[Senate Hearing 115-284]
[From the U.S. Government Publishing Office]
S. Hrg. 115-284
THE THREAT POSED BY ELECTROMAGNETIC PULSE AND POLICY OPTIONS TO PROTECT
ENERGY INFRASTRUCTURE AND TO IMPROVE CAPABILITIES FOR ADEQUATE SYSTEM
RESTORATION
=======================================================================
HEARING
BEFORE THE
COMMITTEE ON
ENERGY AND NATURAL RESOURCES
UNITED STATES SENATE
ONE HUNDRED FIFTEENTH CONGRESS
FIRST SESSION
__________
MAY 4, 2017
__________
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Printed for the use of the
Committee on Energy and Natural Resources
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
26-072 WASHINGTON : 2018
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].
COMMITTEE ON ENERGY AND NATURAL RESOURCES
LISA MURKOWSKI, Alaska, Chairman
JOHN BARRASSO, Wyoming MARIA CANTWELL, Washington
JAMES E. RISCH, Idaho RON WYDEN, Oregon
MIKE LEE, Utah BERNARD SANDERS, Vermont
JEFF FLAKE, Arizona DEBBIE STABENOW, Michigan
STEVE DAINES, Montana AL FRANKEN, Minnesota
CORY GARDNER, Colorado JOE MANCHIN III, West Virginia
LAMAR ALEXANDER, Tennessee MARTIN HEINRICH, New Mexico
JOHN HOEVEN, North Dakota MAZIE K. HIRONO, Hawaii
BILL CASSIDY, Louisiana ANGUS S. KING, JR., Maine
ROB PORTMAN, Ohio TAMMY DUCKWORTH, Illinois
LUTHER STRANGE, Alabama CATHERINE CORTEZ MASTO, Nevada
Colin Hayes, Staff Director
Patrick J. McCormick III, Chief Counsel
Isaac Edwards, Senior Counsel
Angela Becker-Dippmann, Democratic Staff Director
Sam E. Fowler, Democratic Chief Counsel
David Gillers, Democratic Senior Council
Rich Glick, Democratic General Counsel
C O N T E N T S
----------
OPENING STATEMENTS
Page
Murkowski, Hon. Lisa, Chairman and a U.S. Senator from Alaska.... 1
Cantwell, Hon. Maria, Ranking Member and a U.S. Senator from
Washington..................................................... 3
WITNESSES
LaFleur, Hon. Cheryl, Acting Chairman, Federal Energy Regulatory
Commission..................................................... 5
Gingrich, Hon. Newt, Chairman of the Board, Gingrich Productions. 15
Cooper, Ambassador Henry F., Former Director, Strategic Defense
Initiative Organization........................................ 19
Durkovich, Caitlin, Director, Toffler Associates................. 32
Manning, Robin E., Vice President, Transmission and Distribution,
Electric Power Research Institute.............................. 39
Wailes, Kevin, Chief Executive Officer, Lincoln Electric System,
and Member of the Board of Directors, American Public Power
Association.................................................... 49
ALPHABETICAL LISTING AND APPENDIX MATERIAL SUBMITTED
Brumley, Dr. David:
Response to Questions for the Record......................... 114
Cantwell, Hon. Maria:
Opening Statement............................................ 3
Cooper, Ambassador Henry F.:
Opening Statement............................................ 19
Written Testimony............................................ 21
Responses to Questions for the Record........................ 93
Durkovich, Caitlin:
Opening Statement............................................ 32
Written Testimony............................................ 34
Responses to Questions for the Record........................ 102
Gingrich, Hon. Newt:
Opening Statement............................................ 15
Written Testimony............................................ 17
Responses to Questions for the Record........................ 92
LaFleur, Hon. Cheryl:
Opening Statement............................................ 5
Written Testimony............................................ 8
Responses to Questions for the Record........................ 80
Manning, Robin E.:
Opening Statement............................................ 39
Written Testimony............................................ 41
Responses to Questions for the Record........................ 105
Murkowski, Hon. Lisa:
Opening Statement............................................ 1
Wailes, Kevin:
Opening Statement............................................ 49
Written Testimony............................................ 51
Responses to Questions for the Record........................ 109
THE THREAT POSED BY ELECTROMAGNETIC PULSE AND POLICY OPTIONS TO PROTECT
ENERGY INFRASTRUCTURE AND TO IMPROVE CAPABILITIES FOR ADEQUATE SYSTEM
RESTORATION
----------
THURSDAY, MAY 4, 2017
U.S. Senate,
Committee on Energy and Natural Resources,
Washington, DC.
The Committee met, pursuant to notice, at 10:09 a.m. in
Room SD-366, Dirksen Senate Office Building, Hon. Lisa
Murkowski, Chairman of the Committee, presiding.
OPENING STATEMENT OF HON. LISA MURKOWSKI, U.S. SENATOR FROM
ALASKA
The Chairman. Good morning. The Committee will come to
order.
I would like to welcome everyone to the Energy hearing this
morning. We are here to examine the threat that is posed by
electromagnetic pulse, that is known as EMP, as well as policy
options to protect energy infrastructure and provide for system
restoration in the event of an EMP attack. The United States
has recognized a potential EMP attack as a national security
threat for decades and our efforts to understand a potential
EMP burst are certainly not new.
The Department of Defense (DoD) and our national labs have
been grappling with these issues to one degree or another since
we first started testing nuclear weapons. Extensive tests in
the 1950s and 60s examined the potential impact of an EMP burst
on both military and civilian infrastructure. Today, however,
there is a renewed focus on understanding the effects of such
an attack and an increase of efforts directed at mitigating and
recovering from such an event should it occur. This issue is,
perhaps, more salient now than ever for several compelling
reasons.
First is the proliferation of nuclear technology which is
no longer limited to the U.S., Russia, China, the U.K. and
France. Other nations have tested nuclear weapons and missiles
to deliver them. Rogue nations, such as North Korea, may
already have or be close to obtaining these capabilities. We
must also be mindful of the potential for a non-state actor to
obtain a nuclear device. While their ability to use a missile
as a delivery vehicle for a high altitude EMP attack would
likely be more limited, we know that it cannot be ruled out.
Second is the proliferation of electronics in today's
society. Just about everyone in this room, I would venture to
say, has a smartphone. That is just the start of the devices
that we rely on, and that, in turn, rely on electricity and
electronics to function. This has magnified the impact as
compared to the potential impact in the 1960s that an EMP burst
could now have on the electric grid, the technologies that rely
on electronics and on our daily lives.
We must recognize from the start of today's discussion that
the threat posed by an EMP attack is a matter of national
defense. Defending our nation from a missile carrying a nuclear
warhead is clearly beyond the scope of the owners and operators
of energy infrastructure and their regulators. Nevertheless,
these institutions do have a role in protecting critical energy
infrastructure and providing for its restoration. As the owners
and operators of critical energy assets, our utilities must
assist government EMP experts in understanding how the electric
grid works.
For its part, government must prudently share its knowledge
and expertise with industry on a timely basis and approve or
direct prudent, reliability standards as warranted. There
really is no way around this.
On the one hand, we have defense and national security
personnel who are very familiar with the effects of a nuclear
detonation but who are not responsible for the complexities of
keeping the lights on. And on the other hand, you have
professionals in the power sector who know the grid but are not
familiar with the characteristics of a nuclear detonation.
It is critical that the electric industry and government
improve upon their mutual understanding and trust because it is
essential to the productive relationships that are necessary to
improve our ability to respond to EMP and other potential, high
impact, but low frequency events.
Both camps must work together to share information and
expertise. Our engineering schools and other conduits for
professional expertise must embrace a new paradigm for
considering and addressing security threats in the design and
operation of electric systems.
Improving our ability to respond to an EMP threat is also
an area where, like cybersecurity, the subject of another
recent hearing that we just had, stronger public/private
partnerships are needed and today's capabilities must be
improved. This hearing will consider as a policy matter whether
the appropriate federal agencies have the authority they need
to address this potential threat and whether additional
authority or direction is needed.
Back in 2005, we established authority for the North
American Electric Reliability Corporation, now NERC, through an
informed stakeholder process to establish, subject to the
Federal Energy Regulatory Commission's (FERC) approval,
mandatory, physical and cybersecurity standards for the
industry. More recently, in 2015, Congress codified the
Department of Energy (DOE) as the sector-specific agency for
energy critical infrastructure and provided the Secretary with
emergency authority to address a host of threats: cyber,
physical, geomagnetic disturbances and EMP. So we have taken
some steps, but many argue and believe that those steps are not
sufficient and that we still have a great deal of work in this
area.
Our task today is to consider the distinct points of view
about EMP brought to us this morning by our very distinguished
panel. I am looking forward to the testimony we will receive
from each of you.
I now turn to my Ranking Member, Senator Cantwell.
STATEMENT OF HON. MARIA CANTWELL,
U.S. SENATOR FROM WASHINGTON
Senator Cantwell. Thank you, Madam Chair.
I welcome the witnesses here today and thank you for
scheduling this hearing.
The electric grid is essential to our lives and also the
lifeblood of our economy. With the fate of our economy
dependent on access to reliable electricity, it is our
responsibility to ensure that the grid is prepared to withstand
many threats including natural disasters, including those
caused by changes in climate, extreme weather, physical attacks
of terrorism, cyberattacks, geomagnetic disturbances,
electromagnetic pulse, or EMP. We must continue to identify and
evaluate the threats to the system as well as appropriate
investments in technology to reduce these threats.
Threats to the grid are measured both by probability and
severity of impact. We must prepare and protect against all
these hazards, but we must prioritize based on the likelihood
of occurrence and severity of impact.
Electromagnetic pulse attacks are considered a high-impact,
low-probability threat, as I think, Mr. Manning, in his
testimony, indicates. We do not yet have the concrete science-
based analysis necessary to understand the threat and identify
effective solutions.
As a result, in 2001 Congress established a commission to
assess the threat from high-altitude electromagnetic pulse,
known as HEMP. In 2014, the Department of Homeland Security
(DHS) developed guidelines to help federal agencies identify
those options to protect critical equipment and facilities and
communication and data centers from these attacks.
The Department of Energy and the Electric Power Research
Institute (EPRI) are both engaged in studying the EMP threat
and releasing action plans for both government and private
industry.
The Departments of Homeland Security, Defense and Energy,
including our national labs, are actively engaged in studying
the effects of EMP and identifying proactive measures that can
help mitigate against these threats.
As Mr. Manning has noted, solutions to EMP threats to the
grid are not well understood. Much of the available information
is not specifically applied to utilities, making it difficult
for utilities and regulators to identify the options for
protecting that infrastructure. So I am pleased the work is
currently underway by both industry and the government to
identify our options.
I also want to say that threats to our grid are measured by
the likelihood of occurrence and severity and warming climate
has increased physical threats to our infrastructure with
rising sea levels, storm surge and extreme weather events.
According to NOAA, high sea surface temperatures have
contributed to a substantial increase in hurricane activity in
the Atlantic and the severity of those strong threats on our
grid.
In 2012, Hurricane Sandy tore through the East Coast
leaving a path of wreckage, rainfall, and knocked down power
lines, leaving 88.5 million homes and businesses in 16 states
without power.
In the State of Washington, we have seen extreme weather
changes. We have had landslides, flooding and sea level rise,
as well as drought, that has induced forest fires threatening
our grid. In 2014, large fires in Central Washington
substantially impacted the electric infrastructure with over
3,000 customers without power. I should say that the cost is
how much was actually burnt up in the fire, substantive
investments that had just been made by utilities in that
region.
Finally, I would like to talk about the issue of
cybersecurity that the Chair mentioned. While we have never
experienced a high-altitude EMP attack, the severity of
successful cyberattacks on our grid is growing and it is
significantly more likely that our grid is being tested for
cyber vulnerabilities every day by our adversaries. In fact,
Russia is believed to have deployed a cyber weapon to shut down
Ukraine's grid in both 2015 and 2016.
On March 14th of this year I asked the Trump Administration
to protect the growing grid vulnerabilities from cyberattacks
and make sure that we zero in on the appropriate assets. I sent
a letter to the Administration and to the Department of Energy
asking that they assess the capabilities of some of these
nations, of Russians, particularly, to hack into our energy
infrastructure, and I am looking forward to getting a response
since it has been several weeks since we sent that letter.
It is widely known the United States is under constant
threat from cyberattacks, and many cyber experts have come to
the same conclusion. It is not an if, but a when, a massive
attack on our grid will occur. In fact, the former Director of
National Intelligence, General Clapper, stated in 2015 that
cybersecurity is now more a significant threat to our national
security than terrorism.
So I am glad we are holding this hearing on the risks to
our grid, and EMP being one of them, but I hope that we will
also make sure that we continue to focus on cybersecurity. I
know we have had a hearing, and three other committees that I
serve on have also had cybersecurity hearings.
I think everybody is waking up to the fact that cyber is a
big issue. Obviously, Madam Chair, we passed the Energy Policy
Modernization Act out of the Senate, that the House failed to
act on, which had a major cybersecurity provision. So I hope
our colleagues over there will wake up to the importance of
that.
I look forward to hearing from our witnesses. And thank
you, Madam Chair, for the hearing.
The Chairman. Thank you, Senator Cantwell.
We are joined this morning by a very distinguished panel. I
welcome you all.
The panel will be led off this morning by the Honorable
Cheryl LaFleur, who is the Chairman of the Federal Energy
Regulatory Commission. She has been a member of the FERC since
2010. We appreciate all that you do on that very important
commission. We would like to get you a quorum so that you can
be working every day, but we are pleased that you are here this
morning.
Chairman LaFleur will be followed by a man who is well
known up here on Capitol Hill. It is a pleasure to welcome you
to the Committee. Chairman of the Board of Gingrich Productions
and former Speaker of the House, Speaker Gingrich has been a
leading voice on the issues and the dangers of an EMP attack.
We are very pleased to have you provide your insight this
morning.
Following Speaker Gingrich is Ambassador Henry Cooper. He
is the former Director of the Strategic Defense Initiative
Organization, and he was President Reagan's Chief Negotiator at
the Geneva Defense and Space talks. It is nice to have you at
the Committee this morning. Welcome.
Caitlin Durkovich is the Director at Toffler Associates.
Prior to joining Toffler, she served as the Assistant Secretary
for Infrastructure Protection with the Department of Homeland
Security under President Obama. It is nice to have you here.
Mr. Robin Manning currently serves as the Vice President of
Transmission and Distribution at the Electric Power Research
Institute, EPRI, where he oversees research and development
activities. We thank you for your leadership there.
The panel will be rounded out by Mr. Kevin Wailes, who
serves as the CEO and Administrator of Lincoln Electric System.
Mr. Wailes is also the Vice Chair of the Electricity Subsector
Coordinating Council.
We are pleased to have you all here. We would ask that you
try to limit your comments to five minutes. Your full
statements will be included as part of the record. Commissioner
LaFleur, if you would like to lead off, please.
STATEMENT OF HON. CHERYL LAFLEUR, ACTING CHAIRMAN, FEDERAL
ENERGY REGULATORY COMMISSION
Ms. LaFleur. Good morning and thank you, Chairman
Murkowski, Ranking Member Cantwell and members of the
Committee. I appreciate the opportunity to appear before you
today to discuss electromagnetic pulse, EMP, threats to the
electric grid in the United States. I very much appreciate your
attention to this important issue.
The Federal Energy Regulatory Commission, FERC, plays a key
role in the oversight of grid reliability. In 2005, Congress
entrusted FERC with the responsibility to approve and enforce
mandatory reliability standards for the nation's bulk power
system. Under the statute, FERC oversees the North American
Electric Reliability Corporation, NERC, in developing standards
to protect the reliability and security of the grid.
In addition to our work on mandatory standards, FERC has
also supported grid security through collaborative efforts with
federal agencies, states, industry and stakeholders. This work
is particularly well suited to revolving threats that require
action more quickly than a standard can be written. And as
Senator Murkowski noted, public/private communication on those
threats is critical.
FERC, NERC and industry have, over the last decade, put in
place a robust set of baseline standards to address a wide
range of reliability issues. In recent years, we've been
particularly focused on emerging threats to grid security,
including cybersecurity, physical security and the risk
associated with geomagnetic disturbances.
Geomagnetic disturbances to the bulk power system can be
caused in two different ways: naturally occurring geomagnetic
disturbances (GMDs) from solar activity and man-made EMP
events.
EMPs can be generated by devices that range from small,
portable suitcase units all the way through detonation of
nuclear weapons in the upper atmosphere. EMP devices can
generate three distinct effects: a short, high energy burst,
called E1, that can destroy electronics; a slightly longer
burst that is similar to lightning termed E2; and a third
effect, E3, that generates electric currents in power lines and
equipment which can then damage equipment such as transformers.
In the case of GMDs, naturally occurring solar magnetic
disturbances periodically disrupt the Earth's magnetic field
which in turn can induce currents on the electric grid that may
cause voltage instability or destroy key transformers over a
large geographic area. GMD events are similar in character and
effect to the final phase of EMP, E3.
I'll briefly touch this morning on some of the work FERC
has done that can help address EMP.
First, FERC developed the directed, excuse me, FERC
directed the development of standards on GMD that can help to
mitigate the E3 effective EMP based on a 1 in 100 years' solar
storm benchmark event. Second, FERC directed the development of
a physical security standard, like the GMD standard now
effective and in place, that can help protect against attack
from small, portable EMP devices which require proximity to
their intended targets. Third, FERC has supported efforts to
protect the grid, the resilience of the grid, against all risks
which improves its ability to respond and recover from major
outage events whatever the cause.
For example, mandatory reliability standards require backup
capabilities for the loss of critical assets which reduces the
potential for cascading outages. FERC has also issued orders
concerning grid assurance and EEIs, spare transformer equipment
program, which are efforts to protect customers from prolonged
outages by providing electric utilities timely access to
emergency transmission equipment that otherwise would take
months or longer to acquire.
As I expect we will discuss today, FERC has not to date
directed NERC to develop a specific standard specifically
targeting EMP. To be clear, I believe this is the result of
recent consideration of the issue, not a lack of attention or
willingness by FERC to address EMP threats. Although much work
has been done, there remains a significant amount of scientific
research and debate underway about how EMP, particularly the E1
component, affects the electric grid.
I particularly want to highlight the work being done by
DOE, Los Alamos National Lab, Idaho National Lab, an amazing
place I visited a couple years ago, DHS and the Electric Power
Research Institute, which I believe will help improve our
understanding of EMP impacts on the electric grid and more
importantly, how best to target our actions to mitigate them.
FERC is closely engaged in all these efforts to understand
and address the EMP threat as more fully detailed in my written
testimony. Those efforts will and must continue, and I'm
confident that should FERC determine that a reliability
standard is warranted, it will exercise its authority to
require one as it has with other threats, like GMD and physical
security.
Thank you for the opportunity to testify, and I look
forward to your questions.
[The prepared statement of Ms. LaFleur follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Chairman LaFleur.
Speaker Gingrich, welcome.
STATEMENT OF HON. NEWT GINGRICH, CHAIRMAN OF THE BOARD,
GINGRICH PRODUCTIONS
Mr. Gingrich. Thank you very much for holding this hearing.
I think it's very important and I commend the Chair and the
members for putting time in on this.
I just want to focus backward from consequence.
A good friend of mine and co-author of several novels, Bill
Forstchen, wrote a novel called, ``One Second After,'' which is
the study of a small town in North Carolina during the year
after electricity was knocked out by an EMP attack. And it's
really worth looking at because we take electricity for
granted. Even in relatively short outages as we had in April in
New York, San Francisco and Los Angeles, people are remarkably
inconvenienced.
But it turns out, for example, all the drugs we rely on for
a wide range of things require refrigeration. And the minute
you start knocking out the system, there's a cascade of
consequences.
We've known indirectly since 1859 with the Carrington event
that something can happen that has an effect back then and
knocked out telegraph lines but we weren't relying on
everything that's electronic that we do today.
We've known since 1962 that there can be a manmade event at
a high altitude which knocks out electricity because it knocked
from Johnston Island, it knocked out lights in Honolulu.
The challenge we have with the electric grid is it's
actually designed for efficiency and it's a remarkable
achievement. The problem is efficiency, it leads to fragility.
And so, from your perspective, you both have to look at notable
points which could be knocked out physically or by a local EMP.
You have to then look at cyberattacks, and then you have to
look at EMP attacks.
The grid is vulnerable at all three layers. And if somebody
were to methodically come in here, they would find, I think,
there are as few as nine notable points you could knock out
that would have a catastrophic effect because it would lead to
a cascade of systems to shutting down.
If you then looked at the effect, potentially, of either
the series of local EMP attacks or a high-altitude EMP attack,
you're talking about a catastrophic event from which,
conceivably, you couldn't recover for years.
So, I would--a couple of quick things. One, the Congress
should look at EMP attacks as one of the three great threats to
our survival. The other two being cyber warfare and nuclear
weapons, and they should regard all three as catastrophic. For
us to survive as a civilization we have to be able to defeat
all three of those threats. Two, I think that the Congress
should communicate a sense of urgency. There are a lot of
people doing a lot of good things at a relatively leisurely
pace and trying to be reasonable. If you work back from
consequence, you rapidly become unreasonable because the
consequences are so horrible. This is like 9/11 where we said,
gee, we hadn't thought about an airplane hitting a building
which is nonsense. Tom Clancy had written about it a decade
earlier, but nobody wanted to cut through and say so, what
would you have to do to stop that from happening? After the
event, we did all sorts of things to make it harder to take
over an airplane. We're in the same boat right now except here
we're gambling on our civilization. This is vastly bigger than
9/11.
I would suggest a couple things. One, that Homeland
Security and Department of Energy should have some very
rigorous war games thinking through all the permutations of
what could happen and they should look for the key notable
points where you could, in fact, begin to fix the system
because there are a number of steps that are going to be taken
to make the system more resilient and to make it more difficult
to take out. Two, I would look at the new infrastructure bill
to consider having a substantial part of the national security
infrastructure component. Three, if you were to go through and
cut out a lot of the red tape that the electric industry has to
deal with, the time value of money you would save would
probably more than pay for everything you're going to ask them
to do on EMP.
And so, there are very practical things that can be done
here but you need to somehow communicate to the Executive
Branch, you need a sense of urgency. We need to understand that
every morning we get up, we're a step away from catastrophe.
And let me just note that the NASA has estimated that the
potential for the sun to hit us with a, it's different than a
man-made, but nonetheless equally dangerous, the potential for
the sun to hit us with the, effective of the Carrington effect
is about 12 percent per decade. That we're now overdue for that
happening. We apparently came within one week of it happening
and happened to be out of position for the sun so the solar
flare missed us. But that should give us a reminder.
I'll just close by saying there's a historium. Work back
from the consequences. When you have a high likelihood that
over the next 20 to 30 years something this consequential is
going to happen, there has to be a sense of urgency by blocking
it from occurring because if it does occur, it could literally
end civilization as we know it.
[The prepared statement of Mr. Gingrich follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Speaker, thank you very much for your
comments and reminding us of the imperative here.
Ambassador Cooper, welcome.
STATEMENT OF AMBASSADOR HENRY F. COOPER, FORMER DIRECTOR,
STRATEGIC DEFENSE INITIATIVE ORGANIZATION
Ambassador Cooper. Madam Chairman, Ranking Member and
members, I very much appreciate the opportunity to testify
before you today on my views of this important issue.
Actually, Speaker Gingrich has covered a lot of my material
which is a good thing because I wasn't sure I could get through
even my abbreviated comments here.
I guess I would like to say that I add that we're living
through the most dangerous period of my lifetime for a number
of reasons, but the vulnerability of our national electric
power grid is among the most important and we are collectively
continuing to endure or to take ineffective countermeasures to
deal with it.
Frankly, I've become so concerned about the
dysfunctionality of the Federal Government, both the Executive
and the Legislative branches, that I am now spending most of my
time working with private citizens, local and state authorities
and happily, some key people in the electric power industry to
begin working this problem from the bottom up believing that if
enough of our citizens gain a real understanding of the issues
and how they can actually turn--must be addressed at the local
level then Washington eventually will begin to do the right
thing in addressing this urgent problem.
I went through another set of issues in my summary comments
here that have largely been covered already that I want to skip
over and turn to the comments written by the Chairman of the
EMP Commission which was chartered, as you know, by the
Congress to deal with these issues, in a letter April 20th, to
Secretary of Energy Perry. The EMP Commission, and these are
their comments, I want to make clear. I share their views for a
lot of reasons, but these are their comments. They view the
current efforts to address natural EMP threat are ``producing
grossly inadequate standards for protecting the grid,'' to
quote its Chairman, Bill Graham, who is a colleague of mine for
many years. He further noted the Commission's concern over
misleading and erroneous studies by NERC and others that
grossly underestimate the natural EMP threat from solar storms
and dangerously have become the basis for grossly inadequate
standards approved by FERC.
Perhaps more importantly he noted the Commission's concern
that the 2014 Obama Administration Intelligence Community
Assessment of the nuclear EMP threat is profoundly erroneous
and perhaps the worst ever produced on EMP, and that has been
used to thwart efforts to protect the nation against nuclear
EMP by dismissing the threat, despite overwhelming evidence to
the contrary.
He also noted that the nuclear EMP is the ultimate cyber
weapon threat and its military--in the military plans of
Russia, China, North Korea and Iran for combined arms cyber
warfare that they will see decisive new revolution in military
affairs as a consequence.
He indicated to Secretary Perez and Perry that the
Commission is also very concerned over misleading and erroneous
studies recently completed by industries, Electric Power
Research Institute and grossly underestimate the nuclear EMP
threat.
These and other bureaucratic issues led me, a couple of
years ago, to lose confidence that we were ever going to deal
with this problem from the top down, and I decided to try to
work it from the bottom up.
My written testimony goes into some detail discussing the
work I am doing, along with Duke Energy engineers. Duke Energy,
as you probably know, is among the largest, if not the largest,
energy company in the nation. And we were working on a pilot
study in York County and Gaston in South Carolina and Gaston
County in North Carolina. And of course, Duke's corporate
headquarters are in Mecklenburg County which is a neighbor to
those two counties. We are engaging with local authorities,
particularly the folks in Rock Hill which is a bedroom
community for Charlotte as well as an important area of its
own.
This is important because the nature of the grid is, I'm
sure this Committee knows, a crazy quilt patchwork of co-ops
and electric utility companies across the nation, some, I don't
know, 2,000 or 3,000, I understand. Unless those folks are
actively involved in working the problem and providing the
loading conditions that they can and will need at Duke Energy
to produce the power and get it to the local subscribers, then
we're going to have the consequence that the Speaker referred
to earlier.
Water and waste water is a key matter, for example. Duke
Energy doesn't provide the electricity to the water and waste
water operations in Rock Hill. That's provided by a different
utility. And unless that utility is working hand-in-hand with
Duke, then you're going to have hospitals running out of
electricity very shortly and, as I understand it, without water
those hospitals will be experiencing deaths within hours.
So this is an important issue. I urge you to have the EMP
Commission which, in my view, is the nation's top authorities.
Many of the engineers were involved in the DoD from the
earliest of days dealing with this issue, and that is where the
expertise originally has been. The DoD is not particularly
helpful in working this problem today.
The Department of Energy, while I have great respect for
the engineers at our laboratories, is reinventing lessons that
were learned the better part of a half century ago. And it's
absurd, in my judgment, that we find ourselves in this
situation.
I hope the Committee can help deal with the communication
problems within the Executive Branch as well as help us work
this problem from the bottom up.
Thank you, Madam Chairman.
[The prepared statement of Ambassador Cooper follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Ambassador.
Ms. Durkovich, welcome.
STATEMENT OF CAITLIN DURKOVICH, DIRECTOR,
TOFFLER ASSOCIATES
Ms. Durkovich. Thank you.
Good morning, Madam Chair and members of the Committee.
Thank you for inviting me to testify today on protecting our
energy infrastructure from the threat posed by electromagnetic
pulse.
My name is Caitlin Durkovich. I had the honor of serving
eight years in the National Protection and Programs Directorate
(NPPD) at the Department of Homeland Security, first as the
Chief of Staff and from May of 2012 to January of 2017 as the
Assistant Secretary of Infrastructure Protection. NPPD leads
the national effort to protect and enhance the resilience of
our nation's physical and cyber infrastructure. I transitioned
from government to Toffler Associates, a future-focused
strategic advisory firm that architects better futures for
public and private sector clients.
Over my nearly 20-year career in homeland security, I have
seen critical infrastructure public-private risk management
redefined to address emerging, complex issues from violent
extremism to complex mass attacks, cybersecurity grid and GPS
resilience, extreme weather and electro and geomagnetic
disturbances.
I have co-chaired interagency task forces that have
integrated the private sector into government strategies,
including those that are most relevant here today--the Joint
U.S.-Canada Electric Grid Security and Resilience Strategy and
the National Space Weather Strategy.
There is no doubt that we live in a dangerous world. State
and non-state actors, insiders and promulgators of
disinformation are growing in kind and consequence. Borders no
longer protect us whether our shores or the fences and walls of
our organizations. We have built a complex ecosystem where
disruption in one node can ripple across the system and where
threats are not bounded to one sector or one industry nor can
we protect against every threat and secure every building
system and network. Our country is too big; our infrastructure
too interdependent; the cost too expensive; and, the outcome
would alter our way of life.
This is why we are in the business of risk management.
Think of a matrix where the x and y axes are increasing
likelihood in consequence, respectively. A denial of service
attack is highly probable, but the impact to a company and its
operations is minimal.
Most natural disasters are high likelihood and low
consequence. Superstorm Sandy or a 9.0 Cascadia Subduction Zone
event are exceptions and flip, low likelihood, high
consequence. A cyberattack against industrial control systems
like the December 2015 attack on the Ukrainian power grid,
lower probability than denial of service, but certainly more
consequential. In 1859 Carrington Light GMD event. As Speaker
Gingrich said, we are long overdue. And so, I would say it is
more likely and certainly high consequence. There are half a
dozen more risks on that matrix, including a high-altitude
electromagnetic pulse, and we place it at a very low
probability but high consequence.
All of the risks on this matrix must be managed. Since
critical infrastructure is largely owned and operated by the
private sector there are finite resources in a world where you
have a business to operate, shareholder obligations, regulatory
costs and rate recovery, just to name a few.
I want to be clear. We have not ignored the threat of an
EMP. Industry and government are working hand-in-hand to better
understand the impacts of EMP. The work that EPRI is doing is
critical to understanding how the systems and its parts would
be affected. This critical modeling can help inform where
investments and shielding will have the maximum value and what
operational procedures can mitigate voltage collapse. And much
of this effort can be applied to mitigating the consequences of
a GMD where we will have time to put measures in place and
manage flow thanks to improved space weather forecasting and
alerting.
Equally important is the fact that we understand an EMP,
like many threats and hazards, is sector agnostic. Disruption
to communications during incidents hampers response and
restoration efforts. Malicious actors understand this, and
Mother Nature is undiscerning.
There is debate about the sophistication of the attack on
the Metcalf Substation that supplies power to Silicon Valley,
but the perpetrators knew enough to cut the fiber lines that
controlled 911 and downstream communications. A telephone
denial of service attack hampered the ability of customers to
call and utility operators to talk to each other in the
Ukrainian incident.
An EMP or GMD will impact communication systems and data
centers and, therefore, command and control. To industry's
credit, they are looking beyond prioritized calling services as
a contingency plan but it illustrates why we cannot take a
silent approach and must understand the vulnerabilities caused
by the intersections of these sectors.
This complex risk environment is what has given way to the
public/private partnership. While government brings important
capabilities to the table, information sharing, private sector
clearances, research and modeling, war gaming, industry is
heavily invested in ensuring its reliability and resilience.
Disruptions impact their bottom line, their brand and their
industry.
It is why the Joint U.S.-Canada Electric Grid Security and
Resilience Strategy, the National Space Weather Strategy and
the Joint Electromagnetic Pulse Resilience Strategy and
corresponding action plans are critical. They lay out high-
level goals for government and industry to guide action and
investment, to enhance resilience and accelerate recovery from
these types of events.
In conclusion, we are managing a complex risk environment
and cannot protect against every threat and secure every asset.
There is no one-size-fits-all approach. The solution requires a
whole of community risk-based approach focused on mitigation
planning and investment in a modern and secure infrastructure
that is resilient to the threats of today and tomorrow.
Thank you, and I look forward to your questions.
[The prepared statement of Ms. Durkovich follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Ms. Durkovich.
Mr. Manning, welcome.
STATEMENT OF ROBIN E. MANNING, VICE PRESIDENT, TRANSMISSION AND
DISTRIBUTION, ELECTRIC POWER RESEARCH INSTITUTE
Mr. Manning. Thank you, Madam Chairman, members of the
Committee. Good morning.
I want to share with you a bit of history, if I can. I am a
Vice President of Transmission and Distribution for the
Electric Power Research Institute, but also spent 30 years at
Duke Energy and another six at the Tennessee Valley Authority
(TVA). And through this time my responsibility was leading
construction, operation and maintenance of energy
infrastructure.
So, as the Chairman put it so well earlier, I kept the
lights on across the United States. As the leader of TVA's
transmission organization in the 2008-2009 timeframe as I read
the EMP Commission report, I struggled to understand how I
could take the plethora of information that was available on
EMP and practically apply it to create some sort of a plausible
approach for risk management associated with TVA's system.
And that's exactly what EPRI is attempting to do as we are
now one year into a three-year research project, began in April
of 2016. Our project objective is to develop cost-effective
mitigation tools, to develop recovery options for utilities and
to form a basis for decision-making that provides utilities,
like the TVA, the information that is necessary to effectively
protect their customers from the EMP threat.
This project now has financial support from 57 U.S.
utilities, making this project one of the most widely-supported
collaboratives ever at EPRI. We're also collaborating very
closely with the U.S. Department of Energy with national labs
and the U.S. Department of Defense.
We have seven tasks on this project. Many of these tasks
are being completed in parallel with various expected
completion dates over the remaining two years of the project.
We are seeking greater characterization of the HEMP threat as
it relates to electric infrastructure; we're investigating
specifically how EMP propagates and how it couples to power
systems; we're testing that equipment to understand at what
level do we begin to see damage from EMP events; and then we're
combining the threats and the vulnerabilities to understand a
more complete picture, a holistic picture of EMP impacts to
infrastructure. But together this information provides
methodologies and tools to support risk-informed decision, and
of course, it's our intention to communicate our research
findings to public policymakers and other stakeholders
throughout the process.
For example, in February we released publicly a report
assessing the impacts of a HEMP-generated, E3 energy wave on
bulk power transformers. We advanced a series of a test nuclear
blast across the United States, 11 different locations and
assessed the value of each of those. We used advanced modeling
assessment techniques as well as conservative assessment
criteria and conservative engineering judgments throughout.
The results of this study indicated that damage to a large
number of bulk power transformers from E3 is unlikely. Even so,
the results of the assessment should not be interpreted to mean
that HEMP or even the E3 would not adversely affect bulk power
system reliability. The potential for widespread outages due to
voltage collapse or the combined effects of E1, E2 and E3 are
still being investigated.
Certainly impacts from HEMP are real; however, evaluating
the effects of such events on complex systems like our electric
power grid requires concrete, scientifically-based analysis
from people who understand the power system. With greater
understanding, cost-
effective mitigation and/or recovery options can be developed
and deployed.
The utility industry is poised to take further action, and
more scientific research enables these actions to be both
appropriate and cost effective for consumers.
At EPRI we are committed to providing sound science-based
solutions to these complex problems and will continue to offer
technical leadership and support to the electricity sector to
public policymakers and other stakeholders to enable safe,
affordable, reliable and environmentally responsible
electricity to the people of the United States.
Thank you for your time. That concludes my testimony. I
look forward to your questions.
[The prepared statement of Mr. Manning follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Mr. Manning.
Mr. Wailes, welcome.
STATEMENT OF KEVIN WAILES, CHIEF EXECUTIVE OFFICER, LINCOLN
ELECTRIC SYSTEM, AND MEMBER OF THE BOARD OF DIRECTORS, AMERICAN
PUBLIC POWER ASSOCIATION
Mr. Wailes. Chairman Murkowski, Ranking Member Cantwell,
members of the Committee, thank you for giving me the
opportunity to testify today.
My name is Kevin Wailes. I'm the CEO of the Lincoln
Electric System (LES) in Lincoln, Nebraska. I'm testifying on
behalf of the American Public Power Association (APPA) on whose
Board of Directors I serve. APPA is the voice for not-for-
profit, community-owned utilities that serve 49 million people
nationwide.
I also serve as the Co-Chair of the Electric Subsector
Coordinating Council which is made up of 30 utility and trade
association CEOs and serves as the electric sector's principle
liaison with the Federal Government on policy level security
issues.
The electric sector takes very seriously the threat of
electromagnetic pulse, or EMP, events and certainly, if you
consider reliability, it's what we do. That's the primary
objective for electric utilities in the first place.
Chairman LaFleur provided a good description of the various
types of EMP events. I want to emphasize, consistent with
Senator Murkowski's, Chair Murkowski's, opening comments, that
in effect a HEMP attack is an event that would be an act of war
or terrorism, and in fact, is the responsibility of the Federal
Government to prevent, as a matter of national security. But
that doesn't mean that we don't take it very serious in trying
to develop how we might mitigate that.
The technical impact of a HEMP event on the electric
infrastructure is uncertain. Though through a collaborative
effort, as mentioned by Rob, with the Electric Power Research
Institute and the Federal Government were conducting research
to gain more information to be able to provide that mitigation.
Some proposed the electric industry should install a
particular protected device or fully gold-plate the entire grid
so that it could survive a HEMP event. However, there's really
no consensus on what measures should be taken at this point.
The potential unintended effects of that type of protection on
the grid or how successful the efforts would be if we, in fact,
tried to do that at this time.
Cost is a significant factor. As a community-owned, not-
for-profit utility, all additional costs borne by LES, for
example, would have to be passed directly on to our customers.
Assuming EMP blocking devices could be installed to protect
the entire grid, power supply would still likely be disrupted
by a HEMP event due to the collateral impacts on other critical
infrastructures, as mentioned by Ms. Durkovich, the utilities
rely on to provide services.
EMP are one of many threats the electric sector must
confront, as other witnesses identified, including severe
weather events, geomagnetic disturbances, cyber and physical
attacks. Given this broad threat landscape, our industry
understands that we cannot protect all assets from all threats
and instead we must manage that risk.
To do this, the electric sector follows a multilayered risk
management approach to grid protection. A HEMP event is a high-
impact, low-probability threat. We take EMP event threats
seriously, but we must consider them within the context, a
broader context of all threats. A cyberattack aimed at
disrupting electric service would be a relatively cheaper and
easier weapon to deploy and finding the needed nuclear
materials and delivery vehicle to deploy that type of weapon.
So clearly, we must place more effort on mitigating the highest
and most profitable risk, probable risk.
Given industry cannot protect the electric grid from all
potential threats, we focus on all hazard recovery, that is,
regardless of the cause of damage to the electric system,
preparations to ensure mitigation, response and restoration are
substantially the same. Grid operators must prioritize critical
asset protection, engineer redundancy on to the system and
stockpile spare equipment and as also mentioned, there are
several programs that are ongoing with respect to enhance that
capability given these new threats.
In conclusion, electric utilities are working on multiple
fronts to increase the scientific understanding of the
potential impacts of EMP. As policymakers, there are several
ways that you all can support that effort.
First, the EMP Commission should be directed to work with
owners and operators of critical infrastructure, EPRI, the
North American Electric Reliability Corporation, and help
assist the Electric Subsector Coordinating Council (ESCC), I'm
sorry, and assess the vulnerability to the electric grid to
EMPs. Collaboration between experts on EMP and experts in the
utility industry will end up with the best product.
Second, we need to ensure that the classified reports and
research produced by both DoD and DOE are available and that
can accurately reflect the threat we're trying to evaluate so
we can come up with the best solution.
Finally, this is an extremely complex issue that cannot be
solved with a one-size-fits-all solution, as previously
identified. Prescriptive legislative directives could have
unintended consequences and saddle ratepayers with increased
cost with no associated value.
Similarly, protecting the current successful standards in
process put into place by the Energy Policy Act of 2005 is
critical. This structure produces standards based upon expert
input and necessity when it comes to vast and complex bulk
electric system.
Thank you for the opportunity to testify, and I look
forward to answering any questions as part of the panel.
[The prepared statement of Mr. Wailes follows:]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
The Chairman. Thank you, Mr. Wailes. Thank you, all, for
your comments here this morning.
Let me start with just a broad question to you all. Is it
fair to say that you would all agree that an EMP attack is, in
the first instance, a threat to national defense? Do we agree
that is what we are dealing with?
Ms. LaFleur. Yes, Senator.
The Chairman. Chairman?
Mr. Gingrich. Yes.
Ambassador Cooper. Yes.
Ms. Durkovich. Yes.
Mr. Manning. Yes.
Mr. Wailes. Yes.
The Chairman. Okay, we have agreement here.
Now the question is what we do with this?
I do appreciate the various suggestions that have been
presented here and how we can work to protect, how we can
become more resilient.
Speaker Gingrich, you mentioned the prospects for a broad
infrastructure package and what we might be able to do in the
context of national security. It begs the question, though, and
you have indicated, Mr. Wailes and I think others have said,
this is a tough order. There is really not a one-size-fits-all
here. But is there commercialized technology the industry could
use to protect against EMP attacks, and if not, what are the
barriers to deploying the technology?
Cost has been mentioned, most specifically, but how
prepared are we, if we were to get this infrastructure package?
Do we have something that we could actually lay down there that
could be constructive? I will let anybody jump on this one.
Mr. Gingrich. Let me, if I can for a second, I want to
make, sort of, a deeper point about where we're at.
We've done an extraordinarily elegant job operating off of
a paradigm of efficiency to create an electric system for North
America. It's really extraordinary.
You now have to shift from that model to a model that says
you want resistance, redundancy and resilience. Then you have
to create, first of all, just the model and that's why I said--
part one of this is, at least in part, the Department of Energy
and the Department of Homeland Security modeling what would
that system look like.
It's not a situation where you get a choice, where you get
to say, you know, I'm going to take the risk of being destroyed
by cyber because I'm really going to focus on EMP. You've got
to look at all the major threats, figure out what the notable
points of defense are against all of them and then design a
policy to fit that. And this will be the more expensive system.
Then you've got to figure out what part of that more expensive
system is a national defense requirement in which case it ought
to be borne directly by the government. What part can you
legitimately say we can find offsetting savings, as I mentioned
earlier, just in cutting the red tape and the time, value and
money you could save an enormous amount of resources that the
industry would, I think, be happy to swap and put that money
back into a more resilient system.
But I think you've also got to ask the question, I think
there ought to be real urgency and cutting through all of this
and setting very tight deadlines for implementation because I
think we've known since 2004 that the Russians have given the
North Koreans this capability. We've known since the 1990s that
the Chinese have been developing this capability. And the
capacity for a North Korean satellite to have an EMP weapon is
a very real danger in real time, today.
So, I think we have to have, well, almost, a wartime
urgency of setting this up, offsetting the cost and to your
point, in some areas we don't currently have a solution and
there are obvious significant research projects, DARPA and
others, to be engaged in figuring out the specific breakthrough
points, how are we going to solve these things? Because if we
don't solve them there's a genuine catastrophe that could
happen that would be of horrendous consequence.
The Chairman. Chairman LaFleur, and as you answer this I
want to know whether you believe FERC has sufficient regulatory
authority to address these EMP concerns and really, where we
are with that, as you respond to this other point.
Ms. LaFleur. Thank you, Senator. I'll take the questions in
turn.
So, your first question was is there technology available
to protect against EMP? The answer is there is some technology
available to protect some equipment against EMP. For example,
the military sheaths some of its intelligence equipment in
metal in some of its intelligence centers. So there is some
technology available.
The difficulty on the electric grid is knowing where you
would deploy the technology to best protect the grid in an
effective way because when we are going to mandate a standard
for thousands of transmission owners, we want to make sure it's
going to work and it's going to do the job that it's intended
to do.
Speaker Gingrich has referred to the study of the nine
substations. I know that's a controversial study. I've
testified about it here before. That was a study that was
looking at simultaneous physical attacks on transformers and
cascading of transformers, whether its results are right or
not, that's what it was talking about.
If I were to go to protect the grid from EMP I'm not sure,
I'm quite certain those nine substations, wherever they are,
are not where I would go. I'd probably go to the control
centers first because you can't even turn a substation on and
off without the communications from a control center. Those are
ubiquitous in every territory.
So we need to figure out, for this risk, which is different
from a storm or a, even different from the risk we're
protecting against with the physical security standard which
was for the substations, where is the best place to go? That's
the work Mr. Manning and others are doing.
To your second question, we do not have the authority, as
you know, under the law to write a requirement ourselves and
say everyone, you have to do this. We have been given a complex
statute under which we oversee NERC in a voting protocol, and
they file a standard. We can reject it if it's not strong
enough and make them change it. We can direct them to do a
standard but it's a--that's the way the structure works.
Within that authority, we could certainly direct NERC and
the industry to do a standard if we believed we knew what they
should do. And I have every confidence they would respond as
they have with GMD, physical security, supply chain management
and other things where they opposed initially but when we
directed it, they did a standard.
The Chairman. I appreciate that, thank you.
Senator Franken.
Senator Franken. Thank you, Madam Chair.
In reading through the testimony provided for today's
hearing, it became clear that some of the witnesses are quite
alarmed about the threat of an EMP attack and the potential
societal impacts and others are clearly more circumspect.
Chairman LaFleur, could you comment on where we should
direct the efforts and resources we devote to enhancing grid
security? What should our priorities be? Where would you place
physical attacks which is on Metcalf, cyberattacks, EMPs, GMDs
and other threats on a triage list?
Ms. LaFleur. Well, it's a difficult question because we're
comparing attacks that are very numerous and kind of low
barriers to entry, like cybersecurity when you don't have to be
a nation-state. A lot of people can do it too, as several have
said, high impact, low probability.
I mean, I think that, first of all, we have to have a
strategy for all attacks. I think right now I would probably
put cybersecurity as number one, but that doesn't mean we don't
need to protect our substations from physical attacks or that
we don't need to protect against solar storms, which we are
protecting against, and work on the EMP issue and figure out
how to protect that.
I think taking a step back, to me, where we should be
going, the real solution, is to build resilience into the grid,
to build the grid in a way that we have more redundancy, that
we can island, that we have more inventories as we're working
on because that works against all risks.
I think resilience, which is increasingly where our efforts
are going, is the strategy that works, whether it's a hurricane
or an earthquake or something else.
Senator Franken. So when you are talking about island mode,
making sure there are just, sort of, circuit breakers, the
opposite of circuit breakers, just so that if one goes down,
not everything goes down.
Ms. LaFleur. Well, you can't obviously, you can't have a
backup for everything, but we have standards, for example, that
critical control centers have to have backups, secondary supply
lines and so forth.
In the geomagnetic disturbance standard, the first part of
the standard we put out was an operating procedure standard.
When we hear from NOAA that there's a solar storm coming within
half an hour, there's an immediate transmission to every
control center in the United States. And they have to know,
okay, which--how do I go into safe mode? What do I do in the
time that I have?
Now, we might have no warning of a bomb, but for GMD,
that's precisely what they're working on.
Senator Franken. Okay.
Mr. Wailes and Mr. Manning, can you give the perspective of
those who work in the industry and daily face of the near end,
long-term threats to the security reliability and resilience of
our electrical system? Which threats do you believe we should
prioritize?
Mr. Wailes. I actually concur with Chairman LaFleur. And
we're looking at today's environment, we see the cybersecurity
threat as a much higher threat. And we have a significant
investment and a lot of work going toward that, as we speak.
But I would like to address, kind of, the perception that
we don't have a lot of redundancy built into the system now.
That is actually part of the core of reliability, again, is
electric utility, reliability and low cost are our primary
objectives, but reliability is the primary one.
So whether you're talking about, you know, transformer
capacity to serve substations or you're talking about circuits,
all of that is looking at that reliability is built into your
generation fleet. When you look at how you plan against
generation and reserves for different types of events, that is
something we do routinely, but there are different things that
we're looking at with current day threats that hadn't existed
previously and how we're going to deal with those.
The research that EPRI is doing, the work we do, for
example, with the ESCC. I think one of the striking things,
many of you may have heard about the GridEx exercises which are
really significant exercises that are developed between the
Electric Subsector Coordinating Council, NERC and the ISAC,
which is the electric sector Information Sharing and Analysis
Center. They take a year and a half to develop these exercises,
and they look at very catastrophic types of events.
Some of the learning out of that that we get between the
Federal Government partners and the industry is more of an
understanding of how much redundancy is in the system and some
of the issues that we have to actually share information about
how are we going to be more resilient and how are we going to
respond. All of those things are an ongoing approach for us, on
a continual basis.
The difference is those threats are changing. And that's
one of the things we found, even with the EMP threat. And we
all thought there was a cold war we didn't have to worry about
that anymore, nor did we have, as pointed out in the opening
comments, the kind of sensitive--we had analog devices. We
didn't have devices that were as sensitive as we do today.
So as those threats have evolved, we have to get more
understanding about how they impact what we do. And we also
know that the easier threat now to us is a cybersecurity threat
and the physical security threats.
Senator Franken. I know I am way over.
Mr. Manning, would you respond to that briefly?
Mr. Manning. Yes, Senator.
The first thing that came to my mind is that we like the
information to make that decision, that we react, based off of
our experiences. So if we have a high probability of
cyberattack, then we immediately respond to cyber issues.
We lack sufficient information to understanding exactly
what the probability is and what the severity is of attacks
like EMP. That information is becoming clearer and we're
beginning to understand that. And once we have adequate
information about EMP, then we can balance that sufficiently, I
believe, with threats like cybersecurity where we have quite a
bit of information.
Actually, I think we talked about it earlier that risk is
really about managing probability and severity and we have to
look at both of those things. Well, in the industry we can do
absolutely nothing about probability of an EMP attack, so we're
focusing all of our efforts on severity. And if we can reduce
the consequences of an EMP attack to the point where the
probability no longer matters, then I think, we've actually
made progress.
Senator Franken. I just want to make one last comment which
is really a question.
Is this an argument for more distributed energy, more solar
panels on rooftops, more island mode energy?
The Chairman. Let's go to Senator Cassidy.
We will leave that question hanging.
Senator Franken. The hanging question.
Senator Cassidy. I will start with Ms. LaFleur.
Madam Chair, the Hawaii outage after the atmospheric
nuclear test, was that due to an E1, E2 or E3?
Ms. LaFleur. I believe it was due to E1. I believe it was
communications equipment that was destroyed.
Senator Cassidy. Mr. Manning, you all have looked at, you
said, E3 and found it to be less consequential than a severe
GMP. What I read in my notes is that E2s are more like
lightning so it seems like E1 is, you said, not yet tested.
Now, again, just coming up to speed, what you already know.
So that is communications. Would that also threaten the grid or
no, would this be specific--more likely to affect
communications?
Mr. Manning. If I can circle back on that question.
Our findings on E3 are also partial. There is still
additional work to be done on E3. We specifically investigated
impact of bulk power transformers. We looked at the 37,000 or
so bulk power transformers in the continental U.S. grid. As a
result of only the E3 pulse, what we discovered is that the
damage to those would likely be less severe than originally
thought.
It has----
Senator Cassidy. I only have three minutes.
You have got to hustle, man. I am sorry.
[Laughter.]
Mr. Manning. It has a correlation to GMD, but it's not
directly related to GMD; however, you can't stand that up on
its own. It must be associated with the plethora of energy
waves from a nuclear attack. So you must consider E1, E2, E3,
all together, and we've only begun to consider that.
Senator Cassidy. I got ya. So, whatever my questions about
E1, it has to be considered within the context of E1, E2, E3,
conglomerately.
Mr. Manning. Absolutely, unless it's a handheld device
which is only an E1 pulse.
Senator Cassidy. Madam Chair, speaking of a geomagnetic, if
I am getting all that right, what I quickly read about the
Carrington event is that there was a 17.6-hour lead-in. They
saw the flare, but the physical effect was not seen. And I read
that in some places they actually unhooked their telegraph from
the power source.
Typically you would have a several day lead-in. We see the
flare. That said, is it possible if there is such a flare from
the sun that everybody could go home and unplug their
computers, put in their surge protectors and otherwise protect
their equipment?
Ms. LaFleur. Well first of all, much more so than in 1859,
our weather satellites give us good information, usually you
know several days ahead something is coming, but the details of
where it's going to go is more like in minutes or hours than
days.
That's the purpose of the operating procedure standard that
is communicated to the control centers so they can protect the
high voltage transformers and so forth, which take a lot longer
to replace which are the most impactful equipment on the system
in many ways.
In theory, you could go protect your own equipment, but the
solar storm doesn't have the same effect on communications. So,
I don't think there's a lot of concern that it would destroy
home electronics.
Senator Cassidy. I guess I was using that as, kind of, a
metaphor.
Ms. LaFleur. Yes. Electric companies could do things like
that.
Senator Cassidy. They could. So we do have some advance
notice and we could take some protection?
Ms. LaFleur. That's why that was the first standard we put
in place because you don't have to do equipment modifications.
It's actually just planning of what you would do.
Even when I used to run a distribution company, even when
we had hurricanes or snow storms coming, sometimes you
configure your system in a different way to prepare because you
know where your vulnerabilities are. It's similar, but bigger
scale.
Senator Cassidy. Now going back to the point that Senator
Franken made that some of you were more sanguine and others
less so. I read about a 1989 geomagnetic storm which only
affected Quebec and maybe a few Australians over in Namibia,
but as far as I know it didn't affect Louisiana. That said, it
tells me that even though we were about this being global at
first, at times we have these geomagnetic storms and it is
local.
Ms. LaFleur. It depends on the size of the solar flare. One
like a Carrington event is larger. Most of them are more
regional. Our standard that's now in effect requires specific
mitigation depending on the latitude and the soil and so forth.
Louisiana is a little closer to the equator. In general,
the poles are--this is one--you have a lot of hurricane issues,
but this particular problem closer to the poles is generally
considered more exposed to solar radiation.
Senator Cassidy. So my kind of sense from everything, what
you're saying is that we really do have an understanding and
some advance warning that someone said if we can prevent it,
it's a lot better, that at least with that which might come
from the sun, granted it could overwhelm and the Speaker
mentioned that.
Ms. LaFleur. Yes.
Senator Cassidy. But still we are somewhat prepared for
that from the solar.
Ms. LaFleur. Well, because we monitor all the time, some of
the transformers have monitoring attached, they can get regular
updates on what's happening with the sun and how it affects
them. Fortunately we don't have a lot of experience monitoring
explosives in the upper atmosphere. That's not the kind of
monitoring experience we want to get. So, you can't develop the
fact-based, experience-based information like with the sun.
Senator Cassidy. Got it.
Thank you. I yield back.
The Chairman. Thank you.
Senator Wyden.
Senator Wyden. Thank you, Madam Chair and thanks to all of
our witnesses. This is a very, very hectic day. The Speaker
knows a little bit about what those are like up here. I just
have a couple of questions.
First, I want to note a point I am not sure has been made,
and that is in the skinny budget the cuts that the
Administration is looking at for agencies like NOAA and NASA is
going to make it much tougher, much tougher, for the Congress
on a bipartisan basis to deal with the important issues that we
are talking about here today.
I think there is a real role for government to play as it
relates to improving the resiliency of the grid, and those are
the questions that I want to touch on with all of you. I will
start, Mr. Manning, with you and Ms. Durkovich.
As you know, what we really are concerned about in our part
of the world is the large earthquakes along the Cascadia
Subduction Zone. This is a major, major issue for the people of
the Pacific Northwest with respect to this whole issue of
resiliency.
Now my take, with respect to the science, and it picks up
on a point where, I think, Senator Franken was trying to go, is
microgrids and distributed energy resources. And here we are
talking about rooftop solar. Energy storage can play a very
real role in helping the grid quickly recover if you get hit by
an event like this.
So, for you, Mr. Manning, and you, Ms. Durkovich, could you
just briefly walk the Committee through the role that these
technologies could play in adding resiliency to the electric
system when we are thinking about, in our part of the world, a
physical threat like a Cascadia disaster?
For you, Mr. Manning, and you, Ms. Durkovich.
Mr. Manning. So it's an excellent question, thank you,
Senator.
There is no doubt that distributed energy that is grid
connected introduces additional redundancy to the grid. As
Kevin mentioned earlier, redundancy is a part of reliability.
So the more redundancy we can add and couple into the grid, the
greater potential we have for increasing reliability.
But it's not a failsafe. In the event of an earthquake, for
example, distributed energy is probably an excellent solution
to offer alternatives to centralized generation. In the event
of an EMP, by contrast, there's nothing that specifically
protects those distributed energy resources any better than the
centralized energy resources. So in the event of an EMP, you're
likely to see the control systems for rooftop solar or for
storage or for microgrids would also be impacted by that EMP.
They would also be rendered ineffective unless they're hardened
specifically for that. However, for weather events, for other
events, even potentially cyber events, they add value because
they add redundancy.
Senator Wyden. Okay.
Ms. Durkovich?
Ms. Durkovich. Thank you.
That's really an excellent question. I think another
example of how government and industry have come together to
think about how we are going to address impacts to the grid
from some of these lower probability, high impact events. In
2016, there was a major exercise called Cascadia Rising which
focused on just this, the Cascadia Subduction Zone and the fact
that, like a Carrington event, we are a little bit overdue for
this scale of earthquake in the Pacific Northwest.
I would agree that certainly distributed energy can help
speed restoration to the communities, but this is, again,
another type of incident where we really need whole of
community effort when you think about the potential damage and
consequences that we're going to see in something like this.
And so, it is important for us to continue to do the large-
scale exercises that bring together our state and local's
industry and government to help us think about, alright, what
are the impacts going to be to the grid? What are the impacts
going to be to communications? To transportation? How are we
going to get basic commodities into this area? How are we going
to make sure first responders can get in and equally important
the utility and the linesmen, to help get the systems up and
running?
So this is not an easy challenge, but it's why we bring
folks together to think through, alright, what are we dealing
with and how are we going to speed recovery?
Senator Wyden. Very good. Thank you all.
The Chairman. Thank you, Senator Wyden.
Senator Risch.
Senator Risch. Thank you, Madam Chairman. Thank you for
holding this hearing.
We have heard a lot of criticism, or at least concern this
morning, about the government's response to the growing threat
of grid security and to cybersecurity. In large part, I think,
there is certainly criticism to be had and certainly a lot of
concern to be had.
Part of it, I think, has grown out of frustration that, I
think, there isn't a lot out there about what the government is
doing. I sit on the Intelligence Committee, Senator King sits
on the Intelligence Committee and Senator Wyden sits on the
Intelligence Committee. I can tell you that these issues have
not been ignored by the United States. Most of what we know
about it, most of what we are doing about it, cannot be
discussed in this setting. It is going to be a closed setting,
only for people with the security clearance necessary.
So, in that regard, it isn't quite as bad as what everybody
is saying. But Speaker Gingrich, your deep insights into the
consequences are greatly appreciated. We have been through
these exercises and your statements are certainly not
overstated.
I would take issue though, as far as your recommendation,
if we have an infrastructure bill coming. I can tell you based
on what we know about where we are and what we are doing, I
think that is appropriate at some point in time, but we are not
ready yet.
You saw what happened when they had this last $2 trillion,
whatever it was, bill to stimulate. When you start throwing
money at the wall a lot of it doesn't stick, and the term
``shovel ready'' was used a lot. We are really not ready. We do
not have shovel ready products yet. Certainly, we need more
research and that could be included in that, but I would just
be a little reluctant to start digging and laying stuff in the
ground at this point.
But there are things going on on this, and I think a lot of
us on the Intel Committee are convinced that the next
significant events in America are going to be a cyber event.
That is where we have vulnerability. But certainly the grid is
linked to that. And the bad guys, of course, Senator Franken
had asked which was more, what is the most concerning right
now? Well, we have to be able to walk and chew gum at the same
time because, as we sit here today, there are different people
working on different ways to attack us. And these are all
included in that, whether it be North Korea trying to develop a
weapon to drop on us or whether it be other state actors and
non-state actors who are trying to get us through the grid and
through the cybersecurity.
Ms. LaFleur, thank you for the shout out today at our
National Laboratory. Obviously, we are becoming, in Idaho, the
go-to and the flagship on grid security. You saw the test bed
that we have out there and the kinds of things that we are
doing there on grid security, working with private industry. I
think most Americans would be very pleased to see what is going
on out there and the kinds of things that we are doing to try
to mitigate them as we go into the future.
In any event, we are going to continue to work on this. I
think it is important. I really appreciated Ms. Durkovich and
Mr. Wailes' description of risk management because, you know,
after you sit here for a while today, you realize the threats
to America, how many there are and how diverse they are and the
widespread places that they come from.
There are a lot of people out there that just, for their
own reasons, want to do us harm. And yes, we have to be able to
walk and chew gum at the same time. Yes, we have to be able to
address all those threats. But you have got to do it on a risk
management basis because there isn't enough money in the world
to protect us 100 percent, whether it be the grid or whether it
be the cybersecurity or just a normal kinetic attack.
There was frustration, I think, expressed for the
Department of Defense. We work with the Department of Defense,
the Intel community works with the Department of Defense all
the time, and I think that criticism is probably pretty well
taken. I say this with great love and respect for the Defense
community, but they are much more focused on the classical kind
of warfare and the classical kind of defense that has always
been and we have always challenged them to provide for America.
These new things that are coming along, like cyber and grid
and what have you, have not been in the wheelhouse. They are
getting up to speed but so is the electrical industry and
everything else.
Probably one of the most telling things we hear in the
Intel community is when we have these experts in on the grid
and everything and I think this, kind of, put it in perspective
for me. When you work on these problems and you try to predict
what is going to happen and then try to design a defense to it,
these people will tell you, when it comes to cybersecurity we
are where the Wright Brothers were. We don't know what we don't
know. And we keep learning things.
A good example of that as Speaker Gingrich very rightly
pointed out is the fact that all of this stuff is designed for
efficiency. Well, when you design it for efficiency, you design
in huge vulnerabilities.
The Ukrainian attack taught us something. In fact, some
legislation came out of that, and that is that the Ukrainian
attack was not as bad as what it could have been because their
system was not very efficient. It actually had to go through
human beings. And when it got to these human beings, the human
beings recognized what was going on and they were able to
mitigate that.
Senator King and I are co-authors of----
Senator King. S. 79.
Senator Risch. S. 79. Thank you, Senator.
We call it the back to the future bill where you actually
back up and start to look at these efficiencies and see if
there are some places where we can put in some of these kinds
of things.
Anyway, I have talked long enough. Again, this is an
incredibly important hearing, incredibly important subject.
Thank you for holding it, Madam Chair.
The Chairman. We appreciate that input, Senator Risch.
Senator King, now you can speak to your bill here.
Senator King. Thank you.
First, I want to welcome Speaker Gingrich. It is always a
pleasure to have your wisdom and insights. I still remember
very well a day we spent in Maine when we were lonely voices
talking about digital education back in about 2000, so I
appreciate that.
Mr. Manning, and I think this gets a little bit to where we
have been focusing today, we were talking about distributed
energy and you appropriately said that could be a part of the
redundancy and defense. Unless they are hardened, you said.
That is my question. Are there reasonably priced, hardening
tools out there? In other words, could we build in to every
house, as part of the electrical system, some kind of high test
surge protector that would be a defense in this situation? And
by the same token, a similar kind of device in the grid back at
transmission points?
Mr. Manning. That's a wonderful question.
I think the answer to that is there could be. Today, it's
probably not, as we just heard, is not shovel ready. There are
a lot of different components that need to be added together.
But this will take a fundamental design change, in some
respects, particularly for home-based equipment. You'll have to
think about it differently and make just complete design
changes----
Senator King. Are the utilities thinking about this for
their critical points? In other words, to me this is an
insurance question.
Mr. Manning. Yes.
Senator King. How much is the insurance policy going to
cost versus the risk?
Mr. Manning. And one of the things that we are doing with
our report which will be out this summer is taking the military
EMP standards and converting those to utility standards.
What we will find is that applying those utilities, those
military standards to utilities broadly, will be prohibitively
expensive. It's very difficult, it's very challenging, it's
hard to do and it's very expensive.
So utilities may still choose, as we've heard already, they
may choose to pick perhaps nine points or something like that
and harden those points with military standards. But it won't
be practical to support the whole system until we develop some
more effective and lower cost alternatives.
Senator King. It seems to me this is a place for American
ingenuity and inventiveness and creativity to market for
somebody.
Mr. Manning. Absolutely.
Senator King. An important market for homes as well as for
the grid itself.
The bill that Senator Risch mentioned mandates a study. I
should not have used the word mandate, suggest a study
involving Idaho National Lab and several volunteer utilities on
the possible importance of putting at certain points in the
grid, analog devices, which is what saved the grid in Ukraine
and that is exactly what we are trying to do. It is a bill that
came out of our work on the Intelligence Committee, both of us
are also on this Committee. And it is a great bill, Madam
Chair.
But I think, Mr. Speaker, you have done a lot of thinking
about this. We cannot defend ourselves. We cannot install
defenses that are so expensive that they far outweigh the risk.
How do we get products that can solve the problem?
Mr. Gingrich. Well, let me use this as an excuse to make
three quick points, ending on that one, okay?
Senator King. Fine.
Mr. Gingrich. First, every member of Congress already got
briefed on the concept of hybrid warfare, what you're seeing in
Ukraine.
Senator King. Yes.
Mr. Gingrich. Because it's what makes the whole panoply of
risks come together simultaneously. You don't know----
Senator King. We are seeing warfare change before our eyes.
Mr. Gingrich. That's right.
And just as I talked about the paradigm change earlier,
from efficiency to looking at resistance, resilience and
redundancy, we have to rethink from the ground up what we mean
and what the military means and what Homeland Security means.
Two, if I walked in here and said to you, you know, I've
been thinking about how we run our cities and I can't decide
whether we've got to cut out food inspection in the restaurant,
the sewer, the fire department or the police. Which one do you
think we should drop? Because that's what we're doing right now
in terms of this. If we had no choice as we rethink our
infrastructure but to look at the totality of potential
disasters and decide are we going to figure out a design that
meets the totality. See, you can't say let's set priorities
because the one you don't pick may be the one that kills you.
Senator King. Sure.
Mr. Gingrich. Lastly, there's a terrific book. I just did
my newsletter yesterday. I very seldom do book reviews in my
newsletter but it's called, ``The Weapon Wizards.'' I recommend
it. I'd like to get every member of Congress to read it. It is
the Israeli capacity to innovate and how dramatically they've
done it and they're really cheap, okay?
One of the things that I hope Trump is going to bring to
the Pentagon, which would, as a Conservative, I'd like to see
reduced from a Pentagon to a triangle by eliminating 40 percent
of its redundancies.
[Laughter.]
But I mean this quite seriously.
We start out and we say, since we have to design an
absurdly expensive, over-engineered obsolete model based on
work done in 1963, if you applied that to the grid you couldn't
afford it. To which the correct answer is, well, what if you
went out and asked every smart, young person in America to come
up with a $9 version that could be sold on Amazon?
Senator King. Exactly.
You would be interested to know that we have had testimony
at the Armed Services Committee in the last couple of months
that Silicon Valley basically will not deal with the Pentagon
because it is so, I would call it byzantine, but that would be
an insult to the Byzantium empire.
[Laughter.]
Because it is so burdensome and cumbersome, and we are
losing the innovation race.
Mr. Gingrich. And at least half of that is the Congress
which imposes patterns that are so stunningly stupid that if
the Congress would look at the things it has passed into law in
the past 40 years and get rid of half of that and then
challenge the Pentagon bureaucracy to get rid of the other
half, you'd be startled a year from now how rapidly we'd be
innovating and how cheap it would be.
Senator King. I am shocked you would use the words stupid
and Congress in the same sentence, Mr. Speaker.
[Laughter.]
Mr. Gingrich. I apologize.
Senator King. Thank you, Madam Chair.
The Chairman. Thank you.
Senator Manchin.
Senator Manchin. Very quickly, thank all of you for being
here, we appreciate it very much. Speaker Gingrich, it is
always good to have you here.
Chairman LaFleur, first of all, anybody can answer this and
if you have any comment to it, but the likelihood of the EMP
attacks, the likelihood of where we are most vulnerable. I came
in a little bit late because, as you know, in this place we
have competing committee meetings. But is it basically from a
weapon from another country or is it basically going to be home
grown to do damage to the delivery system? Where do you think
we are the most vulnerable? Or what are you concerned about in
vulnerability?
Ms. LaFleur. Well, the so-called suitcase EMP.
Senator Manchin. Yes.
Ms. LaFleur. A handheld device is, obviously, much easier
to build than a bomb, but it's also easier to protect against.
I think some of the these we're doing, we do know how to put
fences on substations and cameras and perimeter zones if you
have to throw something in somewhere, we know how to protect
that. So I think that's more likely, but easier, to protect
against.
Senator Manchin. You are requiring that because I can tell
you we have an awful lot of power generating in West Virginia.
Ms. LaFleur. Excuse me?
Senator Manchin. We have a lot of power generating in West
Virginia.
Ms. LaFleur. Yes.
Senator Manchin. And we light up most of the East Coast
which they do not know about.
Ms. LaFleur. Yes.
Senator Manchin. If we ever turn the coal off, they would
go dark. Maybe we should do that.
Anyway, the substations, I have seen substations that are
very vulnerable. Are you requiring them to basically solidify
that and protect?
Ms. LaFleur. What the physical security standard did was
required each company, each transmission operator or owner to
identify their most critical substations and come up with a
specific plan to mitigate against physical attack.
Senator Manchin. Do you have anybody that inspects it?
Ms. LaFleur. Excuse me?
Senator Manchin. Does anybody inspect it?
Ms. LaFleur. Yes, we are inspecting and NERC does the first
audit and FERC----
Senator Manchin. Well, if I see some vulnerable situations
I can call you?
Ms. LaFleur. Yes.
[Laughter.]
Always.
But the--so that's that thing. I think the high-altitude
HEMP----
Senator Manchin. Yes.
Ms. LaFleur. The high-altitude EMP is, I don't remember the
adjective you used in your question, troubling because we,
unlike the smaller, we don't know----
Senator Manchin. I understand.
Ms. LaFleur. The most--way to protect it.
Senator Manchin. You had something, right? Ambassador?
Ambassador Cooper. Yes, I don't know how to put a
probability statement on but let me give you a couple of facts.
In 2004, several Russian generals who were experts in EMP,
and I would note that they did more effective tests on this
effect over populated areas, in fact, in the '62, '63 timeframe
than we did. They learned more about it than we did.
They told the commissioners, the EMP Commissioners, that
they had passed, inadvertently, I think they said, but the
information on how to design a super EMP weapon that is a low-
yield device that produces lots of gamma rays.
Senator Manchin. At a high altitude?
Ambassador Cooper. High altitude, to the North Koreans,
okay, who in turn, as you know, worked in a direct alliance
with Iran on everything.
North Korea, by most estimates, has already anywhere from
10 to 20 nuclear weapons. We take comfort in the fact that
there have been low-yield tests in North Korea.
Well low yield is what you use to produce a super EMP
weapon, and they allege that they can launch this. They don't
allege, a lot of experts I know claim that they can launch
this, as Speaker Gingrich said, or put it in a satellite which
comes toward the United States from our south, our undefended
south, okay? We have no defense against that nor do we have a
defense against missiles launched from ships in the Gulf of
Mexico.
We have not put our--we know how to do it. This is not a
matter of ignorance. And actually it's not a matter of cost
either, which I'd be happy to defend another time, but we know
how to do it. We just simply are not doing it. We're deploying
what's called Aegis Ashore, and I'm proud of that system
because I started it, you know, when I was running the SDI
program. It's deployed around the world on our ships, it's
deployed on the ground in Romania and will be operational in
Poland by the end of the year. We have an operational site in
Hawaii.
We ought to put a site in Panama City on First Air Force
base at Tyndall Air Force base where First Air Force has the
responsibility of the defense of the United States, give them a
missile defense mission too.
Senator Manchin. Do you mind if we bring in----
Ambassador Cooper. We know how to do this.
Senator Manchin. Do you mind if we bring you to the Intel,
a little Intel briefing?
Ambassador Cooper. I beg your pardon?
Senator Manchin. The Intel Committee for a little briefing,
would you come?
Ambassador Cooper. I certainly would. I have my clearances
still, by the way, so I wouldn't mind transferring them in.
Senator Manchin. That is great.
Ms. LaFleur, if I may, while I have got you, just real
quick.
The vulnerability basically is reliability of the grid
system. Do you feel comfortable of the system of this grid when
the vortex almost, the polar vortex, about took us down that
one time? I mean, where are we today, right now, in your
evaluation, with the amount of diversity we have going into the
grid, as far as electricity sources?
Ms. LaFleur. Well, today we still have quite a bit of fuel
diversity. Coal, as you already referred to, plays a very
important role in baseload in most parts of the country. And we
have increasing natural gas and increasing renewables. And the
system operators are learning to run----
Senator Manchin. Do you consider gas as being a baseload?
Ms. LaFleur. It depends. Some, the big combined cycle, some
of them are run as baseload run all the time and then there's
also----
Senator Manchin. But are you concerned?
I am just saying from the reliability, baseload, to me,
means uninterruptable power. Coal and nuclear base are
uninterruptable. They have what they have. Gas is a pipeline
delivery system that can be targeted by terrorists or any other
type of a natural disaster. But you are building, we are
building baseload of something that could be interrupted. Is
that correct?
Ms. LaFleur. It's correct that to the extent we rely on
gas, we have to build in fuel security that's different than
the fuel security of coal which you can look out and see the
pile.
Senator Manchin. Sure, absolutely.
What is your feeling of comfort on the reliability of the
grid?
Ms. LaFleur. I think most parts of the United States are
well supplied with gas pipelines but we have places where there
are constraints and I think operating the grid with all the new
technologies is something we're still working on.
Senator Manchin. Does anybody have anything else they would
like to add?
Ambassador Cooper. Yes, Senator.
We've talked about E1, E2, E3. E1 is the high frequency,
high amplitude, narrow pulse that causes damage to solid state
electronics.
Our natural gas pipelines, portions of the grid itself and
petroleum pipelines, probably are controlled with little units
called SCADAs, little, small computers that are vulnerable if
we haven't taken special precautions to harden them. And my
information is we haven't. So, we have critical infrastructure
to the operation of the, of all of our grid to these kinds of
effects from nuclear, high-altitude explosions. And as I said
earlier, I don't know how to put a probability statement on it,
but I can tell you the threat is absolutely real.
I've worked on these problems for most of that half century
since we began seriously improving our strategic systems to
deal with it, and we set priorities in the Department of
Defense. We didn't try to harden everything. We hardened what
we thought was the most important things.
In my opinion, in the grid, we should be paying careful
attention to our nuclear power plants to make sure they aren't
a hazard if their grid goes down and they have to shut down--we
don't want Fukushimas all over the place. So we need to make
sure we have power to those, just to keep them safe and then to
bring them back up to help support----
Senator Manchin. I want to thank all of you. I appreciate
it very much. Thank you.
Ambassador Cooper. Thank you.
The Chairman. Thank you, Senator Manchin.
There has been discussion here about what we see out of
Israel with their level of innovation. Ambassador Cooper, you
have referred to other initiatives around the globe, but in
terms of what other countries are doing specifically to address
a HEMP or other EMP-related event. Is anybody, kind of, leading
the way here? Are there best practices that we might want to be
looking to? Who is doing some good things?
Ambassador Cooper. The Israelis, the United Kingdom, I
would go talk to those folks. We have international conferences
every year----
The Chairman. To what extent do we cooperate with them
then?
Ambassador Cooper. We meet with them.
There's a big difference though, their government tends to
control what's going on.
The Chairman. Right.
Ambassador Cooper. Whereas in this country, as I said to
you earlier, we have a crazy quilt of electric power companies
across the nation. Why, I believe, we have to work from the
bottom up and island, that term we've used here, around our
nuclear power plants, keep them safe, bring them back online.
We get 20 percent of the nation's electricity from those
plants. And so, that's a valid resource if we lose the entire
grid.
Today, I don't have confidence that we can do that because
we don't have these crazy quilt components connected. So, we
have a serious problem here, and we have been ignoring it
collectively. I'm not trying to point fingers at anybody, but
that's the reality.
The Chairman. Chairman?
Ms. LaFleur. Thank you for the question.
We have Memoranda of Understanding with Israel, Norway and
some other countries, the U.K., to work on these things.
I would say, in the solar storm area, Scandinavia, is
probably, the Scandinavian countries are doing the most.
Obviously, their location would justify it and----
The Chairman. Well, the United States actually has a
location up there too.
Ms. LaFleur. Yes, that is correct.
The Chairman. It's called Alaska.
[Laughter.]
Ms. LaFleur. My feelings exactly.
Ambassador Cooper. She noticed that.
[Laughter.]
Ms. LaFleur. That's why GMD has really been one of my
biggest priorities, my feelings exactly.
On the grid security defense area thing, I would agree with
the Ambassador that Israel, the entire Israeli grid is--it's
just a different society in the way things are run. We have a
much more open society in terms of how our infrastructure is
designed and set up, I mean, and so, I think, in security
Israel is probably leading.
The Chairman. Let me leave you with one question. Again, I
am going to allow anybody to step in here. Ambassador, you
mentioned this crazy patchwork that is out there. Some have
mentioned the imperative of public/private partnership, but in
order to have a public/private partnership there has to be a
little bit of trust there, there has to be a willingness to
share some information.
In fairness, I think we have seen some instances where
information gets out there and you get burned in the media.
Probably the most current example is what happened in December
in Vermont. As I understand it, Burlington noticed an alert
about a suspicious IP address that had connected to one of
their computers. They responded, reported. The next day, the
Washington Post somehow learns about it. Then you have reports
about Russian hackers infiltrating. Later follow-up shows that
the IP address was not necessarily linked to Russia. It was not
necessarily malicious activity. But you really have eroded any
trust that may have been out there.
So how do we do a better job of this? How do we work to
restore this level of trust and build a relationship that is
going to be necessary in order to really address this?
Mr. Wailes?
Mr. Wailes. Well, I think that we have a perfect example of
that of the relationship that the industry has built with the
Electric Subsector Coordinating Council, the Department of
Energy and the Department of Homeland Security.
There is no doubt that that was a significant issue and a
learning experience for everyone. But I think that one of the
things that needs to also be taken away is that proves the
effectiveness of getting that information out because
information came out, you know, here's some suspicious IPs that
you need to look for, report to us right away. And that
function worked. Now was there a communication issue and a
potential issue associated with that, yes, and I think we're
working on fixing that like we are lots of other issues between
us.
The relationship, I think, between the industry, actually
within the industry and within the industry and the Federal
Government is stronger than it's ever been, recognizing we have
a lot of common issues and we need each other's help in order
to make the nation stronger. And I think we're doing a good job
of that.
We have a long ways to go. There are a lot of threats, a
lot of issues. But there are just so many examples of how that
working relationship has worked. And I think, when we talk
about that, one of the things we should even think about is
five years ago you did not have a lot of security clearances in
the industry. And now, thanks to DOE and DHS, even a utility
our size has six or seven people that would have security
clearances. We're able to do things they could never do before,
and we're able to share information that we couldn't do before.
So it's a learning experience. We all understand the
communication challenges, and I think we're on the way to, at
least for our sector, to do that.
Now, we also are very interested in trying to build a
stronger relationship with those other connected sectors that
have issues and trying to make sure that we actually look at
cross sector coordination, such that the other critical
sectors, along with the electricity sector, actually can have
that same functionality with the government.
The Chairman. Well, I am encouraged to hear you say that
you think things are getting better in terms of providing that
level of security clearance because we had a hearing, not more
than six weeks ago, where that issue was raised about the
frustration with how long it actually took and it was actually
a former member who was the former head of the Intelligence
Committee on the House side and was still having trouble
getting his clearance.
Mr. Wailes. I don't know what the current process is, but
the number of people from years ago that we got in, through
that process, was much higher than through that.
The Chairman. Yes.
Ms. Durkovich?
Ms. Durkovich. Yes, an excellent question.
And while the incident that you referred to is unfortunate,
I would say, overall, the trust that has been established
between government and industry in the partnership is stronger
than it's ever been.
Kevin alluded to many of the activities that we have
underway. In my former position I actually ran the private
sector clearance program which is the program that provides
clearances to infrastructure owners and operators who have the
need to know. When I left, I think there were roughly about
3,000 owners and operators that had clearances.
Clearly what happened at OPM has slowed the ability for us
to provide those clearances in a timely manner. But I think
that those timelines are clearing up and those clearances, as
well as many other authorities that Congress granted DHS, and
that's everything from the protected, critical infrastructure
information program to the critical infrastructure partnership
advisory committee which allows us to both share information,
to ask for vulnerability information from owners and operators
to protect it from regulatory purposes from state sunshine
laws, from FOIA.
So we can take that information, we can investigate, we can
do forensics, we can anonymize and we can push it out. Industry
is one key part of how we share information.
As part of the Electric Sector Coordinating Council and all
of the other sector coordinating councils, we bring industry in
on a regular basis to provide them with threat briefings, with
classified briefings, to help them understand this complex risk
environment. We can have conversations that are not available
to the public about what we should be doing to protect our
infrastructure. And the list really goes on.
But I think, there's two important points that I want to
end with is one, better understanding the intersection of these
critical lifelines and the vulnerabilities caused by them and
how we can continue to ensure and have plans in place to
mitigate cascading impacts in the event of some of the
incidents that we've been talking about. And then, I think, the
second piece of this is as we begin to modernize our
infrastructure and we begin to move to smart cities, I cannot
underscore the importance of baking security in at the
beginning. You need the security people sitting next to the
coders, the architects and the builders. It is imperative.
Security is the new normal.
It will be a differentiator. It will be a differentiator
for companies. It will be a differentiator for utilities. It
will be a differentiator for cities. And it has to be one of
the core principles as we go about modernizing our
infrastructure.
So, thank you.
The Chairman. Good.
Ambassador Cooper, why don't you wrap up, please?
Ambassador Cooper. Okay. Thank you, Madam Chair.
I just wanted to comment on this last discussion about
security. I think someone needs to do a serious look at the
levels of security that is inhibiting this kind of open
discussion of what the environments are that the industry has
to design against as well as other factors.
I don't believe that there is an absence of technology to
deal with the EMP issue in an affordable way.
And I want for your peripheral vision to just make one more
point. I absolutely agree with you about the need for trust
between the people and the parties that have to deal with this
issue which is why I gave up on trying to get institutions here
in Washington and even in the states, to deal with this issue.
Lots of folks have tried, are trying, and are frustrated by the
issues that you've mentioned. That's why I'm working very
closely on an individual level with key people and when I say
local, I mean, in three counties right now, and we're going to
couple into the NERC exercise this November, the GridEx
exercise as well, to expand our lessons learned upward in South
and North Carolina and we'll go elsewhere.
I think that we have to wake up to the sense of priority of
dealing with the issues. The EMP Commission has looked at the
briefings that some of the folks at this table have given. It
is their assessment that they're underestimating the threat,
even for the solar threat. The magnitude of the E3 component
for a nuclear device is larger than for the solar event. So, if
we harden the grid for a solar threat, we will still leave
ourselves vulnerable for the other.
And in addition, you have E1 as a component that threatens
the solid state electronics throughout our grid and that
includes the distribution systems for petroleum and natural
gas. So, we need to deal with this issue in a very, I believe,
direct way.
I think that we have hope that what we're doing to
accomplish locally. And when I say island, I want to build an
island around Duke's nuclear plant and its hydroelectric plant
and coal plant all on that lake so that the local people are
engaged in working the problem. And by the local people I mean
the, you know, the mayor, the city council at the political
level, but Joe Sixpack, who understands what we're doing
through the National Guard and so on.
Our--general is an electrical engineer graduate of Georgia
Tech. He understands these issues and he is committed to try to
work with us and we'll expand outward from there to other
states and other locations. I believe that's the way we have to
go to really build trust among the key players that are
required to cut across the patchwork, quilt patchwork, that I
tried to describe to illustrate earlier.
And that's not to argue against initiatives at the state
level or the federal level or so on. At least that raises
consciousness about the nature of this threat.
But my concern is the devil is in the details. And we
learned hard lessons in the Department of Defense, that it's
not just having the right design. It's not just having the
right deployment, and it's not even just having an operational
concept that's important. If you don't test it, I don't believe
it. And we learned through hard experience that maintenance and
that sort of operations of operational systems that were well
designed and deployed, we create holes by which EMP can get
through.
So this is a hard problem. We have to choose where we work
carefully and protect what we need to work to ensure the
viability of the grid and for the American people.
The Chairman. Well, ladies and gentlemen, thank you. I
think the testimony this morning, the questions and responses
back and forth, have been very helpful. I think this has been a
great discussion.
I appreciate some of the suggestions that we have, but I
also appreciate the urging that we really not let our guard
down, recognizing that this is complicated, multifaceted and it
requires an attention to it that is really daunting. But just
because it is daunting does not mean that we should not be
working with you, with our agencies, with the sector, really
across the country.
I appreciate what you have said, Ambassador Cooper, about
really starting out very local and understanding the
implications, not just those that are tasked on the day-to-day,
but helping to educate Americans about our vulnerability and
what we can do to reduce that.
It is always important here in Congress that we be reminded
of the urgency and the imperative of our task, and I think we
were given that message this morning.
I thank you all for your contributions.
With that, the Committee stands adjourned.
[Whereupon, at 11:57 a.m. the hearing was adjourned.]
APPENDIX MATERIAL SUBMITTED
----------
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]