the
threat, the cyberthreat--and when we are talking about mass
outages, you know, we can talk about Hurricane Sandy, we can
talk about, you know, other storms. They are used to that.
I am just telling you, they have got--I used to work for an
electric utility many years ago. I was around--I have got
enough gray hair, I was around when the DOE was actually
formed. And so when we look at this, to suggest that the
Federal Government is here to help, I want to make sure that
you are helping.
And the chairman talked about the real communication that
is being done. The real communication that is being done is
really being done by the public utilities at the local level.
If any is getting done. You know, it is crickets when it comes
to the other Federal agencies as it relates to this. Now, I say
that as a criticism, only because we have to figure out that we
are sick before we start to figure out the diagnosis and how to
fix it.
So let me ask Assistant Secretary Hoffman for your help on
one particular area. In your testimony you were talking about
national security and how you can reprioritize and make sure
that those national security interests are supplied by public
utilities or governmental agencies.
Here is my concern. Many of our national security interests
actually have their own generating and own distribution
capacity. And yet I find them woefully underprepared for
cyberattacks. You know, some of them are primary metered at the
point of entrance, so you may have a public utility providing
the generating capacity. They do the distribution. So as we
look at this, what kind of turf war do we get in between DOD
[Department of Defense] and DOE with regards to being ready for
a cyberattack that would have national security implications?
Ms. Hoffman. Thank you, Congressman, for that question.
When we deal with any sort of event, we are going to act as a
whole of Government. So, whether it is a cyber event----
Mr. Meadows. But who is in charge? Here is the problem,
is--and I have dealt with a number of agencies. So we get FEMA
that comes in, and we get local emergency management responses.
And what you have is you have different people saying different
things.
So with regards to national security, who is in charge of
the power grid? Is it DOE or is it DOD?
Ms. Hoffman. The owners and operators are ultimately in
charge of the power grid. The support to the power grid is
going to come both from DOE with respect to working with the
owners and operators to restore power and DOD has a
responsibility with respect to national security and
protection. So, from a physical security perspective, we may
look at law enforcement to help the utilities protect
substations. It depends on the event, but the response will be
coordinated.
Mr. Meadows. All right. So you have a plan, a coordinated
plan that I could look at today on how that would happen.
Ms. Hoffman. So for----
Mr. Meadows. That you can give to this committee in terms
of the--because here is what happens, is most of the time an
event happens and then you go out and you figure out the
problems. You know, Mr. Fugate was talking about the fact that
we learn lessons from each event that we have.
But the problem is, with a cyber event as we are looking at
in the Ukraine, you know, here we have an outage to over
200,000 people, where it was cut off. But the real problem
was--is they were in the system for almost 6 months and we
didn't know about it.
So I guess the question is how many times are we getting
attacked? And are they in our systems without our knowledge?
Ms. Hoffman. Well, you bring up a good point, Congressman,
thank you. But the issue is every event and every incident, as
Administrator Fugate brought up, is going to be different, and
we are going to have to think about the capabilities. When
somebody can take someone's access credentials, we have to
think about that and look at that as an industry. So we are
taking the lessons learned----
Mr. Meadows. But that is more of a physical threat. I want
to go back to the cyber aspect, because what we are doing is--
and I heard Ms. Durkovich talk about this--is that we are
looking at risk management. And really, what we need to start
to focus on is a real comprehensive plan on how we are going to
partner with the private sector or public utilities on doing
this, because what happens is we get a little check box and we
say, ``well, we have gone and we have talked to XYZ and we have
asked them to make sure that they are vigilant about
cybersecurity,'' which most of them are.
But yet, what happens is we don't have a comprehensive plan
at a Federal level to look at how we can support them in the
event of a national attack that would come in the way of cyber.
So I am not talking about storms, and I am not talking about
stealing a credential. I am talking about the real attacks that
we get hit with every single day.
Do we know--have we done a risk assessment where we have
intelligence? And have we shared that with the public
utilities? Because a lot of times we have this national
security concern that we don't want to share that with an
outside, you know, group because of national security concerns.
Ms. Hoffman. So thank you. You bring up very good points in
your discussion.
First of all, we follow the National Response Framework. As
Administrator Fugate talked about, regardless of whether it is
a physical or cyber or weather-related event, we are going to
act as a whole of Government in responding to that.
With respect to your question on intelligence, we are
sharing information with the private sector. DHS and DOE
regularly host classified briefings with the private sector to
share actionable information. And that is the information that
the utilities are able to take back and really do response
force.
With respect to specific events such as the Ukraine
incident, ICS [industrial control system] alert has provided
very specific actionable information. DOE, working with the
Electricity Information Sharing and Analysis Center, has
provided actionable information to the industry to learn from
these events and prepare. And that is what is important. Each
event is going to be different. We have to take those events
and learn from them.
Mr. Meadows. I have run out of time. I will yield back, Mr.
Chairman. Thank you for your patience.
Mr. Barletta. Thank you. The Chair recognizes Mr. DeFazio
for 5 minutes.
Mr. DeFazio. Thank you, Mr. Chairman. I regret I had to
step out to go to a hearing upstairs. We should--the committee
should look at not scheduling hearings in different
subcommittees at the same time.
Administrator Fugate, I think you made a number of
excellent points. And when you talked about being a ham radio
operator, obviously that is a potential backup. But I was
recently in Japan and one of their greatest regrets is that
they didn't have enough deep ocean sensors, and they
underestimated the size of the tsunami. And they did manage to
get out a warning with that original estimate before the
electrical grid went down in those areas, and they had no
further capability of broadcasting and warning people. And
therefore, many people sheltered in places that actually were
below the crest of the tsunami and died.
So they have now moved to a cell phone-based system, and
required resilient cell towers to be built. Are we looking at
anything like that here, in the U.S.?
Mr. Fugate. Yes, sir. Part of the charge you gave us and
the FCC was to develop wireless emergency alerts, which,
working with the carriers, we actually implemented faster than
we thought. So right now, every cell phone being manufactured
today is required to be able to transmit a wireless emergency
alert, part of the emergency alert system. Tsunami warnings are
built into those.
So, if there is a triggering event, the originator for that
will be the National Weather Service tsunami warning centers.
In the case of Oregon it is going to be the Alaska Warning
Center. It would go out. It is geocoded to the areas of impact,
so those counties and communities at risk would get those
notifications over your cell phones. You cannot--you don't have
to opt in, you don't have to sign up. The only thing you can do
with a cell phone is turn it off and not get the alerts. So,
unless you have done that, a tsunami warning would be issued,
it would be transmitted upon that point and go out.
I think you do point out, though, one of the challenges,
which is why we work very closely at the local levels. It is
hard to get the magnitude of the tsunami, so the evacuation
zones pretty much have to be what is the maximum risk, we got
to move now. A phased approach, we generally don't have time,
particularly with Cascadia. It is too close to the coast. And
that is why we tell people, ``even before you get the warning,
if you feel shaking you got to move to higher ground,'' because
even with a warning you only have minutes to move.
But the cell phone system now, as soon as the Weather
Service issues the warning, it will get transmitted to those
areas. We have actually seen this occur already. But it has
answered this question of what will wake people up in the
middle of the night. And your cell phone buzzing and humming
and making strange noises was the whole purpose of the wireless
emergency alert system.
Mr. DeFazio. And when--phones manufactured after what date
were required to have that, do you know?
Mr. Fugate. It started--I believe it is--I would have to
look at the exact date, but it has been about the last--2010,
2011.
Mr. DeFazio. OK.
Mr. Fugate. That all new handsets--Apple, the iOS, was the
last of the handsets to incorporate this in. And so pretty much
all the new handsets now have this. And, as we see the
replacement cycle of cell phones, we have actually now--third,
fourth, fifth replacement cycles. So we are getting good
penetration now with those systems.
Mr. DeFazio. That is great. Yes, I have actually been on an
airplane here where we were held on the ground because of
thunderstorms, and everybody's cell phone started buzzing as
they had, like, a tornado alert or something. I can't remember
what it was.
Mr. Fugate. Yes, sir.
Mr. DeFazio. So that is great progress. To the Honorable
Ms. Hoffman, just on the issue I raised earlier, you know, the
transformer issue, it does seem really critical and they are
very expensive, they are cumbersome, hard to move. But, I mean,
where are you at in evaluating the potential or possibility of
having some, you know, backup or replacement transformers in a
strategic reserve?
Is it--you are analyzing that, or where are you at in that
process?
Ms. Hoffman. Thank you very much, Congressman, for the
question. The transformer reserve plan that was required as
part of the FAST Act is in progress. We have contracted with
Oak Ridge National Laboratory to do an assessment with respect
to transformers, the transportation issues, any sort of where
they would be placed, the volumes and size. As you are well
aware, the transformers in the United States are quite unique,
and we have to also look at a parallel process for how do we
look at standardization, look at next generation transformer
for additional manufacturing.
We are also in the process of assessing transformer
manufacturing in the U.S. DOE has had several reports out with
respect to transformer manufacturing. There are several
manufacturing entities in the U.S., including EFACEC, Georgia
Transformer, ABB, Waukesha, Prolec GE and Hyundai. Those are
the transformer manufacturers in the U.S. Is that enough for
the capacity we need? I would say we need more capacity with
respect to transformers. So it is important that we continue to
look at a transformer sharing program.
So we are in progress and on target to meeting that
deliverable for the committee.
Mr. DeFazio. So what was the timeline that was established
for the----
Ms. Hoffman. The timeline that was established in the FAST
Act was 1 year from enactment. So it would be due in December.
Mr. DeFazio. OK, great. Are you aware whether or not the
regional power administration, the Bonneville Power
Administration, is, you know--I mean are you working with them?
Because they obviously have most of the--are interlinked in
some places with private, but for the most part provide for
the, you know power transmission and--high-voltage power
transmission. And half of that--well, part of it is DC. So we
actually have two different sets of transformers.
Ms. Hoffman. So thank you very much for highlighting that.
Yes, we are working with the power marketing administrations,
which includes WAPA and Bonneville. They are a core asset to
the Department of Energy, as well as a core asset to the
electric infrastructure writ large. So they are a very
important part of the conversation.
As required by the FAST Act, we will do consultation with
industry and with experts in this area.
Mr. DeFazio. OK, thank you.
Thank you, Mr. Chairman.
Mr. Barletta. The Chair recognizes Mr. Perry for 5 minutes.
Mr. Perry. Thank you, Mr. Chairman.
Secretary Hoffman, the FAST Act you were just discussing
includes what you were just discussing, some additional roles
and authorities. Can you talk a little further about the
importance of the transformer reserve and what your thoughts on
that are, particularly?
Ms. Hoffman. Thank you very much for the question. The
transformers in the United States are a very critical component
of the system. The FAST Act recognizes the criticality of these
transformers, as well as the need to assess where are we at
with respect to any sort of need to develop a plan for
transformer spare capacity.
So what this means is really evaluating the spare capacity
in the United States and the ability to transport transformers.
So where should a transformer stockpile, if necessary, be
located because of the different sizes and dimensions of the
transformers.
So part of the plan of what we are looking at with Oak
Ridge National Laboratory, our other national laboratories and
industry--is assessing the number of transformers, the size of
transformers, meaning the different voltage classes, and then
where those transformers could potentially be needed to be
located because of transportation issues.
The industry has had discussions with the Class A railroads
and looking at the transportation of transformers. You may not
be aware, but a lot of substations are in very remote
locations. So really, the criticality and some of the time is
not only manufacturing the transformers, but it is actually the
transportation of those transformers to a location.
Mr. Perry. Will you be considering the timeline for
manufacture of transformers, as well, in that study, and when
is the--when can we expect the results?
Ms. Hoffman. Yes, the--we have started looking and have had
several reports out with respect to transformer manufacturing.
And those are on DOE's Web site. But the results of that will
be included in the report in December.
Mr. Perry. Do you discuss cost or reimbursement at all in
your report?
Ms. Hoffman. So part of the request is to look at policy
implications and the cost and financing of that. We are going
to work within the Department of Energy with our energy policy
and systems analysis group and assess what are some of the
financial implications to setting up and developing a
transformer reserve.
Mr. Perry. All right, thank you. In my opinion, the EPA
[Environmental Protection Agency] continues to over-regulate
the energy industry. And with that, I don't think they have the
ability to determine or examine the requirements.
Mr. Fugate, do you--I mean I am sure you are aware, based
on what I have here, as of December of 2015 we are retiring--
due to EPA policy, retiring or converting 81,423 megawatts, or
499 units, based on regulation. Has FEMA done an examination of
how the EPA regulations affect the grid and the capacity? Are
you interested in doing that? Do you know what the capacity is,
and do you know the ramification of the loss of the 499 units
and the 81,000-plus megawatts?
Mr. Fugate. To be honest, Congressman, we really depend
upon our partners and DHS that do that. We are not the subject
matter experts. We determine for our infrastructure protection
what that means and what those impacts are.
Having come from the State of Florida, I will tell you
that, as we have seen these types of changes, we have seen
dependency move from coal fire to natural gas to peaker units.
So we had to start planning for what happens there. I actually
was in probably a unique experience of having a natural gas
pipeline sever due to lightning strike. Knocked out all the
natural gas to the southern and middle parts of the State. And
we suddenly realized that we had a tremendous dependency on
natural gas peaker units, and we were fortunate that we had
mild weather. Otherwise, we would have had generator capacity
shortfalls that would not be made up. So we----
Mr. Perry. So if I could just----
Mr. Fugate [continuing]. Partners for the information----
Mr. Perry. I got a limited amount of time here. So if FEMA
is not doing it particularly, who are you getting the--which
partner are you getting that information from? Who is assessing
the effect of the regulation, the loss of capacity and the
timing of that loss? Who is doing that, of your partners?
Mr. Fugate. I would depend upon my partners to the left. We
look at energy as a function of Government, because, as you
point out, there are numerous parts of the regulatory and
response structure. So we concentrate onto function----
Mr. Perry. So, with all due respect, may I ask your partner
to the left? Do you have that information? Are you tracking
that?
Ms. Hoffman. So thank you very much for the question. The
Department does look at reliability implications with respect
to any sort of change in generation mix in the United States.
With respect to the Clean Power Plan, it is really going to
be as the States develop their implementation plans the
assessment will occur with the regional reliability entities
and the independent system operators, where they will
coordinate and understand the reliability impacts.
Mr. Perry. So you don't know what it is upfront, or you
don't assess it as it occurs? You don't know that, you know, so
many plants and so much capacity is leaving in Ohio or
Pennsylvania or Alabama, you don't know that in advance and
make an assessment of the potential risk that is involved?
Ms. Hoffman. So--thank you. From a widespread reliability
point of view, DOE believes that the Clean Power Plan and the
regulations will not have any widespread reliability impacts.
But the specific----
Mr. Perry. Well, hold on a second. Hold on. With the
chairman's indulgence--you believe that, but do you believe
that because you have empirical data to support that belief, or
you believe that because somebody is telling you that, or you
believe that because you don't have any reason to disbelieve
it?
Ms. Hoffman. Right now the utilities will work very hard to
ensure reliability of the system. And our past experience is,
as any sort of any reliability concerns come up, there is
strong coordination within the industry to address any sort of
reliability impacts. So----
Mr. Perry. So does that mean, if you thought that there was
going to be a reliability impact based on the regulation and
the capacity reduction that you would essentially exonerate or
waive the requirements for a period of time to make sure that
the capacity remains? Do you have a policy to do that, or is
there a thought to that? Or what is your plan, if you come up
against something that doesn't comport with what you think it
needs to be, from a capacity standpoint?
Ms. Hoffman. Within the Clean Power Plan the States, as
they develop their Clean Power Plan, their State plans, they
will be coordinating with the reliability entities, the ISOs
[independent system operators] and the RTOs [regional
transmission organizations], looking at any potential
reliability implications, and----
Mr. Perry. But how does that work since, for instance, I
live in the PJM, which is a multistate organization? It is not
State by State, it is multistates that all feed into the same
grid. So how does one State's plan affect another, and how--who
coordinates reliability or capacity issues in that regard?
Ms. Hoffman. So the States are required, as part of the
Clean Power Plan, to coordinate with PJM, and PJM has and will
continue to do reliability analysis for that region.
Mr. Perry. Thank you, Mr. Chairman. I appreciate your
indulgence.
Mr. Barletta. Thank you. The Chair recognizes Mr. Sires.
Mr. Sires. Thank you, Chairman and Ranking Member, for
holding this hearing. It is very important.
I represent the Eighth District of New Jersey, which has
Hoboken and some other areas--Jersey City--which got hit very
hard by Sandy. And if I learned anything about our
infrastructure, it is how unprepared we were for a storm or
anything else. And there is plenty of blame to go around.
Everybody always points to the Federal Government, but in
reality the States could do a lot of things and the locals
could do a lot of things and the power companies could do a lot
of things.
I always think of the example--and I gave this once before
to the chairman as an example--there was a generator in the
flood zone. And the power company was protecting it with a
chain link fence. So when it flooded, obviously, the chain link
fence did not hold the water back. So what I am trying to get
at is these are the kind of simple things that we can do to
protect, you know, this particular transformer.
The other thing was in terms of the gas station. You were
talking about--I mean we have plenty of gas, quite frankly, but
they couldn't pump it. So a simple thing like a small generator
to just move the pump and move the gas from the--you know, from
the containers to the people, I mean, would it suffice? So when
I say to you that everybody has shares of blame in this, I just
hope that we have come from Sandy far enough to learn some of
these mistakes and we are correcting them.
So, Honorable Fugate, would you please tell me that we have
come a long way from where we were?
Mr. Fugate. We have come a long ways, we haven't gone far
enough. And I think, Congressman, you point out what I see is
the real challenge, and which cyber highlights. The tendency is
to plan for what we are used to dealing with, not for what
could happen.
And so, again, as you point out, we put a fence around a
generator in a flood zone. Well, the reason you have a
generator is the power goes out, one of the likely causes for
power outages would be a coastal storm. But you hadn't had one
in a long time, so you were more concerned about somebody
breaking in and damaging the transformer. And that is the trap
we fall into.
And I think this is what the chairman is raising. Cyber is
new. A lot of things we are going to do won't be new in
response to the consequences, but if we don't know what we are
planning against, we may run the risk of only planning for what
we have been used to having, maybe short-term power outages,
maybe disruptions that are strictly local, and not plan for
what could happen and plan against it.
And unfortunately, as you point out, we try to promote
these lessons, but it seems to, again, be one of our
challenges. How do you get people to change? Let's talk about
gas stations. That is a private entity. Putting in a generator
is a cost. Most people say, ``well, you could just ship a
generator there.'' Doesn't work that well, because most of
those utilities were underground and it was hard to get a
generator hooked up to it.
So in some States that have dealt with this they have put
in incentives that gas stations would be required through
regulation to put in a transfer switch. It was a good
compromise. That way, if they did lose power for long periods
of time, we could get generators in there, hook it up, and pump
gas.
But this is where we got to be very careful. It is easy to
say, ``this is the fix'' until you ask who is paying for it.
And I think this is the tradeoff of what would make sense,
either through incentives, tax credits, regulatory oversight,
to get these changes, because I can't ask a business to lose
money if their other partners or competitors aren't doing the
same thing.
And at the same time, you know, the response was, ``you got
to put a generator in every gas station.'' That is also not
necessarily a great idea, either. But putting in a transfer
switch was a good compromise.
So again, I think, as we learn these lessons we go back to
this trap of we plan for what we have experienced in the past,
and that does not always scale up for the future impacts. We
have got the lessons learned, we are putting the information
out there. But the receptiveness of that audience is oftentimes
based upon do they perceive this threat as applying to them.
And, as you know for your community, we talk about
hurricanes and hurricane evacuations, and most people said,
``we don't have hurricanes, we have northeasters.'' So it is
getting people planning. In many cases we know what these
impacts are, but it is really the challenge of getting people
to plan for what can happen, not what they are prepared to do
based upon only their past experiences.
As the chairman points out, we have not had a lot of
experience with cyber. So part of this, again, is getting--what
are we planning against, and then what will we do differently.
And if that requires resources, where are those resources
coming from?
Mr. Sires. I also think that we have to be prepared post-
Sandy or post--because one of the issues--we still have
problems in New Jersey where people are still out of their
homes years later. And to me that is really unacceptable, 2 or
3 years later, that we have these issues where people with the
insurance or with the valuation of the property--I mean somehow
we have to be prepared for some of these things because it
impacts real people.
Mr. Fugate. It does. And our experience is, coming out of
Hurricane Katrina, 5 years after that we still had over 5,000
families living in travel trailers because we didn't have the
right answers.
So, rebuilding after disaster is, again, very time
consuming. There's a lot of hurdles to go through. And I agree,
it is ideal to get people back in their homes as quickly as
possible. But that requires a lot of things that go beyond even
some of my programs. It is really, as you point out, State and
locals and----
Mr. Sires. I am not just putting the blame on you, I am
also putting the blame on, you know, the locals and the State,
that we should be prepared for any of these storms or whatever
we have.
Thank you, Mr. Chairman.
Mr. Barletta. Thank you. The Chair recognizes Mr. Massie.
Mr. Massie. Thank you, Mr. Chairman. I am going to yield as
much of my time as he might consume to the gentleman from North
Carolina.
Mr. Meadows. I thank the gentleman from Kentucky for
yielding. And, Ms. Hoffman, I want to follow up on one thing.
Because, as you talked about the transformers and the--having
these backup transformers as a redundancy, one of my major
concerns is that decisions that get made by DOE or DHS or
FEMA--all the sudden what we do is we transfer that liability
to others that are providing service.
So what we--you know, right now all utilities have backup
transformers, primarily for distribution purposes, but even for
larger, you know, transmission-related transformers and
switches. However, if you are going to make a decision, it
directly impacts rateholders for two reasons. I mean if they
are--happen to have $10 million transformers sitting there, I
don't know that they can get a return on that investment,
necessarily.
And so, if you start to extrapolate that out, if it is not
in service, you know, it just kind of like--generated capacity,
there is a certain length of time that they have in order to
bring that online so that they can get a return. But
ultimately, it affects the ratepayer, anything that you do.
And so, I guess when we start to look at the security
implications, what I would encourage both of you to do is look
at it as we would from FEMA--is that it is a Federal redundancy
that is required, not a redundancy that needs to be done by
utility to utility to utility. Do I have that commitment from
both of you, that you would look at it as a Federal obligation,
versus a private obligation?
Ms. Hoffman. Yes, Congressman. Thank you.
Mr. Meadows. All right. OK. I see you nodding your----
Ms. Durkovich. Yes, sir.
Mr. Meadows. For the record----
Ms. Durkovich. Yes, sir.
Mr. Meadows [continuing]. Both of them said yes. And so let
me finish with one other, I guess, concern. When we are talking
about sharing in a classified setting with the stakeholders,
have all of the utilities participated in that secured setting,
where you have let them know of both the threats--potential and
real threats that we already have experienced?
So, you know, you were saying that we have done that in a
classified setting, and I just find that interesting. I am not
challenging, but I want to drill down on that because I don't
know of too many--you know, maybe the big utilities but there
are, you know, hundreds of utilities. And so they come in to a
classified setting and say, ``this is your risk, this is where
it is.'' That is your testimony here today.
Ms. Hoffman. So thank you for that question. Information
sharing occurs at multiple levels. We do have classified
information with the Electricity Subsector Coordinating
Council, which is 30 CEOs from across the whole sector, so
there are investor-owned utilities, there are municipals, there
are co-op utilities that participate in that information
sharing, that classified information.
In addition we have had 1-day read-ins where we have
brought a larger section of utilities in to do classified
information sharing. We have done that. DHS has done regional
information sharing meetings, where they have had opportunities
to bring folks in and do information--so it occurs on multiple
levels. Have we hit every single of those----
Mr. Meadows. Yes, and I am not saying--I want it to be
systemic, and I guess I will yield back to my good friend from
Kentucky here in just a couple of seconds, but I want to make
sure that I am clear. As we get to stakeholders what I want it
to be is more than just a box that we are checking off. I want
EEI [Edison Electric Institute], I want all of the groups that
are there to buy in and say, ``we have a plan.'' We do it for
mass outages like Sandy and other hurricanes. We haven't done
that, I believe, adequately as it relates to cyber. And do I
have both of your commitments that you will redouble your
efforts to include them as stakeholders?
Ms. Hoffman. Yes, yes, we will redouble our efforts. And
the one thing that I would say codifies how we are redoubling
our efforts is the exercise that happens between industry and
utilities where we are actively exercising this.
Mr. Meadows. I will yield back to my good friend.
Mr. Massie. Thank you. I just have a brief question that
occurs to me during Mr. Meadows' question which is, of this
classified information, if we sought to get a brief on that
would you make yourself available in a classified setting for
us, as we contemplate what sort of legislation might be
necessary?
Ms. Hoffman. Yes, Congressman. We would be glad to have a
briefing with you.
Mr. Massie. Is that the case for everybody?
Ms. Durkovich. Yes, sir. Of course.
Mr. Massie. Mr. Fugate?
Mr. Fugate. I wouldn't originate most of the data, but I
would be there. Most of the origination of the classified
information would actually come from my partners to the left.
Mr. Massie. Understood. Thank you very much. And I yield
back.
Mr. Barletta. Thank you. With respect to time for our
second panel, we are going to move on. And I think, if I can
summarize--and I thank you all for participating today--I think
if I could summarize, Administrator Fugate, that planning for
local and State governments should be--needs to be in terms of
weeks, not days. And that is important because that is the
first time I have actually heard what we need to begin to look
at in the event of an attack.
So again, I want to thank you all for your testimony. Your
comments have been very helpful in today's discussion. And we
will now call on our second panel.
[Pause.]
Mr. Barletta. I remind you of the subcommittee's request to
limit your oral testimony to 5 minutes.
Mr. Cauley, you may proceed.
TESTIMONY OF GERRY W. CAULEY, PRESIDENT AND CHIEF EXECUTIVE
OFFICER, NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION;
WILLIAM H. SPENCE, CHAIRMAN, PRESIDENT AND CHIEF EXECUTIVE
OFFICER, PPL CORPORATION; AND BOBBI J. KILMER, PRESIDENT AND
CHIEF EXECUTIVE OFFICER, CLAVERACK RURAL ELECTRIC COOPERATIVE
Mr. Cauley. Good morning, Chairman Barletta, Ranking Member
Carson, and members of the subcommittee. Very glad to be here
today, testifying. My name is Gerry Cauley, I am the president
and CEO of the North American Electric Reliability Corporation.
NERC is a nonprofit international organization overseeing the
reliability and security of the power grid in the United
States, Canada, and a portion of Mexico. We have authority
assigned by Congress to develop and enforce standards affecting
reliability and security of the grid, and that authority is
overseen by the Federal Energy Regulatory Commission.
We can all agree that electricity is the most critical
lifeline sector for national security, for other lifeline
sectors like finance, water, and transportation, for the
economy, and for public safety. Every day we are reminded of
the seriousness of our job related to securing the grid. There
have been terrorist attacks in France and Belgium and even
here, domestically. There have been cyberattacks and data
breaches across various industries and across Government.
Of particular relevance to our grid, on December 23, 2015,
there was a cyberattack in the Ukraine which was launched
against three distribution companies and in which the
perpetrators gained control of three distribution companies and
were able to put out the lights for 225,000 customers for up to
6 hours.
A team from the U.S. went to investigate that incident in
the Ukraine, including a member of the NERC staff. And what I
can tell you is that the cyberthreats are real, but I think we
have a very different situation in the Ukraine as compared to
what we have in the United States and North America. Our
security controls in North America are very different.
We are the only industry with mandatory and enforceable
reliability standards affecting physical and cybersecurity. We
are currently in the fifth generation of our cybersecurity
standards. They are risk-based standards based on NIST-type
[National Institute of Standards and Technology-type] controls,
so they are adaptable and can keep up with the current threats.
We have a very robust compliance monitoring and enforcement
program. System operators use modern controls to ensure the
security of the system, including separation of corporate and
business systems from control systems, physical access
controls, patch management, aggressive threat hunting and
mitigation, and employee and contractor training, and many
other measures that they take.
We have established the Electricity Subsector Coordinating
Council, as we heard previously, at the highest levels of
industry and Government, including CEOs and top officials from
Government. The CEOs and boards of power companies take
security very seriously, and security is one of their highest
priorities on a regular basis.
Our Information Sharing and Analysis Center, which you have
heard about, the ISAC, provides robust information sharing
regarding cyber and physical threats. With the engagement of
industry leaders we have recently gone through a review and
upgrade of the capabilities of the ISAC, and the ISAC, I
believe, is closely integrated with the security operations and
information sharing at individual companies, as well as the
State fusion centers and other sectors.
We also operate a tool called CRISP [Cybersecurity Risk
Information Sharing Program], which is a way to monitor the
electronic Internet traffic to key sites around the industry,
and compare the traffic to threats and vulnerabilities that we
are aware of worldwide, and warn the utilities about issues
that they may be experiencing in real time.
In the unlikely event of a successful cyber or physical
attack, I believe that we are well prepared. FERC and NERC
recently completed a study of the restoration and recovery
capability plans and drills and exercises of nine major
companies in the industry, and that report is available
publicly, and it is posted on the NERC Web site. But I think it
demonstrated that the preparation is there, and that the plans
have been exercised.
As you have heard before, on November of this past year
NERC led what I believe is the largest grid security exercise
in the world called GridEx III. Over 400 entities in North
America participated. We had over 4,400 registered users and,
in my estimation, there were probably closer to 10,000 actual
participants. The distributed--this is where we are in a
central, controlled place, and we inject the attacks outward,
and so the power companies are actually engaged in the exercise
locally in their own control centers, in their own substations
and power plants. They are receiving the information from us.
That portion of the exercise--I apologize for my voice; I
am just getting over a cold--that portion of the exercise
lasted 2 days and on the second day there was an executive
tabletop which brought it all together for senior executives
from industry and Government. The scenario included
cyberattacks, physical attacks, including active shooters,
truck-mounted and explosive devices, and unmanned surveillance
drones. This hypothetical event was extreme, and it was
intentionally extreme to really go beyond our capability and to
test the system. And really, the point was to find out what can
we learn and what do we need to do to improve.
During the distributed play exercise we caused outages in a
simulated fashion--no one was actually controlled or affected,
but we simulated 5 million customers who were out. And in--
during the executive session, to invoke all the policy
questions at the national level that we were looking to pull
out we actually had 15 million customers out and those outages
were projected to be extended for weeks and even into months to
really push the questions that the chairman is trying to raise
today.
Participating entities worked through their emergency
procedures. They had very extensive contacts with local law
enforcement and first responders. And actually, those local
government officials and first responders did participate in
the exercise. We had--in the exercise we had the White House,
DHS, DOE, Department of Defense, Cyber Command, NSA [National
Security Agency], NORTHCOM [U.S. Northern Command], FBI
[Federal Bureau of Investigation], FEMA, and the Illinois and
Wisconsin National Guards are some of the players who
participated directly in the executive exercise.
A number of key takeaways were to make sure that we are
able to better coordinate between industry and Government in
terms of the situation assessment, and what do we communicate
to the public. It will be a constant race with regard to
information to the public. We all know social media and the
news are very quick, and we want to make sure that we are
getting reliable information out to the public.
We are focused on ensuring unity of effort and unity of
scale, and that we can resolve all of our resources from both
industry and Government together.
Looking forward, I would say in this exercise we will
continue to expand the role of State and local governments and
participants in the exercise to make sure we can exercise some
of the things that the chairman is looking to get here, which
is how do we engage, how do we inform, and how do we set
expectations.
And I look forward to your questions, thank you.
Mr. Barletta. Thank you for your testimony, Mr. Cauley.
Mr. Spence, you may proceed.
Mr. Spence. Good morning, Chairman Barletta, Ranking Member
Carson, and members of the committee. My name is Bill Spence. I
am president, chairman, and CEO of PPL Corporation. We deliver
electricity to more than 10 million customers in the U.S. and
the U.K. Beyond my role overseeing PPL's operations, I am also
on the EEI Policy Committee on Reliability and Business
Continuity. I also am a member of the Electricity Subsector
Coordinating Council that you heard about earlier today. The
ESCC serves as a principal liaison between the Federal
Government and the electric power sector to protect against
cyberthreats to the Nation's power grid.
Protecting the Nation's power grid, as you heard earlier,
is not only a top priority of the Federal Government, it is
also a top priority for the industry. We have a very strong
record of working together closely in all kinds of disasters
and storms. Along with our Government partners, we identify,
assess, and respond to all threats.
The electric sector takes a defense and indepth approach to
protecting grid assets. This approach really includes three key
elements. The first is rigorous mandatory enforceable and
regularly audited reliability standards. Gerry talked about
that in his testimony. Also close coordination among industry
and with Government partners at all levels. And thirdly,
efforts to prepare, respond, and recover, should power grid
operations be affected.
Our industry already maintains hundreds of spare
transformers. I don't believe that came up earlier, but you
should be aware of that. In addition, we just recently
launched, as an industry, a new project called Grid Assurance.
Under Grid Assurance, many of the major utilities in this
sector are coming together to establish regional centers where
we will not only store spare transformers, but other critical
equipment necessary to quickly recover the power system in any
type of an event.
Among all the critical infrastructure sectors, you should
know that the electric sector invests more annually than any
other critical infrastructure sector. Last year alone we
invested more than $100 billion.
Regarding security standards and regulations, as you heard
we are subject to NERC's reliability standards. Entities found
violating these standards face penalties of up to $1 million
per violation per day. In fact, our industry is the only
industry subject to mandatory, federally enforceable cyber and
physical standards.
The industry is also implementing requirements for physical
security as part of a broader suite of NERC standards, and
using voluntary standards, as well, to drive improvement.
Secondly, we are coordinating closely with the Federal
Government, sharing threat information between the Government
and industry to protect the grid.
According to the National Infrastructure Advisory Council,
the electric power sector is viewed as a model for how other
critical infrastructure sectors can more effectively partner
with the Government. Our intent is to keep it that way. The
Electricity Subsector Coordinating Council brings senior
Government and industry executives like myself together with
agency officials to improve sectorwide resilience against all
hazards and potential threats.
The ESCC and our Electricity Information Sharing and
Analysis Center offer programs like the Cybersecurity Risk
Information Sharing Program, as Gerry also mentioned, through
which we share information on potential threats. This is an
area where I think the Federal Government has been very helpful
to the industry, by allowing us to utilize proprietary hardware
and software that was developed at the national labs and is now
helping to protect the grid.
Over 75 percent of the U.S. customer base is covered by
industry participation in this critical program. The ESCC has
also focused on several other key areas, including planning and
exercising responses to major disruptions. Our last exercise
was a combined cyber and physical threat scenario.
In addition, we are focused on rapid threat communication
amongst share owners and stakeholders. We are also developing
Government-held technologies on electric power systems that
improve situational awareness and cross-sector coordination.
Last but not least we are focused on incident response and
recovery efforts. Electric power companies continuously plan
and exercise for a broad range of potential threats. We share
crews and equipment in times of trouble, and we regularly drill
for potential emergencies. For our part, PPL is actively
engaged in the industry efforts I have highlighted, and pursing
an aggressive defense-in-depth approach to protecting the power
grid.
Thank you, and I look forward to your questions.
Mr. Barletta. Thank you for your testimony, Mr. Spence.
Ms. Kilmer, you may proceed.
Ms. Kilmer. Chairman Barletta, Ranking Member Carson, and
all members of the committee, thank you for inviting me to
testify today on how electric cooperatives manage the
consequences of a power outage.
Regardless of the cause, getting power restored quickly and
safely requires advance thinking and planning. My name is Bobbi
Kilmer, and I am testifying today on behalf of Claverack Rural
Electric Cooperative and the National Rural Electric
Cooperative Association.
Claverack delivers electricity to member owners at over
18,000 locations in rural northeastern Pennsylvania. We have
low consumer density, averaging less than six consumers per
mile of line, and we serve primarily residential accounts. We
are 1 of Pennsylvania's 13 electric cooperatives, and our
electric distribution system is not directly connected to the
bulk power system.
The National Rural Electric Cooperative Association, NRECA,
is the service organization dedicated to representing the
national interests of electric cooperatives and their
consumers. NRECA represents more than 900 not-for-profit,
consumer-owned rural electric utilities that provide
electricity to over 42 million people in 47 States.
Electric co-ops are accountable to their consumer members.
Those same members own and govern the co-op through a locally
elected board of directors. Electric co-ops reflect the values
of their membership and are uniquely focused on providing
reliable energy at the lowest reasonable cost.
Responding to power outages is a major part of our
business. Assessing the situation, knowing who to call, and
determining how to proceed is imperative, and it requires
coordinated efforts in the public and private sectors during
major events. One of the seven principles of the cooperative
business model is cooperation among cooperatives. This
cooperation is integral to our emergency planning and response.
In Pennsylvania, as in many States, the electric
cooperative statewide association plays an important role in
emergency coordination. Electric co-ops have mutual assistance
agreements between one another so that during a major event the
process of securing additional crews and resources is
simplified. There is also a national cooperative database which
facilitates cross-state mutual assistance. As I noted in my
written testimony, this network helped our statewide
association secure crews from Florida to assist us in our
restoration following Hurricane Sandy.
Also important are the relationships that we have with
State and local government agencies. During major events our
statewide association is in regular contact with the
Pennsylvania Public Utility Commission and the Pennsylvania
Emergency Management Agency. The statewide association
communicates outage information as well as requests for
assistance from other governmental divisions on our behalf.
Locally, we are in touch with our county emergency management
agencies. We advise them of outages in their counties and
expected restoration times. This allows them to coordinate with
other organizations like the Red Cross to set up services such
as warming shelters.
We also have close relationships with our local police and
fire departments, and along with other agencies and utilities
we too participate in tabletop exercises which simulate
emergency scenarios and strengthen our community networks.
Communication with our members is important, too. We always
provide the option to speak with a live customer service
representative. We use outgoing telephone messages,
informational postings on our Web site and social media, and
use radio and television broadcasts, which could be used, even
in the event the Internet is down, to keep members and the
public informed about outages.
We test our business continuity and disaster recovery plans
annually, and we have plans in place so that we could operate
from a remote location, if necessary.
Cybersecurity and awareness is a critical part of our
operational preparedness. Though we are a small utility, we
strive to follow industry best practices, such as the use of
network scanning and intrusion detection programs in protecting
our operational data, as well as our business and member
information. We also participate in the Pennsylvania Department
of Homeland Security's Task Force on Cybersecurity.
Our preparedness in the field is tested throughout the year
during localized outages caused by weather events and other
conditions. Lessons learned through experience, along with the
coordination with our national, statewide, and local networks
would form the basis of our response to a national or cyber
event.
Again, thank you for the opportunity to testify today on
our emergency preparations and recovery efforts.
Mr. Barletta. Thank you for your testimony, Ms. Kilmer. I
will now begin our first round of questioning. And this
question is to all.
I am going to ask you the same question I asked our first
panel. What is the planning scenario that State and local
governments should be using for a cyberattack on the electric
grid? Will the power be out for days or weeks or months,
considering both a cyberattack and a physical attack? The
worst-case scenario, how widespread could the outage be?
Mr. Cauley, NERC runs an exercise on the failure of the
grid. What scenario do you use? And I will let you begin.
Mr. Cauley. Thank you, Mr. Chairman, for the question. As I
mentioned in my presentation, we do probably pose a scenario
that is 10 times beyond any sort of realistic expectation, in
terms of the magnitude. That is really to test and sort of
shake this out and see what we can do.
I think the difficulty in understanding the question is
that there is many kinds of hazards that can cause outages. And
in fact, if we look at--we do a lot of data and analysis about
what causes blackouts. That is one of our jobs. And since
2011--so 4 years running--in our data weather has been in the
top 10 causes of all major outages in North America. So we have
that sort of baseline.
So the question for me, I phrase it as what kinds of things
can cause outages from a few hours up to 2 to 3 days? And there
are a lot of things that can contribute toward that and what
kind of response capability we could have. So it could be
storms, it could be equipment failure, it could be a number of
things.
And then I think, as we get to the kinds of things we are
talking about here, in terms of cyber and physical attacks, I
think it is reasonable to ask--and severe storms, ice storms,
hurricanes--it is reasonable to ask the question, ``How are we
taking care of people in a 1- to 2-week outage?'' It may not be
everywhere, but it might be in some local areas, it might be
some cities that could reasonably be facing a 1- to 2-week
outage.
But I would hate for us to say, ``it is a cyber event,''
or, ``it is a storm,'' because, really, the public safety issue
is very similar. The major difference would be--to me, the
major difference would be we know there is some kind of
security concerns, law enforcement would be involved. But it is
still the same fundamental--without electricity, you need to
take care of people, you need to get them fuel and food and
water, those kinds of things.
The one scenario I think that is the exception--and I think
it was appropriate that the committee participated in the
legislation around spare equipment--the one scenario I think
realistically concerns me longer than the 1- to 2-week
timeframe is damage to spare equipment, particularly the
transformers. That could happen from a bomb blast, shootings,
other--GMD [geomagnetic disturbance] storms. The question is
not what caused it, but the question is what are you going to
do if you lose transformers. And they are not going to be
replaceable for an extended period of time.
Mr. Barletta. I guess what I am getting at, what--I want to
get this down--to connect the dots down to the local and State.
And you know, I feel pretty confident that getting to that
point we have got all the ducks in order. I am just concerned
that there is a missing link to what should the States and
local governments be preparing for or planning for in length of
time, because they need to do the same thing that you are
doing. They need to know the scenario of worst-case, what do we
need to prepare for.
Mr. Cauley. Right. And I have been doing reliability for 35
years. I really think there are two levels. There is normal
expected, you would see a number of times a year, is that 1 to
3 days as a normal kind of scenario that everybody should be
prepared for. I think a 1- to 2-week scenario is a scenario
that, if you are prudent, I would be talking with the mayors
and the city councils about what you can do to be ready for a
1- to 2-week outage in the extreme case of hurricanes,
earthquakes, and those kinds of things. My only exception is
spare equipment damage may be more challenging.
But I think it really is independent of the cost, whether
it is cyberattack--I can't imagine a cyberattack that is going
to damage equipment to have an outage more than hours or days.
Mr. Spence. I would agree with Mr. Cauley. I think the
prudent thing would be the same as what we are doing today for
devastating storms, which is really a 1- to 2-week outage
preparation.
I think there are a lot of resources that are currently
available to local communities, both at the State and the local
community level that are really great resources that,
unfortunately, I don't think all the towns and communities take
full advantage of. There are a lot of really good best
practices that have been used by towns and cities that have
been more experienced with devastating storms. For example, the
State of Florida has a lot of experience, so there is a lot of
lessons learned there that are available to towns and
communities.
I think the other thing--and I think this was mentioned by
the representative of FEMA earlier today--it really boils down
to, in many cases, the probability of the event happening, the
risk of the event, and willingness to put in place and spend
the money for backup generation or other backstops that would
be necessary for a 1- to 2-week event. So I think that is where
I would direct the towns and communities to be aware of what is
available, utilize that fully, and then make the critical
investments that they need to survive a 1- to 2-week period.
Mr. Barletta. OK. I am going to connect the dots. So do you
think it is the Federal Government's responsibility or the
State government's responsibility to make sure that the local
government is doing all that? Because I am just concerned that
we are going to have everybody pointing fingers at each other,
``well, I thought you had said,'' ``I thought you did,'' and
nobody did.
Whose responsibility should it be that we make sure that
the local governments are prepared? Because today is really the
first time that I am hearing a length of time.
Mr. Spence. Right.
Mr. Barletta. And you know, in my own mind--again, I am
going to keep putting that mayor's hat back on--I am beginning
to think, well, geez, if it is 1 week or 2 weeks, there's a lot
of things I need to be prepared for here, and we are probably
not.
Mr. Spence. Well----
Mr. Barletta. Which means that most cities are probably not
prepared----
Mr. Spence. Yes.
Mr. Barletta [continuing]. And I think that is what this
hearing is about----
Mr. Spence. Right.
Mr. Barletta [continuing]. Is really to raise a red flag
here today that we are not prepared in the event of something
drastic, major, unlikely, but could be----
Mr. Spence. Well, a couple comments, Mr. Chairman. First I
would say--and you probably would not want to hear this,
necessarily, but I think it is a shared responsibility between
local government and the Federal Government. And I really do
believe that because you are just not going to be able to have
Federal boots on the ground in all these local communities to
get the communities back up and running.
Secondly, I would say that, you know, there are things that
the local utilities do have at their disposal to help local
communities in terms of communication and even backup
generators, portable generators, that we can deploy to high-
priority areas to make sure that when we need to restore the
system and we can't do it in a timely fashion, then at least
there is some basic level of service that we can provide.
So I think in an extended period of outage, you are still
going to have power to certain areas. You are going to have a
backbone of power. It may not be this town or that town. But I
think, collectively, there will be ways to get resources
available to the local towns and communities.
You know, to be quite frank, I was very skeptical when we
started this Electricity Subsector Coordinating Council, on
whether the Federal Government was really going to be able to
help us, as an industry, to restore power quicker. But I have
been pleasantly surprised at the level of cooperation and
collaboration that has gone on in the last 3 to 4 years. And
there are simple things like providing fuel that we desperately
needed during Hurricane Sandy to restore towns and communities
in New Jersey and Pennsylvania.
And there are other things, like providing beds for crews
that are coming from out of State. We were able to access
barracks at the Department of Defense facilities. We were able
to access portable generators. We were able to access experts
in emergency response. So there are some things that the
Federal Government can be very, very helpful for.
And I think, now that we have a playbook that really
dictates who does what when, which was always my concern in a
major event--who do I call, and are they going to be ready for
that call--I can say that, from what I have seen so far, I
believe we are more ready than we have ever been in the past,
and we have a very good system and a playbook that we can go
right down the line and have access--in this case, when we are
talking about this committee--to cyber resources at the highest
levels of the Federal Government.
Mr. Barletta. Thank you.
Ms. Kilmer?
Ms. Kilmer. I agree with my fellow panelists on the shared
responsibility.
I would also like to emphasize to the subcommittee the
importance of communications during crisis periods. My
experience has been that sometimes it is not the length of the
outage, but simply knowing how long it is going to be, or what
the expectation is. It can help both residential consumers, as
well as townships and towns, understand how they need to plan.
I would also like to add one thing that we have seen in our
rural area, especially since Hurricane Sandy, and that is a
focus on individual preparedness. I am seeing our local county
emergency management agencies doing a great job in trying to
educate the public on being prepared. We try to do the same
thing. Of course, we are in a rural area, we are subject to
many weather events. So I think that our consumers are
relatively prepared. And again, I am not suggesting that we can
rely on that, but I think that that is an element in all of
this. Thank you.
Mr. Barletta. The Chair recognizes Ranking Member Carson.
Mr. Carson. Thank you, Chairman Barletta.
Ms. Kilmer, you mentioned that Claverack Rural is not
connected to the bulk power system, but you receive services
from a subtransmission system. What does that mean for your
cooperative in the event of a nationwide cyberattack on the
grid?
Ms. Kilmer. In the event there was a cyberattack that took
down the grid, we would be affected by that. If Penelec's
transmission system was affected and power was disrupted to our
substations, we would also be out of power.
Mr. Carson. Mr. Cauley, there was a newspaper article
yesterday that indicated that the FBI and the Department of
Homeland Security have been warning the power industry over the
last month about a potential cyberattack. What role has the
Electricity Information Sharing and Analysis Center--what role
might they play in distributing this kind of information?
Mr. Cauley. Thank you, Congressman. That is exactly really
what the Information Sharing and Analysis Center does. We--in
fact, I am not aware of that particular one, but we do dozens
of these a day. We get information out, post it to industry. We
have several thousand participants in industry who receive
those notices every day.
Mr. Carson. Yes, sir.
I yield back, Mr. Chairman. Thank you.
Mr. Barletta. The Chair recognizes Mr. Meadows.
Mr. Meadows. Thank you, Mr. Chairman.
Mr. Cauley, did I hear you correctly? You said that in the
event of a cyberattack, the longest period of time that people
would be without power--an hour? Is that what you said?
Mr. Cauley. Thank you for allowing me to follow up on my--
whatever I said. My point----
Mr. Meadows. Sometimes I don't hear correctly, but I just
wanted to give you a chance----
Mr. Cauley. The point I was trying to get to--but I
rushed--was it is a very difficult form of attack to go from a
cyberattack--it is easier to steal information or disrupt
electronics. It is very technically challenging to go from an
electronic cyberattack to causing physical damage to equipment.
Even in the Ukraine attack there was no damage to the
equipment. It was opened, the breakers were operated to
basically shut down the feeders that were going to the
customers, but there was no damage, so that once they realized
what was happening they basically could defeat the computers
and have people go to the station manually, flip the switch,
which is a mechanical switch, and put the power back on.
So, my point--and I would love to continue working on this
and getting some actual data to support that--is it is very
hard to transform from a cyberattack into long-term damage that
would be measured in weeks or months----
Mr. Meadows. All right.
Mr. Cauley [continuing]. Because you have to hurt the
equipment to do that.
Mr. Meadows. OK. And that is really my focus, is not
turning a switch off here or there or, you know, tripping a
breaker or, you know, making a jack go out. That is minor.
I guess the type of cyberattacks that we are seeing and
hearing about in classified settings not directly related to
the electric utility business are very sophisticated. And so,
being able to come in and--so I assume, you know, going into a
generated capacity--so let's say you got a generator and you--
you know, there is all kinds of controls and switches to make
sure that you don't run into problems with the electrons, let's
put it that way.
And so, all the sudden, somebody coming in with nefarious--
not just turning a switch off, you know, can scramble it in
such a way that it would create unbelievable damage, certainly
from a standpoint of generated capacity, I mean--I don't want
to talk about it in an open forum like this, but I guess my
concern--are you not having those kinds of conversations which
are more than just turning the power switch off, as happened in
the Ukraine, but really causing long-term damage either to
generation capacity or transmission capacity?
Mr. Cauley. Yes, Congressman. I have the privilege of going
to very similar highly classified briefings, as well. But I
also have 35 years of experience working in substations with
equipment. And I understand the threats of black energy or
aurora, or those things. It is very difficult to transform an
action--the predominant behavior we are seeing today is
surveillance-type behavior. But to transform that into an
action that destroys a piece of equipment is technically very--
--
Mr. Meadows. Well, that is comforting to know. I mean----
Mr. Cauley [continuing]. Very complex.
Mr. Meadows. And so that is real comforting, because what I
am going to do is I will follow up with both you and Mr. Spence
as it relates to this because, you know, again, it is one of
the number-one questions that I get, is just a real concern.
You know, it is about hitting the grid. And most people don't
understand the interconnectivity between utilities. And so a
lot of that gets blown way out of proportion.
Mr. Cauley. Right.
Mr. Meadows. But yet, at the same time, your confidence
level, if there were a cyberattack on an investor-owned
utility, you know, somewhere in the Midwest, the damage they
could cause, in your opinion, would be minimal.
Mr. Cauley. The damage on the----
Mr. Meadows. Physical damage.
Mr. Cauley [continuing]. Business and information systems,
that would be their business risk. But on the grid it is very
difficult. It is very unlikely to put a grid out for 1 to 2
weeks. I think----
Mr. Meadows. So what you are saying is mass outages for
multiple weeks or days, are--in your opinion, is going to be a
weather-related event.
Mr. Cauley. Or the other thing is a physical attack, which
is shooting explosive devices at the substation are the two
things I think can get into that 1 to 2 weeks and beyond----
Mr. Meadows. But those are a lot easier to anticipate and
plan for.
Mr. Cauley. It is very complicated to do 20 sites at once
with a physical attack with the current law enforcement we
have. So I think that risk is mitigated as well. But it is the
one I worry about the most, is a physical attack.
Mr. Meadows. Well, that is very helpful. I will follow up
with all of you. And from an REA [Rural Electrification
Administration] standpoint I just want to say thank you, as a
member of my local REA. I have a great affinity for my REAs.
Ms. Kilmer. Thank you very much.
Mr. Meadows. All right. I yield back.
Mr. Barletta. Thank you. I just have one more question, Mr.
Spence. My colleague--Mr. Spence, my colleague from
Pennsylvania highlighted that too many coal power plants have
closed. Are you concerned that having fewer generation
facilities online makes the grid, as a whole, more vulnerable?
Mr. Spence. I am not. In fact, Mr. Cauley and his team are
also responsible, as part of their duties, to evaluate with
very detailed modeling region by region, the impact of
retirements of any sort on the grid of a major power station.
So they have evaluated this multiple times, in fact, and have
found that we continue to maintain an adequate reserve of
capacity, should we see more retirements than actually
forecast.
So, even with the forecasted retirements, which are many,
particularly on the coal side, we still have adequate capacity
to meet all of our projected needs for power.
Mr. Barletta. Thank you. I look forward to working with
each and every one of you, and welcome your input as we move
forward on this initiative.
I thank you all for your testimony. Your comments have been
helpful to today's discussion.
If there are no further questions, I would ask unanimous
consent that the record of today's hearing remain open until
such time as our witnesses have provided answers to any
questions that may be submitted to them in writing, and
unanimous consent that the record remain open for 15 days for
any additional comments and information submitted by Members or
witnesses to be included in a record of today's hearing.
[No response.]
Mr. Barletta. Without objection, so ordered.
I would like to thank our witnesses again for their
testimony. If there are no further questions to add, the
subcommittee stands adjourned.
[Whereupon, at 1 p.m., the subcommittee was adjourned.]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[all]