tv Politics and Public Policy Today CSPAN April 22, 2016 3:00pm-5:01pm EDT
but they should be able to interact with them online also. >> i agree with you. it's certainly the wave of the future. everything's online, particularly with the younger generation. they communicate almost entirely online and read online. they're not even reading normal newspapers. everything's online. so i feel it's a way we have to move and go towards. is the irs moving towards going online or not? >> that is definitely its view of the future. >> mm-hmm. >> but right now can you interact online? >> no, you cannot. >> can you ask -- >> you can find out where your refund is. the irs last october took off the only service it had where you could e-mail a question and have someone answer it back to you. so even as it's moving forward, it's moving backwards. >> my time has expired. thank you. >> i thank the gentlewoman. i thank you both of you for your testimony. they've called votes and we've only got a few minutes left. so i think we're both going to
>> ahead of next week's primaries, donald trump has a rally in harrington, delaware today. you'll be able to watch that on our companion network. then, hillary clinton has a rally in dunmoore, pennsylvania. >> during campaign 2016, c-span takes you on the road to the white house as we follow the candidates on c-span, c-span radio, and c-span.org.
fema add minute straighter craig fugate warned congress that the nation's electrical grid is vulnerable to a cyberattack. he testified before the house transportation and infrastructure committee on emergency management, which is chaired by pennsylvania congressman lou barletta. >> the committee will come to order. today we are holding a hearing to explore a critical and timely topic. there have been numerous congressional hearings on cybersecurity and how to stop the bad guys. what has not been discussed in in great detail is what the consequence will be from a massive cyberattack that brings down, for example, a large portion of the electrical grid for an extended period of time.
the purpose of today's hearing is to answer an important question. with respect to cyberthreats to the electrical power system, what consequences should the federal government tell states and local governments to prepare for? in other words, for how many people and for how long should states plan on being without power? the federal government does this now for almost every significant hazard that we face, whether it's a category 5 hurricane hitting miami or an 8.0 earthquake in los angeles. the federal government has realistic estimates or scenarios for states and cities to plan. the federal government does not have this basic planning scenario for a cyberthreat to the power system, and there is a huge disparity in what different
groups think is a potential scenario for which states and local governments should prepare. and the difference would be significant for local governments. if the power is out for a few days, it can be an inconvenience. but if it is out for several weeks or a month or more, the local government has to potentially plan for an increased public safety, water treatment, fuel delivery for generators and many other contingencies. what should we plan for? ted koppel in his book says we should plan on 6 to 18 months of uninterrupted blackouts. the industry seems to say a cyberattack could, at most, cause an interruption in terms of days, not weeks. and today we are going to hear testimony from the federal emergency management agency, the
department of energy, the department of homeland security's national protection and programs directorate, the congressional research service. >> the north american electric reliability corporation, and representatives from the electrical industry. i hope to get an answer to this question for state and local governments who are on the ground and will be first charged with protection of people and property. imagine what we would do without electricity for a day, a week, a month, a year. virtually all critical infrastructure is dependent on the electrical grid, particularly the lifeline sectors, telecommunications, transportation, water, and financial services. and if the goal of the bad guys is to collapse the united states economic system, they are going to try to cut off the power. there have been reports of hacking attempts on electrical
facilities by foreign and domestic parties. our national security, public safety, economic competitiveness and personal privacy is at risk. according to the department of homeland security, the energy sector was the target of more than 40% of all reported cyberattacks. and even more disconcerting was the december 2015 cyberattack on ukraine's electric grid, which affected four dozen substations and left a quarter million people without power. at the same time as the attack on the grid itself, call centers were hit with a telephony denial of service attack as customers were trying to report the outages. if anyone thought this was a glitch, think again. the electrical grid is not only under attack from cyberspace, the electrical power sector is all too familiar with the devastation storms like hurricane sandy can leave
behind. where physical attacks like the 2013 incident at the metcalf substation in california. thankfully in the cases of storms and physical attacks, the power sector has strong plans in place and redundant systems to restore power quickly and to avoid the loss of life and property. but i am concerned about a cyberattack. are there similar plans in place for industry and for state and local government? will those redundancies provide the same types of protection? most recently i have been discussing this topic with constituents in my district, asking what they will do in their communities if the power is out for a prolonged period of time. honestly, most of them don't know because we don't know what to plan for. we have brought together the right people here to tell us today. we are also going to discuss what preparedness looks like,
best practices, and how we can achieve a greater level of readiness all the way down to the local mayors and township supervisors. i'm encouraged to hear all the industry talk about an all-hazards approach and focusing on mitigating the greatest risks. but i think there are some unique characteristics of the cyberthreat that require specific planning guidelines. i know we cannot gold-plate the system, but given the independency of electricity with our daily lives, it is crucial that we understand the risks and be prepared for the likely consequences possible from the failure of that system. i look forward to this conversation today, starting with our witnesses, and i thank you all for being here. i now call on ranking member, mr. defazio, chairman for his
comments. >> thank you, mr. chairman. mr. chairman, you certainly laid out well the potential threats of a cyberattack against our critical electrical grid. we know there is constant probing, some of it being done by nation states, not just terrorist groups. nation states hostile to the u.s. and we need to be certain that we are as prepared, well prepared as we can be. the ukraine attack was perhaps a harbinger of things to come. i do believe, though, that the all-hazards approach can also cover the cyberattack area. the issue of probably most immediate concern to those of us who live in the northwestern united states is the threat of a
cascadious subduction zone quake in the magnitude of 9 or 9-plus, which will inevitably knock out our grid. so there are going to be exercises conducted, two exercises this year with the cooperation of department of homeland security and all the local a state authorities in the region to simulate what would be possible in the face of that sort of a disaster. many of the problems that could occur will be the same. you know, the loss of transformers is particularly of concern, and i'm going to be probing that issue with some of the witnesses today. there's a question whether the federal government should be perhaps stockpiling these transformers since now they're basically custom orders. they take 6 to 18 months. what if we lose a dozen large critical transformers because of
an earthquake, a tsunami, or a cyberattack? you know, it seems to me kind of a no-brainer that we should either, through governmental sources or through, you know, cooperation with the industry be creating a critical infrastructure component stockpile here in the united states to deal with any and all of these sorts of potential attacks. and a coordinated physical and cyberattack could, of course, be the most devastating outside of a massive earthquake/tsunami. again, many of the same issues arise, and then one that doesn't get talked about very much anymore, but we held a series of hearings on it years ago in the resources committee, then called the interior committee when we had jurisdiction over nuclear power, is the potential for a bomb in place. that is, a nuclear plant. if you destroy the backup
system, take over the plant, destroy the backup system and the incoming power, you create a meltdown. and how good is the security at our nuclear plants these days? i know this hearing isn't going to get to that topic. i'm not certain it's even within our jurisdiction, but it is of concern to me, and i just wanted to raise that issue too. so like aviation, you know, electricity, the grid, and nuclear plants are of interest to terrorist groups and hostile nation states. so we've got to be prepared. so i'm pleased you're holding this hearing today. >> thank you. we'll have two panels of witnesses today. on our first panel, we'll have administrator fugate, the current administrator of the federal emergency management agent si agency, the federal coordinator for kwerns management. assistant secretary hoffman from
the department of energy's office of electricity, delivery and energy reliability. this is the office charged with coordinating the federal efforts to facilitate the recovery from disruptions in the emergency -- in the energy supply. assistant secretary for infrastructure protection durkovich from the department of homeland security. and mr. richard campbell, an expert at the congressional research service in the electric power sector. on our second panel, we'll be joined by mr. gerry cauley, the president and ceo of the north american electric reliability corporation, the international leg latory authority. mr. william spence, ceo of the ppl corporation, one of the largest investor-owned utility companies in the united states. and ms. bobbi kilmer, president
and ceo of a nonprofit electric utility serving 2,250 square miles in northeastern pennsylvania. i ask you now to consent that the witnesses' full statement be included in the record without objection. so ordered. since your written testimony has been made a part of the record, the subcommittee would request that you limit your oral testimony to five minutes. let's start with our first panel, administrator fugate, you may proceed. >> thank you, mr. chairman. ranking members, members. i want to address your questions. what does a local official need to plan for? and i think bases upon our experiences dealing with other hazards that have caused disruptions, planning needs to be measured in weeks, particularly if there's damage to infrastructure. and, again, with cyber we have seen restoration potentially quickly if there's not damage, but if you do have damage to generators, that will extend it. we do know it is important that in an initial response, that you
provide for safety and security. when lights are out, power is out, we've had major metropolitan areas go through this. you have a flurry of activity with people trapped in elevators, traffic cole, antrol the fact that initial response may be going out looking for probl problem rather than waiting for calls from 9/11. your next steps are pretty much again as the ranking member points out all hazards. you have to then provide for the most immediate needs. hopefully your critical infrastructure has power and emergency power. you have the fuel supply you need. we have found in manycations communities haven't planned for that. either they don't have critical equipment on backup power or they don't have adequate fuel supplies. usually only enough fuel to run their weekly or monthly test but not to operate in a crisis. generators are very expensive, and so in many cases there are other options sich as putting in
transfer switches. o what are the things required to keep the community up and running until power can be restored that are life lines. communications, your hospitals, and your 9/11 and other dispatch facilities. generally these have emergency power, but it has to be planned for real, not that it just works during the monthly test. then as you had pointedous, mr. chairman, the duration now starts driving additional issues. as we saw in new jersey and new york, the longer you have power digs rupgss, the more you have cascadesing effects from not being able to get to retail stores, grocery stores, gasoline distribution. and again as a community starts to try to recover and get back to normal, these all become challenges. so the planning really is based upon safety, keeping your primary life support systems up, focusing on the restoration of the grid, and the reality that your residential areas will probably be last to get power because you'ring about to try to get your retail sectors and
major core centers up first. the industry has shown a lot of resilience and capabilities of doing those things in physical destructions, and we think the lessons we've learned there would apply again to cyber. but cyber has a lot unknowns and i will defer to my experts on my left on what those impacts are, the potential threats, and how likely these are. but you said how big is big? we actually looked at a natural phenomenon that's actually big, and that would be geomagnetic storms. because of the way our grid is built and the vulnerabilities to very large transformers, this administration has already developed a working plan of what we could do in the event of major geomagnetic storms, it's impact on satellites and trer tree al systems. we are working on the lessons from previous outages to look at the power outages because of a lot of unique capabilities federal government brings, but also this has got to be a true working relationship with
utilities. we cannot do this separate. it's a partnership. it's got to involve all levels because the primary place we regulate power is at the states, through the, you know, utility regulatory operations the state management that framework this summer will be going to our senior leadership in the agencies to begin that process of concurrence and updating it. but it serves as a framework if something was to happen now based upon our lessons from sandy and going all the way back to previous hurricanes and other disruptions. bur the challenge is, i think, for people to look at planning not for what they do every day, but what would happen if power was out for not just hours but days or weeks? do they really understand what their capabilities are and the things they need to do to ensure their critical lifelines have enough power? and trust me, i've been through enough hurricanes to find out too many facilities only had enough emergency power to pass whatever requirements were there, but under full load in a crisis, they failed. they didn't operate them under loads. they didn't maintain enough fuel in the systems for that. they did not have contracts for
firm deliveries when the crisis occurred. so you really need to get people to focus on this, that if you're going to provide emergency power, it's got to be for real, and it's got to be able to operate for long periods of time. and you need to really plan for this from the standpoint of a phased approach because often times when this starts, we don't know how long it's going to be out. so we have immediate response steps, but you also need to start asking the question, if power isn't on in 27 hours, what are the next things to focus on? but i think the story from industry is also good. we've learned a lot about how to get systems back up. we've learned how to bypass fail systems and in many cases the automation has replaced the man in the middle and sometimes we have to put people back in and run less efficient systems until we can get power back. so i think there's both a good news story, but there's still a lot we don't know. so against that, we're not going to be able to write a plan for everything that can happen. we need to write plans based monday consequences. and again as we have a better
understanding of duration of impacts, that will help us shape that guidance to state and local officials for dealing with extensive power outrajs, pretty much irregardless of the cause of it but really looking at it over the time phase of what would be happening and what the next steps are. and again a lot of lessons have been learned from natural hazards. the question in a cyber is how widespread and how many jurisdictions simultaneously will be impacted? that's probably the one difference than a physical specific threat such as a hurricane or earthquake. we know the geographical area. with cyber, it won't be defined by political or physical boundaries. it would be system wide and that is another area we ask questioned. but not that much dissimilar than the threat from geomagnetic storms. that's probably outside of an anp debt nation in near space. a lot of work's been done to minimize those impacts. mr. chairman, i stand ready for questions but i wanted to try to
answer your questions in my opening statements. >> thank you for your testimony. before we move on, i want to recognize ranking member of the subcommittee, mr. carson, for his opening statement. >> well, chairman, we had a hearing with the cia director and i didn't have access to my phone. then when i finally escaped, i saw the messages. but my apologies. i want to thank you guys. chairman, i think for the sake of time, i think we should still continue because i was the one who was late. so thank you. >> thank you. >> we'll now move on to assistant secretary hoffman. you may proceed. >> chairman barletta, ranking member carson, members of the subcommittee, thank you very much for focusing attention on the importance of being prepared for an outage and for the opportunity to discuss the department of energy's role in helping ensure resilient, reliable, and flexibility electricity system in an
increasingly challenging environment. our economy, national security, even the health and safety of citizens depend on reliable delivery of electricity. the mission of the office of electricity is to strengthen, transform, and improve our energy infrastructure to ensure access to reliable, secure, and clean sources of energy. we are committed to working with our public and private sector partners to pro-toekt the nation's critical energy infrastructure, including the electrical power grid from disruptions whether from natural or man made events including severe weather, physical attacks and cyberattacks. a crucial factor in meeting these challenges is to be proactive and cultivate what i call an ecosystem of resilience, a network of owners and operators, regulators, vendors, federal partners and consumers acting together to strengthen our ability to prepare, respond, and recover.
our organization works on in-depth strategies, products and tools to inform and educate state and local officials in their energy emergency preparedness activity. this is done through forms, trainings, tabletop exercises that includes federal, state, and local energy officials. in the area of cybersecurity, as part of the administration's effort to improve electric sector cybersecurity capabilities, the department of energy and industry partners have developed the electric sector cybersecurity capabilities maturity model. this is an evaluation tool that helps organizations prioritize and develop cybersecurity capabilities. in april, doe will lead clear path 4 in portland, oregon, and washington, d.c. clear path is an interagency exercise focused on testing and evaluating the energy sector roles and responsibilities with end response plans utilized for
a cascadious subduction zone 9.0 earthquake and tsunami. when a response is required and needed, the department of energy serves as lead agency for this response aund the national response framework and under fema's leadership. the department of energy works with industry and federal partners to assess the impacts of disaster on local and regional energy structure, coordinate delivery of assets, monitor and report on restoration efforts, and provide regular situational awareness to key the decision makers at the state, the white house, and our interagency partners. doe also provides stra tiejic leadership by requesting and facilitating the development of an energy information sharing and analysis center as well as the development of an electric sector coordinating council. this council is a group of leaders from across the electric sector that meet regularly with government to coordinate and
share information. when power goes out, the local utility is the first responder. should any threat or emergency exceed the capability of any local or private sector resources, the federal government and the electric sector, through the council, will engage in coordinating a response to this type of a crisis. congress enacted several important new security measures in the fast act. this act afifrms d.o.e.'s responsibility in cybersecurity coordination, oil and gas information sharing, the development of a transformer reserve plan. in addition, the fast act provides the secretary of energy with a new authority. upon declaration of a grid security emergency by the president, the secretary can issue orders to protect and restore critical electric infrastructure or defense critical electric infrastructure. this authority allows d.o.e. to respond as needed to cyberthreats or physical threats to the grid.
the department is actively engaging in the process and the procedure for implementing this new authority. the keys to strengthening resilience are not only understanding threat insight and response, but it is also through innovation. advanced technology and innovation in cybersecurity storage, microgrids will also help the industry get ahead of these risks. in conclusion, the threats wl continue to evolve. the d.o.e. is working diligently to stay ahead of the curve. to accomplish this, we must invest in resilience, encourage innovation, and use the best practices to help raise the sector's cyber and physical security maturity as well as strengthen local incident response and recovery capabilities. thank you for your time, and this concludes my remark. i look for to any questions you have. >> thank you for your testimony, assistant secretary hoffman.
assistant secretary durkovich, you may proceed. >> good morning, chairman barletta, ranking member carson, and members of the subcommittee. my name is caitlyn durkovich and i'm the assistant secretary for infrastructure protection within the national protection. thank you for the opportunity to discuss how nppd, which leads the national effort to secure and enhance the resilience of our nation's infrastructure, fulfills its responsibility to support the federal government's preparedness for a response to and recovery from all hazard events including the physical impacts of cyberincidents. i want to begin by acknowledging that protecting the electric grid is a top priority of this administration and of the department of homeland security. it is also worth underscoring, as you will hear from our industry partners later, that the grid, by its very design, is resilient. it is a complex network of electric infrastructure assets that has built-in redundancies and can adapt to rapidly changing demand, load, climate,
and a host of other factors. in short, the electric grid has been engineered with once principle in mind, reliability. thousands of companies work together with the company to run the most reliable grid in the world. and while over 85% of the nation's electricity infrastructure is in private hands, the federal government recognizes we must work in partnership with industry to protect our grid because of its importance to national security, economic prosperity and community resilience. i have the privilege of working with industries that span the 16 critical infrastructure sectors and can say with confidence that the electric industry takes a multilayered approach to risk management and is committed to continuous add aptation based on lessons learned from raeld world events and an understanding of the dynamic risk environment. industry and government acknowledge, however, we cannot stop every threat and natural hazard and that we must be prepared to respond to a range of events and their consequences. the federal government's
volunteer partnership with the electric sector, which is defined under the national infrastructure protection plan, reached new levels in 2012 following two important events. the first was a report published by the presidential advisory committee, the national infrastructure advisory council in 2011, on the resilience of the electric and nuclear sectors and called for the most senior executives from industry and government to convene on a regular basis to craft a risk management agenda that was reflective of the increasingly chaotic threat environment. nearly a year later, our country awoke to the scenes of an earthquake, tsunami, and subsequent failure at the power plant in japan. it put new emphasis on the need for the public and private sector in the united states to come together to plan for a catastrophic national incident. for nearly four years now, 30 ceos representing the breadth of the electric power industry have comprises the electric sector coordinating council and meet regularly with krr counterparts
at dhs, doe, and other members of the inner agency to address the growing number of sophisticated factors that put our grid at risk. this risk management approach is focused on ensuring that the consequences of the most catastrophic events are minimized and that the value of our relationship is strengthened by identifying joint priorities enabled by robust information-sharing, continuous planning, and regular testing and exercise of these plans. projects conducted through this partnership include act-oriented information sharing around physical and cyberevents, including heart bleed and black energy. a 2013/2014 security outreach campaign around threats to substations recommended security best practices and the importance of reporting suspicious activity. an electric sector coordinating council play book, which is a crisis. coordinate effectively on response and recovery issues as well as work by dhs and doe with
the electric sector coordinating council on efforts to institutionalize coordination with other lifeline functions. in addition to our efcc work, dhs works directly with owners and operators to help enhance their security and resilience posture. understand dependencies and interdependencies and exercise with their state, local, tribal and territorial partners for a rangs of sen areaios. this would not be possible without a kaud ray of security specialists around the country who engage with asset owners on a regular basis to help them understand the risks posed by physical and cyberthreats, perform assessments, share information, and ensure they are connected to the broader homeland security community to include state and local officials. nppd also works with partners across the government in the event of a needed response to a major disaster or attack resulting in a failure of the electric grid. nppd supports fema during response operation and helps provide an understanding of the
infrastructure of concern in an impacted area and decision support and prioritizing restoration and recoveriry as well as ensuring the resilience of our communications infrastructure. during a cyber communication incident, nppd's national security and communications integration center is able to coordinate with state, local, and private sector partners, including law enforcement and intelligence communities so that the full capabilities of the federal government can be brought to bear in a coordinated manner. the industrial control system cyberemergency response team is the response component and provides on-site support to private sector industrial control system owners and operators. in conclusion, government and industry have engaged in an unprecedented effort to assess and mitigate the risks from cyberattacks, physical sabotage, and natural disasters, all of which can result in disruptions to the electric grid. in a major step toward this unified approach, the department proposed to transition nppd to
an operational component, the cyberand infrastructure protection agency. this transition would elevate cyber operations and provide more comprehensive coordinated risk management support to our stake holders that reflect the growing convergence of cyber and physical threats. chairman ber let ta, ranking member ber car carson, thank you for the opportunity to appear before you today and to discuss nppd's efforts in managing the physical and consequences of cyberthreats. i look forward to your questions. >> thank you for your testimony, ms. durkovich. mr. campbell, you may proceed. >> good morning, chairman, ranking member, and members of the subcommittee. my name is richard campbell. i'm a specialist in energy policy for the congressional research service, crs. on behalf of crs, i would like to thank the committee for inviting me here to testify today. my testimony will provide background on the possible consequences of a failure of the electric grid, the roles of respective parties and some of the objective challenges in the recovery efforts. i should note that crs does not
advocate policy or take a position on specific legislation. electric power generation is vital to the commerce and daily functioning of the united states. while the electric grid has operated historically with a high level of reliability, various parts of the electric power system are vulnerable to failure due to natural operational or manmade events. natural events include severe weather and even solar storms. operational events can result from failures of grid components or systems, and manmade events would include actual attacks on the grid. the extent to which these events could damage the grid would depend upon the severity of the incident. much of the infrastructure which serves is aging. as the grid is modernized, new technologists using two-way communications and other digital capabilities are being incorporated with internet connectivity. while this can improve the efficiency and performance of
the grid -- >> mr. campbell, excuse me, can you pull the microphone a little closer. >> okay. >> thank you. >> while these advantages can improve the efficiency and performance of the grid, they may also increase its vulnerability to cyberattacks launched from the internet. in 2014, the national security agency reported that it had seen intrusions into industrial control systems with the apparent technical capability to take down the control systems which operate u.s. power grids, water systems, and other critical infrastructure. although there has not been a cybersecurity event resulting in a power outage in the united states, the potential still exists for such attacks, causing wise scale long-lasting outage. the first blackouts aattribute autoed to a cyberattack happened in ukraine in december 2015. the tack targeted multiple regional utilities. other critical infrastructure was also targeted apparently in an attempt to -- a report
released by the national research council in 2012 included that well informed terrorists could black out a large region of the country for weeks or even months. it says that if such an attack occurred during times of extreme weather, hundreds or thousands of deaths could occur from heat stress or extended exposure to the cold. a systematic attack of this sort could cost the u.s. economy hundreds of billions of dollars. recovery from a well-planned cyberand physical attack on the grid could be complicated by the cost of critical components. the strategic december truxz of transformers could use up the limited inventory of spare units and it may take months or even years to build new units. the electric utility industry generally prepares for outages from weather related events and views the potential -- if an event is answer enough to be a
federally declared disaster, then fee marx the federal energy management agency, can provide financial assistance to eligible utilities for the recovery effort. and in 2015, congress gave the department of energy new authority to order electric utilities and the north american reliability corporation, to implement emergency security measures. however, given the potential for damage to the nation's economy from a major attack on the grid, some might suggest that the greater focus on recovery is needed and should become as much a part of the grid security strategy as the efforts to secure the grid. a focus on recovery should consider the mutual dependence and implications to other critical infrastructure of an electric grid failure and how quickly such impacts could proliferate if not planned for in advance. congress may also want to consider how the grid of the future will address cyber and physical security concerns. incorporating elements to
increase system resiliency as it develops will aid in reducing the vulnerability of the system. finally, nerk has stated that after a major grid disruption, restarting generation and energizing transmission and distribution systems will be a first priority. restoring service to communications systems, fuel, water supply and treatment, and hospital customers will be a secondary priority. congress may want to consider how planning for the subsequent restoration of services would proceed to ensure that all civilian communities are kept informed and treated as equitably as possible in disaster recovery efforts. this concludes my brief remarks. i look forward to your questions. >> thank you for your testimony, mr. campbell. i'll now begin the first round of questions limited to five minutes per each member. if there are additional questions following the first round, we'll have additional rounds of questions as needed. and i will start with
administrator fugate. could you please walk the committee through a timeline of consequences that we could expect to experience in the event of a large-scale and a prolonged power outage, which is the result of a combined cyber and physical attack. let's assume over 10 million people are out of power in the northeast, and it lasts for over a month. >> the first thing -- >> i'm not talking about how to turn the power back on. but what consequences will state and local governments and residents have to deal with because the power is out? and this is my concern. i'm going to put my mayor's hat back on. you know, i've been listening to a lot of how prepared we are, what we can -- what is typical, what's unlikely, and what we're going to do. but i'm not convinced that we've connected the dots all the way down to the local government. i haven't talked to a mayor or a
township supervisor yet. when i ask them the question in the event of an unusual and an unlikely event that power is out in a cyberattack, how long are you prepared to provide servi services? nobody can give me that answer. you know, i know it's an unlikely event. so was the chances of two planes running into the twin towers in new york. very unlikely. so that's what i'm hoping to get at today is, for example, in the first few days -- because these are the people. i was the mayor. when something like this happens, there's going to be panic, and people are going to want to know how long can we expect. and i don't know if anybody has yet given me a clear answer in the event of both a physical and cyber, the worst-case scenario, very unlikely, very unusual, but still as a mayor and a
supervisor, i would want to be prepared for that worst-case circumstance. so, for example, in the first few days, there will be thousands of people stuck in elevators. after three or four days, hospitals and other critical infrastructure will need fuel for generators. after a week, clean water and waist disposal may be -- may have serious problems. and at some point, people may start to self-evacuate in large numbers. please walk us through that timeline of increasing consequences as the duration of this scenario increases. >> mr. chairman, first challenge, having actually had this happen during accidents where human error caused power outages, we don't know at first how long it's going to be out. often times, situational awareness will be key because your initial response will not be different. we've had numerous communities go through power outages, very
substantial, that resulted in having to do mass rescues in elevators operations, deal with traffic control issues, commuter rail being knocked off, we've seen those. i think most communities that are doing effective planning, those are things that they will be doing almost from the beginning. what's critical -- and this goes back to what my partners to the left will be focused on -- is this a short-term duration, or is it longer? we faced this in flor actually when i was still in the state. we had power knocked out that was not occurring in any set pattern. it was occurring all over the state simultaneously. we didn't know what was going on. by the time we had situational awareness, the question was will this go into the night hours because if so, the governor will call out the national guard to provide additional law enforcement support. so again you start focusing on those immediate things of life safety. also safety in your communities because when you lose power and you start seeing those disruptions, you have to provide a much more visible form of policing and give people a sense of safety in their communities. it's going to require more
manpower, more people on the streets. you start looking at my generators are now running. what systems will need refueling next. is it going to be the next 72 hours? and this is something i think that's important. i learned this the hard way. a lot of communities do not plan for refueling in a crisis, and there are certain contractual things you have to have to make sure you ensure deliveries, and those deliveries and suppliers may not be local. if you're talking 10 million, we were shipping fuel as far away in philadelphia back into new jersey and new york to provide gas. we found all kinds of regulatory challenges. but, again, you start going my first steps, pretty much my fj response. my next steps, next 72 hours. which of my critical facilities will start running out of fuel or are having generator problems. by this time we would hopefully assessed this is a much larger event than local. we start looking at mobilizing resources from the outside, generators, fuel, other things to keep those on. it's key to keep the water systems and wasz water running. electricity has got a lot of problems, but water and
wastewater are almost impossible to make up the differences in dense populations. there's not really a good way to manage that if those systems go off-line for extensive periods of time. once you get past my 72 hours and i'm starting at the top of my first week, now you start looking at what's the retail sector supply chain look like? florida learned this hard lesson that many of our gas stations, grocery stores, and even pharmacies now have emergency power. they have transfer switches because we were dealing with power outages measured in weeks, and some went to almost a month, we found that retail was doing a lot of things that we had to start supporting because they were bringing in generators. they were getting themselves back open, but we weren't doing it as a partnership. we actually found ourselves competing with them. so you really want to plan this, and i think most communities, that initial response, if they've got good plans, they have done this or they are prepared to do it. it's once you get past 72 hours that i think that they really need to start thinking through
their plans. where are they going to get fuel? what kind of things do they have to keep up? and then where will be the next points? as we saw with new jersey and new york, initially it was the rescues and the trapped people and stuff like that. a lot of people evacuated. but then it became the fuel. it became pharmacies, grocery stores, and so you started seeing cascading effects. and, again, those are the things i think that once you're past 72 hours, you need to start planning out, okay, i'm out for a week. i'm out for two weeks. i'm out for three weeks. how much of my core am i bringing up? utilities aren't waiting. they're not going to be nothing happening for a month. but you're not going to get power back to everybody, and you're not going to get power back particularly to a lot of your residential areas. so can you get enough life support back up and running where people that still don't have power can get the essentials? it won't be easy. it will be difficult, but the thing here now is to continue to trade off. where can i make activities to buy more time to keep my population stable?
evacuations, maybe self-evacuating where people have that option, they will. but you won't see large numbers because it's unlikely in widespread outages there's going to be places to go to. so, again, it becomes this time of stabilization, continue to look at the down-range impacts, what we're able to bring up, where we prioritize that, but the reality is in almost all these scenarios, including the cyber as well as the physical, residential areas are probably going to be the last ones to get that power. so can you get enough life support and infrastructure to keep the major supply lines open? you're not going to have the normal consumption rates. you may have to do what governor christie did, but this means you have to plan out not just the power went out, but now what are the impacts of that as you go through time. then hopefully this is what our partners are working on is to give you information about how much time are we talking about before key systems come up. when will we get the final power
turned back on because in the absence of information, i think that generates its own problems. if we know it's going to be out for three weeks, we can plan. people can -- people are more resilient than we give them credit for. but lack of information, that in itself becomes a challenge. so i ran out of time, mr. chairman. >> that's okay because it's important because that's what i'm trying to get at is are these conversations and who's responsible for these conversations with people at the local level because this is an unknown. if there's a storm coming, a hurricane, an ice storm, wire prepared for that. we know it's coming. an earthquake, not so. you don't know it's coming. but still we have experience with that. but a widespread cyberattack with a physical attack attach the ed to it is unknown. and who's having that conversation with people at the local level that we don't know? it could be out a week. it could be out longer than a week. you need to be prepared. and are those conversations actually happening? i'm not convinced that they are.
and that's where the life will be lost. and i think we need to begin to find out how do we connect the dots? who's responsible to having those conversations down at the lowest level of the people who will be first charged with trying to protect lives? i'm going to turn to ranking member carson for his questions. >> thank you very much, chairman barletta. madam hoffman, your testimony notes that the department's research and development activities with respect to developing space transformer components, what is the cost to manufacturers when we're making these alternative components, and has a domestic manufacturer been identified so that we can ensure there is no disrupgs to its prior usage?
>> so thank you very much for the question. transformers are very critical components to the electric sector as was stated in the testimonies and some of the conversations earlier. with respect to ranges anywhere between $5 million to $10 million. and so these are significant components. so what do we need to do as we look for, what is our research program? what are the activities doing looking for dealing with the transformer issues? first of all looking at the spare components, the spare transformers that industry has and then industries looking at having spare capacity on their system. we're also looking at how do we develop the next generation transformer which might be a transformer that's -- you have the ability to produce more quickly and also have more
standardization and flexibility. so that includes in our research component the development of power electronics and hybrid transformers. our 2017 budget request has a strong program looking at transformers, which is about -- about $10 million in which we're going to look at developing the next generation transformers, as well as doing testing of transformers to make sure we understand any vulnerabilities that may exist. >> thank you. administrator fugate, in the event of a widespread outage, what are fema's plans for communicating with citizens on response and recovery efforts when there's essentially zero electricity? >> not much different than what we've faced in other significant outages. we have a variety of tools. first of all, within the emergency alert system, the radio stations, tv stations, many of them that have emergency power, tv stations, partner radio stations we can get
signals in. if we lose a transmitter, this will be something we'll be looking at in oregon during the cascadia. we work with the fcc for the non-impact to stations to get signal back in. we encourage people have that battery operated radio. that's why we encourage the idfm chips in cell phones because we can get signals in from the outside but people need to receive it to get the information. but part of this is going to be, where the information is coming from. we are going to be working through the governors office because governors and their teams are going to be the best information at the local level. our job really on the federal side is to provide the backup and tools required. and we're prepared to work with the fcc and broadcasters to get signal from the outside. in addition, we have gone as far and we did this in the sandy response. bring in satellite communications and set up wifi
in some of the areas that have lost some of the cellular communications. but we have another backup. and self-disclosure, i am an amateur radio operator. but sometimes the more we look at the complexity of our risk, we forget that we have some very resilient systems that are part of government but they often are the last thing running when everything else has failed. we look everything from our systems and satellite technology, working with non-impacted station has the broadcast in, amateur radios are all part of that. but it's important that people take the steps to be able to get the information when we can get the signal in. that's why it may seem very passe in an area of streaming everything that a battery powered radio may be that lifeline of communication link to get information. because we have seen even in large-scale, like katrina, stations outside the area could broadcast in but you had to have a way to receive the information. >> and lastly, have our most critical transformers and substations been the bulk power system been identified so that we have a clear comprehension of system dependencies and even
cascading impacts from a widespread power outage, regardless of the cost? >> thank you very much for that question, ranking member carson. we work very closely with the utility owners, with our partners at d.o.e. as well as nerc and ferc to understand the most critical aspects of the electric grid. we have a number of programs that we leverage to help assess the vulnerabilities of these particular assets and to work with owners and operators to help enhance the security and provide recommendations. equally important as you'll hear later from jerry colley, the president and ceo of nerc, we have a series of standards that are intended to guide the security of some of these most critical assets.
increasingly within my office, we are working to better understand the dependencies and interdependency on critical energy assets to be able to visualize what an outage is, the impacts it's going to have to other key lifeline sectors and to be able to provide that information as leaders to include administrator fugate as they are working to get power restored. >> thank you, ma'am. chairman, i yield back. >> the chair recognizes mr. meadows for five minutes. >> thank you, mr. chairman, for this important topic. i think this is one of the interesting aspects that's i get asked about more than anything else. let me tell you why i'm a little troubled here today. i hear a lot of rhetoric that acts like we have our act together from a federal standpoint when, really, the
vast majority of the job that gets done is with the stakeholders, with those public utilities that's for years have been prepared for mass outages, but perhaps the scope of the threat, the cyberthreat and what we're talking about mass outages, we can talk about hurricane sandy. we can talk about, you know, other storms. they are used to that. and i'm just telling you. i used to work for an electric utility many years ago. i was around. i've got enough gray hair. i was around when the d.o.e. was actually stormed. so when we look at this, to suggest that the federal government is here to help, i want to make sure that you are helping. y in chairman talked about the real communication being done. the real communication is being done by the local utilities, if anything is getting done. it's crickets when it comes to
the other federal agencies as it relates to this. now i say this as a criticism only because we have to figure out that we're sick before we start to figure out the diagnosis and how to fix it. so let me ask assistant secretary hoffman on one point. you were talking about national security and how you can reprioritize and make sure that those national security interests are supplied by public utilities or governmental agencies. here's my concern. many of our national security interests have their own generating and own distribution capacity. yet i find them woefully underprepared for cyberattacks. some of them are primary metered at the point of entrance so you may have a public utility providing the generating capacity. they do the distribution.
so as we look at this, what kind of turf war did we get in between dod and d.o.e. with regards to being ready for a cyberattack that would have national security implications? >> thank you congressman for that question. when we deal with any sort of event, we're going to act as a whole government. whether it's -- >> but who is in charge? here's the problem. and i have dealt with a number of agencies. we get fema that comes in and local emergency management responses. and what you have is you have different people saying different things. so with regards to national security, who is in charge of the power grid? is it d.o.e. or is it dod? >> the owners and operators are ultimately in charge of the power grid. the support to the power grid is going to come both from d.o.e. with respect to working with the owners and operators to restore power. dod has a responsibility with respect to national security and
protection. so from a physical security perspective, we may look at law enforcement to help with the utilities to protect substations. it depends on the event but the response to be coordinated. >> so you have a plan, a coordinated plan that i could look at today on how that would happen? >> so for -- >> that you could give to this committee in terms of -- because here's what happens. most of the time an event happens and then you go out and figure out the problems. you know, mr. fugate was talking about the fact we learned lessons from each event we have. the problem with a cyberevent as we're looking at in the ukraine, here we have an outage to over 200,000 people have it was cut off. the real problem was they were in the system for almost six months and we didn't know about it. so the question is, how many times are we getting attacked, and are they in our systems without our knowledge? >> you bring up a good point, congressman, thank you, but the
issue is every event and every incident is going to be different. and we're going to have to think about the capabilities when somebody can take someone's access credentials. we have to look at that and think about that as an industry. >> that's more of a physical threat. i want to go back to the cyber aspect. what we're talking about is we're looking at risk management. and really what we need to start to focus on is a real comprehensive plan on how we're going to partner with the private sector or public utilities on doing this because what happens is we get a little check box and say we've gone and talked to x, y, z and asked them to make sure they're vigilant about cybersecurity, which most of them are, but yet what happens is we don't have a comprehensive plan at a federal level to look at how we can support them in the event of a national attack that would come in the way of cyber.
i'm not talking about storms. i'm not talking about stealing a credential. i'm talking about the real attacks we get hit with every day. do we know, have we done a risk assessment where we have intelligence and have we shared that with the public utilities? because a lot of times we have this national security concern that we don't want to share that with an outside, you know, group because of national security concerns. >> thank you. you bring up very good points in your discussion. first of all, we follow the national response framework. as administrator fugate talked about, regardless of whether physical or cyber or weather related we're going to react as a whole government. with respect to your question on intelligence, we are sharing information with the private sector. dhs and d.o.e. host classified briefings with the private sector to share actionable
information. and that is the information that the utilities are able to take back and really do respond for us. with respect to specific events such as ukraine incident, ics alert has provided specific actionable information. d.o.e. working with the electric sector sharing and analysis center has provided actionable information to the industry to learn from these events and prepare. and that's what's important. each event is going to be different. we have to take those events and learn from them. >> i've run out of time. i'll yield back. mr. chairman, thank you for your patient. >> the chair recognizes mr. de blasio. >> i regret i had to step out to go to a hearing upstairs. the committees should look at not scheduling hearings in different subcommittees at the same time. administrator fugate, you made a number of excellent points and
talked about being a ham radio operator, that's a potential backup. i was recently in japan and one of their greatest regrets is that they didn't have enough deep ocean sensors, and they underestimated the size of the tsunami. and they did manage to get out a warning with that original estimate before the electrical grid went down in those areas and they had no further capability of broadcasting and warning people. and, therefore, many people sheltered in places that actually were below the crest of the tsunami and died. so they've now moved to a cell phone-based system and required resilient cell towers to be built. are we looking at anything like that here in the u.s.? >> yes, sir. part of the charge you gave us and the fcc was to develop wireless emergency alerts. we implemented faster than we thought. right now every cell phone being manufactured today is required to be able to transmit a wireless emergency alert, part
of the emergency alert system. tsunami warnings are built into those. so if there is a triggering event the originator for that will be the national weather service, tsunami warning centers. in case of oregon, the alaska warning center. it would go out. it's geo coded to the areas of impact. those counties and communities at risk would get those notifications on their cell phones. you don't have to opt in or sign up. the only thing you can do to a cell phone is turn it off and not get the alerts. unless you've done that, a tsunami warning would be issued and transferred upon that point and go out. you point out one of the challenges which is why we work closely with local levels. it's hard to get the magnitude
of the tsunami so the evacuation zones have to be what's the maximum risk? we've got to move now. a phased approach, we generally don't have time with cascadia. it's too close to the coast. even before you get the warning if you feel shaking, you have to move to higher ground. even with a warning you only have minutes to move. but the cell phone system now, as soon as the weather service issues a warning, it will get transmitted to those areas. we've seen this occur already. but it has answered this question of, what will wake people up in the middle of the night? your cell phone buzzing and humming and making strange noises was the whole purpose of the emergency alert system. >> when phones are manufactured after what date were required to have that? do you know? >> it started -- i believe it's -- i'd have to look at the exact date but it's been about the last -- 2010, 2011 that all new handsets. apple, the ios was the last of the handsets to incorporate this in. so pretty much all the new handsets now have this. and as we see the replacement cycle of cell phones we've now third, fourth, fifth replacement cycles. we're getting good penetration
with those systems. >> i've been on an airplane here where we were held on the ground because of thunderstorms and everybody's cell phones started buzzing as if they had a tornado alert or something. so that is great progress. to the honorable ms. hoffman, just on the issue i raised earlier, you know, the transformer issue. it does seem really critical, and they are very expensive. they are cumbersome. hard to move. but, i mean, where are you at in evaluating the potential or possibility of having some, you know, backup or replacement transformers in a strategic reserve? you're analyzing that? or where are you at in that process? >> thank you very much, congressman, for the question. the transformer reserve plan that was required as part of the f.a.s.t. act is in progress. we have contracted with oakridge national laboratory to do an assessment with respect to transformers. the transportation issues, any
sort of where they would be placed. volumes and size. as you are well aware, the transformers in the united states are quite unique and we also have to look at a parallel process for how do we look at standardization, look at next generation transformer for additional manufacturing. we are also in the process of assessing the transformer manufacturing in the u.s. d.o.e. has had several reports out with respect to transformer manufacturing. there are several manufacturing entities in the u.s., including efisec, georgia transformer, abb, waukesha and hyundai. those are the transformer manufacturers in the u.s. is that enough capacity we need? i would say we need more capacity with respect to transformers. so it's important that we continue to look at a transformer sharing program. so we are in progress and on target to meeting that deliverable for the committee.
>> so what was the timeline that was established for the conclusion? >> the timeline established in the f.a.s.t. act was one year from enactment. so it would be due in december. >> okay. great. are you aware whether or not the regional power administration is, you know, are you working with them, because they obviously have most of the -- are interlinked with private but for the most part provide for the power transmission and high voltage power transmission. and half of that -- well, part of it is d.c. so we have two different sets of transformers. >> thank you very much for highlighting that. yes, we are working with the power marketing administrations which includes wapa, vonnebell. they are a core asset to the electric infrastructure writ large. they're a very important part of the conversation. as required by the f.a.s.t. act we'll do consultation with industry and with experts in this area. >> okay. thank you, mr. chairman.
>> chair recognizes mr. perry for five minutes. >> thank you, mr. chairman. secretary hoffman, the f.a.s.t. act you were just discussing includes what you were just discussing some additional roles and authorities. can you talk a little further about the importance of the transformer reserve and what your thoughts on that are particularly? >> thank you very much for the question. the transformers in the united states are very critical component of the system. the f.a.s.t. act recognizes the criticality of these transformers, as well as the need to assess where are we at with respect to any sort of need for a plan to develop a plan for transformer spare capacity. so what this means is really evaluating the spare capacity in the united states, the ability to transport transformers. so where we should have a
transformer stockpile, if necessary. where should it be located? because of the difference sizes and dimensions of the transformers. so part of the plan of what we're look at with oak ridge national laboratories, our plan is assessing the number of transformers, the size of transformers, meaning the different voltage classes, and then where those transformers could potentially be needed to be located because of transportation issues. the industry has had discussions with the class-a railroads and looking at the transportation of transformers. you may not be aware but a lot of substations are in very remote locations. so really the criticality in some of the time is not only manufacturing the transformers, but it is actually the transportation of those to a location. >> will you be considering the manufacture time in that study, and when can we expect the results? >> yes, we have started looking
and have had several reports out with respect to transformer manufacturing. and those are on d.o.e.'s website, but the result of that will be included in the report in december. >> do you discuss cost or reimbursement at all in your report? >> so part of the request is to look at policy implications and the cost and financing of that. we are going to work within the department of energy with our energy policy and systems analysis group and assess what are some of the financial implications to setting up and developing a transformer reserve. >> all right. thank you. in my opinion, the epa continues to overregulate the energy industry and with that, i don't think they have the ability to determine or examine the requirements. mr. fugate, i'm sure you're aware based on what i have based on december 2015, retiring due
to epa policy retiring or converting 81,423 megawatts or 499 units based on regulation. has fema done an examination of how the epa regulations affect the grid and capacity? are you interested in doing that? do you know the capacity and the ramifications of the loss of the 499 units and the 81,000-plus megawatts? >> to be honest, congressman, we depend upon our partners in dhs that do that. we are not the subject matter experts. so we determine for our infrastructure protection what that means and what those impacts are. having come from the state of florida we've seen dependence
move from coal to -- i was in the unique experience of having a gas pipeline severed. knocked out all the natural gas to the southern and middle parts of the state. we suddenly realized we had a tremendous reliability on that. and we were fortunate we had mild weather or we could have had generator capacity shortfalls that would not be made up. >> so i've got a limited amount of time here. so if fema is not doing it particularly, who are you getting the -- which partner are you getting that information from? who is assessing the effect of the regulation, the loss of capacity and the timing of that loss? who is doing that of your partners? >> i would depend upon my partners to the left. we look at energy as a function of government. there are numerous parts of the regulatory and response structure. we concentrate that into --
>> so may i ask your partner to the left. do you have that information? are you tracking that? >> thank you very much for the question. the department does look at reliability implications with respect to any sort of master change in generation mix in the united states. with respect to the clean power plan, it is really going to be as the states develop their implementation plans, the assessment will occur with the regional reliability entities and the independent system operators where they will coordinate and understand the reliability impacts. >> so you don't know what it is up front or you don't assess it as it occurs? you don't know that so many plants and so much capacity is leaving in ohio or pennsylvania
or alabama? you don't know that in advance and make an assessment of the potential risk that's involved? >> so thank you. from a wide -- from a widespread reliability point of view, d.o.e. believes the clean power plan and regulations will not have any widespread reliability impacts. but -- >> hold on. you believe that, but do you believe that because you have empirical data to support that or you believe that because somebody is telling you that? or you believe that because you don't have any reason to disbelief that. >> right now the utilities work to ensure reliability. our past experiences as any sort of reliability concerns come up, there is strong coordination within the industry to address any sort of reliability impact. >> so does that mean if you thought there was going to be a reliability impact based on the regulation and the capacity reduction that you would -- you would essentially exonerate or waive the requirements for a period of time to make sure that
the capacity remains? do you have a policy to do that? is there a thought to that? what is your plan if you come up against something that doesn't comport with what you think it needs to be from a capacity standpoint? >> within clean power plan, the state says they develop their clean power plan, their state plans, they will be coordinating with the reliability entities, the isos and rtos looking at any potential reliability implications. >> how does that work? i live in the pjm, a multi-state organization. it's not state by state. it's multistates that all feed into the same grid. how does one state's plan affect another, and who coordinates whether reliability or capacity issues in that regard? >> the states are required as part of the clean power plan to coordinate with pgm. and pgm has and will continue to do reliability analysis for that region. >> thank you, mr. chairman. >> thank you. chair recognizes mr. series. >> thank you for holding this hearing. this is very important. i represent the 8th district in new jersey which got hoboken and
some of the other areas, jersey city, which got hit very hard by sandy. if i learned anything about our infrastructure, it's how unprepared we were for the storm or anything else. and there's plenty of blame to go around. everybody points to the federal government but in reality the states could do a lot of things and the locals could do a lot of things and the power companies could do a lot of things. i always think of the example, there was a generator in a flood zone. and the power company was protecting it with a chain-link fence. so when it flooded, obviously, the chain-link fence did not hold the water back. so what i'm trying to get at is, these are the kind of simple things that we can do to protect, you know, this particular transformer.
the other thing was in terms of the -- you were talking about now that we learned. we have plenty of gas, quite frankly, but they couldn't pump it. so a simple thing like a small generator to just move the pump or move the gas from, you know, from the containers to the people. it would have sufficed. so when i say that everybody has shares of blame in this, i just hope that we have come from sandy far enough to learn some of these mistakes, and we are expecting them. so will you please tell me that we've come a long way from where we were? >> we've come a long ways. we haven't gone far enough. you point out what i see is the real challenge in which cyber highlights, the tendency is to plan for what we're used to dealing with, not for what can
happen. we put a fence around a generator in a flood zone. the reason you have a generator is if power goes out. one of the likely reasons for a power outage is a coastal storm. but you hadn't had one in a long time so you're more concerned about someone breaking in and damaging the transformer. cyber is new. a lot of things we'll do won't be new in response to the consequence. if we don't know what we're planning against we may run the risk of only planning for what we're used to having. maybe short-term power outages or disruptions strictly local and not plan for what could happen and plan against it. as you point out, we try to promote these lessons, but it seems to again be one of our challenges. how do you get people to change? let's talk about gas stations.
that's a private entity. putting in a generator is a cost. so you can just ship a generator there. most of those utilities were underground and it was hard to get a generator hooked up to it. in some states, they've put in incentives that gas stations would be required to put in a transfer switch. it was a good compromise. that way if they did lose power, we can get generators in there and hook it up and pump gas. this is where we have to be careful. it's easy to say this is the fix until you ask who is paying for it. and i think this is the ade-off of what would make sense either through incentives, tax credits. i can't ask businesses to lose money if their other partners or competitors aren't doing the same thing. you have to put a generator in
every gas station. that's not also necessarily a great idea either. putting in a transfer switch was a great compromise. as we learn these lessons, we go back to this trap of, we plan for what we have experienced in the past, and that does not always scale up for the future impacts. we have got -- the lessons learned. we've put the information out there. but the receptiveness of that audience is based upon do they see this threat as applying to them. as you know for your community. we talk about hurricanes and hurricane evacuations. most said we don't have hurricanes. we have nor'easters. it's getting people to plan. we know what these impacts are. it's having people plan for what can happen, not only based upon their past experiences. and we've not had a lot of experience with cyber. so part of this again is
getting -- what are we planning against? and then, what will we do differently? and if that requires resources, where are those resources coming from? >> i also think that we have to be prepared post sandy or post -- because we still have problems in new jersey where people still aren't in their homes years later. and, to me, that's really unacceptable two or three years later that we have these issues where people, with the insurance, with the evaluation of the property. somehow we have to be prepared for some of these things because it impacts real people. >> it does, and our experiences coming out of hurricane katrina five years after that we still had families living in travel trailers because we didn't have the right answers. rebuilding after disaster is time consuming. a lot of hurdles to go through. it's ideal to get people back in their homes as quickly as possible but that requires a lot of things that go beyond even some of my programs. it's really, as you point out, state, local -- >> sorry. i'm not just putting the blame on you. i'm also putting it on the locals and the state that we should prepare for any of these storms or whatever we have. thank you, mr. chairman. >> thank you. chair recognizes mr. massey. >> thank you, mr. chairman.
i'm going to yield as much of my time as he might consume to the gentleman from north carolina. >> i thank the gentleman from kentucky for yielding. miss hoffman, i want to follow up on one thing. you talked about the transformers and having these backup transformers as a redundancy. one of my major concerns is that decisions that get made by d.o.e. or dhs or fema all of a sudden what we do is we transfer that liability to others that are providing service. so what we -- right now, all utilities have backup transformers, primarily for distribution purposes. but even for larger transmission related transformers and switches. however, if you're going to make a decision, it directly impacts rate holders for two reasons. if they are having to have ten $1 million transformers sitting there, i don't know that they
can get a return on that investment. if you start to extrapolate that out if it's not in service, just kind of like generating capacity, there's a certain length of time they have in order to bring that online so they can get a return. ultimately it affects the rate payer, anything you do. when we start to look at the security implications, what i'd encourage both of you to do is look at it as we would from fema is that it is a federal redundancy required, not that needs to be done by utility to utility to utility. do i have that commitment you'll look at it as a federal obligation rather than utility obligation? for the record, both of them said yes.
let me finish with one other concern when we talk about sharing in a classified setting with the stakeholders. have all of the utilities participated in that secured setting where you have let them know of both the threats, potential and real threats that we already have experienced? so you were saying that we've done that in a classified setting, and i just find that interesting. i'm not challenging you, but i want to drill down on that because i don't know of too many -- maybe the big utilities but there are hundreds of utilities. they come into a classified setting. this is your rusk. this is where that is. this is your testimony today. >> so thank you for that question. information sharing occurs at multiple levels. we do have classified information with the electric
sector coordinating council which is a 30 ceos that comprise the whole sector. they are investor owned utilities, co-ops that participate in that information sharing, that classified information. in addition we've had one day read-ins where we've brought a larger section of utilities in to do classified information sharing. we have done that. dhs has done regional information sharing, meetings where they've had opportunities to bring folks in and do information. it ours on multiple levels. have we hit every single of those -- >> i'm not saying -- i want it to be systemic. i'll yield back to my good friend from kentucky in a couple of seconds, but i want to make sure that i'm clear. as we get the stakeholders, what i want it to be is more than just a box that we're checking off. i want eei, i want all of the groups that are there to buy in and say, we have a plan.
we do it for mass outages like sandy and other hurricanes. we haven't done that, i believe, adequately, as it relates to cyber. and do i have both of your commitments that you'll redouble your efforts to include them as stakeholders? >> yes, we will redouble our efforts. one thing i'd say codifies how we're redoubling our efforts is the grid-x that happens between utility and industries where we are actively exercising this. >> i'll yield back to my good friend. >> thank you. i just have a brief question that occurs to me during the questioning. of this classified information, if we sought to get a brief on that, would you make yourself available in a classified setting for us as we contemplate what sort of legislation might be necessary? >> yes, congressman, we would be glad to have a briefing with you?
>> is that the case for everybody? >> yes, sir, of course. >> mr. fugate? >> i would originate most of the data but i'd be -- most of the origination of the classified data would come from my partners to the left. >> understood. thank you very much. and i yield back. >> with respect to time for our second panel, we're going to move on. and i think if i can summarize, and i thank you all for participating today. i think if i can summarize administrator fugate that planning for local and state governments should be -- needs to be in terms of weeks, not days. and that's important because that's the first time i've heard what we need to begin to look at in the event of an attack. i want to thank you all for your testimony. your comments have been very respectful in today's discussion. we'll now call on our second panel.
i remind you of the subcommittee's request to limit your oral testimony to five minutes. mr. colley, you may proceed. >> good morning members of the subcommittee. very glad to be here today testifying. i'm the president and ceo of the north american electric reliability corporation, nerc say non-profit international
organization overseeing the reliability and security of the power grid in the united states, canada and a portion of mexico. we have authority assigned by congress to develop and enforce standards affecting reliability and security of the grid. and that authorities overseen by the federal energy regulatory commission. electricity is the most critical lifeline sector for national security, for other lifeline sectors like finance, water and transportation, for the economy and for public safety. every day we're reminded of a seriousness of our job related to securing the grid. there have been terrorist attacks in france and belgium and even here domestically. there have been cyberattacks and data breaches across various industries and across government. of particular relevance to our grid on december 23rd, 2015, there was a cyberattack in the ukraine which was launched against three distribution companies and in which the perpetrators gained control of
three distribution companies and were able to put out the lights for 225,000 customers for up to six hours. a team from the u.s. went to investigate that incident in the ukraine, including a member of the nerc staff, and what i can tell you is that the cyberthreats are real. but i think we have a very different situation in the ukraine as compared to what we have in the united states and north america. our security controls in north america are very different. we're the only industry with mandatory and enforceable reliability standards affecting physical and cybersecurity. we're currently in the fifth generation of cybersecurity standards. risk-based standards based on nist-type controls. they are adaptable and can keep up with the current threats. we have a very robust compliance monitoring and enforcement program.
system operators use modern controls to ensure the security of the system, including separation of corporate and business systems from control systems. physical access controls. patch management. aggressive threat hunting and mitigation and employee and contract training and many other measures they take. we've established the electricity sector coordinating council at the highest levels of industry and government including ceos and top officials from government. the ceos and boards of power companies take security very seriously and security is one of their highest priorities on a regular basis. our information sharing and analysis center, which you've heard about, the isac, provides robust information sharing regarding physical and cyberthreats. we've recently gone through a review and upgrade of the capabilities of the isac and the isac, i believe, is closely integrated with the security operations and information
sharing at individual companies, as well as the state fusion centers and other sectors. we also operate a tool called crisp to monitor the internet traffic to key sites around the industry and compare that traffic to threats and vulnerabilities that we're aware of worldwide and warn the utilities about issues they may be experiencing in realtime. in the unlikely event of a successful cyber or physical attack, i believe that we are well prepared. ferc and nerc recently completed a study of the restoration and recovery capability plans and drills and exercises of nine major companies in the industry, and that report is available publicly. it's posted on the nerc website.
but it demonstrated the preparation is there and that the plans have been exercised. as you heard before, november this past year, nerc led what i believe is the largest grid security exercise in the world. grid-x 3. over 400 entities in north america participated. over 4400 registered users. in my estimation probably closer to 10,000 actual participants. the distributive play portion where we're in a central control place and we inject the attacks outward and so the power companies are engaged in the exercise locally in their own control centers in their own substations and power plants. they're receiving the information from us. that portion -- i apologize for my voice. just getting over a cold. that portion lasted two days. on the second day there was an executive tabletop that brought it together for senior executives from industry and
government. the scenario included cyber attacks, physical attacks, including active shooters, truck-mounted explosive devices and unmanned surveillance drones. this hypothetical event was extreme and intentionally extreme to go beyond our capability and to test the system and really the point was to find out what can we learn and what do we need to do to improve. during the distributive play exercise we caused outages on a simulated fashion. no one was controlled or affected. we simulated 5 million customers were out, and during the executive section to invoke all the policy questions at the national level we were looking to pull out, we had 15 million customers out, and those outages were projected to be extended for weeks and even into months to really push the questions that the chairman is trying to raise today. participating entities work through their emergency procedures. very extensive contacts with local law enforcement and first responders.
those local government officials and first responders did participate in the exercise. we had, in the exercise, the white house, dhs, d.o.e., department of defense, cyber command, nsa, northcom, fema and the illinois and wisconsin national guards are some of the players who participated in the executive exercise. a number of key takeaways were to make sure that we are able to better coordinate between industry and government in terms of the situation assessment. and what do we communicate to the public? it would be a constant race with regard to information to the public. we all know social media and the news are very quick. we want to make sure we're getting reliable information out to the public. we're focused on ensuring unity of effort and unity of scale. we can resolve all of our resources for both industry and government together. looking forward, i would say in
this exercise we'll continue to expand the role of state and local governments and participants in the exercise to make sure we can exercise some of the things the chairman is looking to get here which is, how do we engage, how do we inform and how do we set expectations? i look forward to your questions. >> thank you for your testimony, mr. coley. mr. spencer? >> members of the committee, my name is bill spence. i'm president, chairman and ceo of ppl corporation. we deliver electricity to more than 10 million customers in the u.s. and the uk. beyond my role overseeing ppl's operations, i'm also on the eei ceo policy committee on reliability and business continuity. i also am a member of the electricity subcommittee -- or subsector coordinating council that you heard about earlier today.
the escc serves as a principal liaison between the federal government and the electric power sector to protect against cyberthreats to the nation's power grid. protecting the nation's power grid as you heard earlier is not only a top priority of the federal government. it's also a top priority for the industry. we have a very strong record of working together closely in all kinds of disasters and storms. along with our government partners. we identify, assess and respond to all threats. the electric sector takes a defense and depth approach to protecting grid assets. this approach includes three key elements. the first is a rigorous mandatory enforceable and regularly audited reliable standards. jerry talked about that in his testimony. also, close coordination among industry and with government partners at all levels. and thirdly, efforts to prepare, respond and recover should power grid operations be affected. our industry already maintains hundreds of spare transformers. i don't believe that came up
earlier, but you should be aware of that. in addition we just recently launched as an industry a new project called grid assurance. under grid assurance, many of the major utilities in this sector are coming together to establish regional centers, what we will not only store spare transformers but other critical equipment necessary to quickly recover the power system in any type of an event. among all the critical infrastructure sect ors you should know the electric sector invests more annually than any other critical infrastructure sector. last year alone, we invested more than $100 billion. regarding security standards and regulations, as you heard, we're subject to nerc's reliability standards. entities found violating these standards face penalties of up to $1 million per violation per day. in fact, our industry is the only industry subject to these mandatory federally enforceable cyber and physical standards.
the industry's also implementing requirements for physical security as part of a broader suite of nerc standards and using voluntary standards to drive improvement. secondly we're coordinating closely with the federal government, sharing threat information between the government and industry to protect the grid. according to the national infrastructure advisory council, the electric power sector is viewed as a model for how other critical infrastructure sectors can more effectively partner with government. our intent is to keep it that way. the electric subsector coordinating council brings senior government and industry executives like myself together with agency officials to improve sectorwide resilience against all hazards and potential threats. the escc and our electric information sharing and analysis center offer programs like the cyber risk information sharing program, as jerry also mentioned, which we share information on potential threat. this is an area where i think the federal government has been very helpful to the industry. by allowing us to utilize
proprietary hardware and software developed at the national labs and is now helping to protect the grid. we now have over 75% of the u.s. customer base covered by industry participation in this critical program. the escc is also focused on several key other areas including planning and exercising responses to major disruptions. our last exercise was a combined cyber and physical threat. we're also ensuring rapid threat communication amongst share owners and stakeholders who were also developing government-held technologies on electric power systems that improve situational awareness and cross-sector coordination. last, but not least, we're focused on incident response and recovery efforts. electric power companies continuously plan and exercise for a broad range of potential threats. we share crews and equipment in times of trouble, and we regularly drill for potential emergencies.
for our part, ppl is actively engaged in the industry efforts i've highlight and pursuing an aggressive approach to protecting the power grid. thank you, and i look forward to your questions. >> thank you for your testimony, mr. spence. ms. kilmer, you may proceed. >> thank you for inviting me to testify today on how electric cooperatives manage the consequences of a power outage. regardless of the cause, getting power restored quickly and safely requires advanced thinking and planning. my name is bobby kilmer. i'm testifying on behalf of the national rural electric cooperative association. they deliver electricity to member owners at over 18,000 locations in rural northeastern pennsylvania. we have low consumer density averaging less than six consumers per mile of line, and we serve primarily residential accounts. we are one of pennsylvania's 13 electric cooperatives and our
electric distribution system is not directly connected to the bulk power system. the national rural electric cooperative association is a service organization dedicated to representing the national interests of electric cooperatives and their consumers. nreca represents more than 900 not for profit consumer owned rural electric utilities that provide electricity to over 42 million people in 47 states. electric co-ops are accountable to their consumer members. those same members own and govern the co-op through a locally elected board. they reflect the values of their membership and are uniquely focused on providing reliable energy at the lowest reasonable cost. responding to power outages is a major part of our business. assessing the situation, knowing who to call and determining how to proceed is imperative, and it requires coordinated efforts in the public and private sectors during major events. one of the seven principles of
the cooperative business model is cooperation among cooperatives. this cooperation is integral to our emergency planning and response. in pennsylvania, as in many states, the electric cooperatives statewide association plays an important role in emergency coordination. electric co-ops have mutual assistance agreements between one other so during a major event the process of securing additional crews and resources is simplified. there is also a national cooperative database which facilitates cross-state mutual assistance. as i noted in my written testimony, this network helped our statewide secure crews from florida to assist us in our restoration following hurricane sandy. also important are the relationships that we have with state and local government agencies. during major events our statewide association is in regular contact with the
pennsylvania public utility commission and the pennsylvania emergency management agency. the statewide communicates outage information and requests for assistance from other governmental divisions on our behalf. we're in touch with our county local emergency management agencies. we advise them of outages in their counties and expected restoration times. this allows them to coordinate with other organizations like the red cross to set up services such as warming shelters. we also have close relationships with our local police and fire departments. and along with other agencies and utilities, we, too, participate in table-top exercises which simulate emergency scenarios and strengthen our community networks. communication with our members is important, too. we always provide the option to speak with a live customer service representative. we use outgoing telephone messages, information postings on our website and social media and use radio and television broadcasts which could be used even in the event the internet
is down to keep members and the public informed about outages. we test our business continuity and disaster recovery plans annually, and we have plans in place so that we can operate from a remote location if necessary. cybersecurity and awareness is a critical part of our operational preparedness. though we are a small utility, we strive to follow industry best practices such as the use of network scanning and intrusion detection programs in protecting our operational data and our business and member information. we also participate in the pennsylvania department of homeland security's task force on cybersecurity. our preparedness in the field is tested throughout the year during localized outages caused by weather events and other conditions. lessons learned through experience, along with the coordination with our national, statewide and local networks would form the basis of our response to a national or cyber event. again, thank you for the opportunity to testify today on our emergency preparations and recovery efforts. >> thank you for your testimony. i'll now begin our first round of questioning. and this question is to all.
i'm going to ask you the same question i asked our first panel. what is the planning scenario that state and local governments should be using for a cyberattack on the electric grid? will the power be out for days or weeks or months? considering both a cyberattack and a physical attack, the worst case scenario. how widespread could the outage be? mr. colley, nerc runs an exercise on the failure of the grid. what scenario do you use? i'll let you begin. >> thank you, mr. chairman, for the question. as i mentioned in my presentation, we do probably pose a scenario that's ten times beyond any sort of realistic expectation in terms of magnitude, it's to test and shake us out and see what we can do. i think the difficulty in
understanding the question is that there's many kinds of hazards that can cause outages. and, in fact, if we look at -- we do a lot of data and analysis about what causes blackouts. that's one of our jobs. since 2011, so four years running in our data, weather has been the top ten causes of all major outages in north america. so we have that sort of baseline. so, the question for me, i phrase it as what kinds of things can cause outages from a few hours up to two to three days? and there's a lot of things that can contribute towards that and what kind of response and capability we have. so it could be storms, it could be equipment failure, a number of things. then i think as we get to the kinds of things we're talking about here in terms of cyber and physical attacks, i think it's reasonable to ask -- and severe
storms, ice storms, hurricanes, it is reasonable to ask the question, how are we taking care of people in a one to two-week outage? it may not be everywhere, but it might be in some local areas, it might be some cities that could reasonably be facing a one to two-week outage. i would hate for us to say it's a cyberevent or it's a storm. really the public safety issue is very similar. the major difference would be -- to me the major difference would be we knows there some kind of security concerns, law enforcement would be involved. still the same fundamental without electricity, you need to take care of people, get them fuel, food and water. those kinds of things. the one scenario i think that is the exception, and i think it was appropriate that the committee participated in the legislation around spare equipment, the one scenario i think realistically concerns me longer than the one to two-week time frame is damage to spare equipment. particularly the transformers,
that could happen from bomb blasts, shootings, other gmd storms. the question is not what caused it, but the question is what you are going to do if you lose transformers and they're not replaceable for an extended period of time. an extended period of time? >> i want to get this down to connect the dots down to the local and state. you know, i feel pretty confident that getting to that point, we've got all the ducks in order. i'm just concerned that there's a missing link to what should the states and local governments be preparing for or planning for in length of time because they need to do the same thing that you're doing. they need to know the scenario of worst case, what do we need to prepare for? >> right. and i've been doing reliability for 35 years. i really think there's two levels. there's normal expected you would see a number of times a
year is that one to three days that everybody should be prepared for. i think a one to two-week scenario is a scenario that if you're prudent, i would be talking with the mayors and the city councils about what you can do to be ready for a one to two-week outage in the extreme case of hurricanes, earthquakes, those kinds of things. my only exception is spare equipment damage may be more challenging. but i think it really is independent of the cause, whether it's cyberattack. i can't imagine a cyberattack that's going to damage equipment to have an outage more than hours or days. >> i would agree with mr. cauley. i think the prudent thing would be the same as what we're doing today for devastating storms, which is really a one to two-week outage preparation. i think there are a lot of resources that can currently available in local communities, both at the state and the local community level that a really
great resource that unfortunately i don't take all the towns and communities take full advantage of. a lot of really good best practices that have been used by towns and cities that have been more experienced with devastating storms. so, for example, the state of florida as a lot of experience. so there's a lot of lessons learned there that are available to towns and communities. i think the other thing -- and i think this was mentioned by the representative of fema earlier today. it really boils down to in many cases the probability of the event happening, that risk of the event and willingness to put in place and spend the money for backup generation or other backstops that would be necessary for a one to two-week event. so i think that's where i would direct the towns and communities to be aware of what's available, utilize that fully, and then make the critical investments that they need to survive a one to two-week period. >> okay. i'm going to connect the dots. so do you think it's the federal
government's responsibility or the state government's responsibility to make sure that the local government is doing all that because i'm just concerned that we're going to have everybody pointing fingers at each other, well, i thought you said. i thought you did, and nobody did. whose responsibility should it be that we make sure that the local governments are prepared? because today is really the first time that i'm hearing a length of time. >> right. >> you know, in my own mind, again, i'm going to keep putting that mayor's hat back on. i'm beginning to think, well, geez, if it's a week or two weeks, there's a lot of things i need to be prepared for here, and we're probably not. which means that most cities are probably not prepared, and i think that's what this hearing is about, is really to raise a red flag here today that we are not prepared in the event of something drastic, major, unlikely, but could be. >> a couple comments, mr. chairman.
first i would say -- and you probably would not want to hear this necessarily, but i think it is a shared responsibility between local government and the federal government. and i really do believe that because you're just not going to be able to have federal boots on the ground in all these local communities to get the communities back up and running. secondly, i would say that, you know, there's things that the local utilities do have at their disposal to help with local communities in terms of communication and even backup generators, portable generators, that we can deploy to high-priority areas to make sure that when we need to restore the system and we can't do it in a timely fashion, at least there's some basic level of service that we can provide. so i think in an extended period of outage, you're still going to have power to certain areas. you're going to have a backbone of power. it may not be this town or that town, but i think collectively there will be ways to get resources available to the local towns and communities. you know, to be why frank, i was very skeptical when we started this electric sub sector
coordinating council on whether the federal government was really going to be able to help us as an industry to restore power quicker. but i've been pleasantly surprised at level of cooperation and collaboration that has gone on in the last three to four years. and they're simple things like providing fuel that we desperately needed during hurricane sandy to restore towns and communities in jersey and pennsylvania, and there's other things like providing beds for crews that are coming from out of state. we were able to access barracks at the department of defense facilities. we were able to access portable generators. we were able to access experts in emergency response. so there are some things that the federal government can be very, very helpful for, and i think now that we have a playbook that really dictates who does what, when, which was always my concern in a major event -- who do i call, and are they going to be ready for that call? i can say that from what i've seen so far, i believe we're
more ready than we've ever been in the past, and we have a very good system and a playbook that we can go right down the line and have access in this case, and we're talking about with this committee, to cyber resources at the highest levels of the federal government. >> thank you. ms. kilmer? >> i agree with my fellow panelist on the shared responsibility. i would also like to emphasize to the subcommittee the importance of communications during crisis periods. my experience has been sometimes it's not the length of the outable but simply knowing how long it's going to be or what the expectation is. it can help both residential consumers as well as townships and towns to understand how they need to plan. i'd also like to add one thing that we've seen in our rural area, especially since hurricane sandy, and that is a focus on individual preparedness. i'm seeing our local county emergency management agencies doing a great job in trying to
educate the public on being prepared. we try to do the same thing. of course we are in a rural area. we're subject to many weather events, so i think our consumers are relatively prepared. again, i'm not suggesting we can rely on that, but i think that is an element in all of this. thank you. >> the chair recognizes ranking member carson. >> thank you, chairman barletta. ms. kilmer, you mentioned that the rule is not connected to the bulk power system, but you receive services from pin alex sub transmission system. what does that mean for your cooperative in the event of a nationwide cyberattack on the grid? >> in the event there was a cyberattack that took down the grid, we would be affected by that. if pen aluxe transmission system was affected and power was disrupted to our substations, we would also be out of power.
>> mr. spence or whoever, there was a newspaper article yesterday that indicated that the fbi and the department of homeland security had been warning the power industry over the last month about a potential cyberattack. what role as the electricity information chairing and analysis center -- what role might they play in distributing this kind of information? >> thank you, congressman. that is exactly really what the information-sharing and analysis center does. in fact, i'm not aware of that particular one, but we do dozens of these a day. we get information out, post it to industry. we have several thousand participants in industry who receive those notices every day. >> i yield back. thank you. >> chair recognizes mr. meadows. >> thank you, mr. chairman.
mr. cauley, did i hear you correctly? you said that in the event of a cyberattack, the longest period of time that people would be without power would be an hour? is that what you said? >> thank you for allowing me to follow up on my -- whatever i said. my point -- >> sometimes i don't hear correctly, but i just wanted to give you a chance. >> the point i was trying to get to but i rushed was it's a very difficult form of attack to go from a cyberattack -- it's easier to steal information or disrupt electronics. it's very technically challenging to go from an electronic cyberattack to causing physical damage to equipment. even if the ukraine attack, there was no damage to the equipment. it was opened. the breakers were operated to basically shut down the feeders that were going to customers, but there was no damage so that once they realized what was happening, they basically could defeat the computers and have people go to the station
manually, flip the switch, which is a mechanical switch, and put the power back on. so my point -- and i would love to continue working on this and getting some actual data to support that -- is it's very hard to transform from a cyberattack into long-term damage that would be measured in weeks or months because you have to hurt the equipment to do that. >> okay. and that's really my focus is not turning a switch off here or there or, you know, tripping a breaker or, you know, making a jack go out. that's minor. i guess the type of cyberattacks that we're seeing and hearing about in classified settings, not directly related to the electric utility business, are very sophisticated. and so being able to come in, and so i assume, you know, going into a generated capacity. so let's say you've got a generator, and, you know, there's all kinds of controls and switches