Skip to main content

tv   House Homeland Security Subcmte. on North Korea - Part 1  CSPAN  October 13, 2017 10:55am-12:59pm EDT

10:55 am
legislation to create national monuments. also puerto rico, wildfires in the west and the republican agenda in congress. sunday at 10:00 a.m. and again at 6:00 p.m. eastern on c-span. everything was devastating for him at the end. he was really in some ways isolated and alone. >> sunday night author and professor at amhearst college.
10:56 am
good afternoon, everybody. the committee on homeland security subcommittee on oversight and management efficiency will come to order. the purpose of this hearing is to examine the risks posed by north korea to homeland security and recommendations for the department of homeland security to be better prepared to mitigate these risks. the chair recognizes himself for an opening statement. it is no secret that kim jong-un
10:57 am
and his maniacal resegime have ramped up tensions. with missile tests on a dozen occasions between february and september of 2017 including tests of intercontinental ballistic missiles, many americans and allies around the globe remain on edge. however, americans may rightly wonder about north korea's ability to threaten the home land directly. intelligence from the hermit kingdom is often times inconsistent and limited. despite these intelligence challenges, information that has been gathered is reason enough for alarm. for example, according to media reports, two north korean shipments to a syrian government agency responsible for the country's chemical weapons program for intwere intercepted past six months. this is not the first time a north korean ship has been
10:58 am
seized due to carrying suspected missile system components. in 2013 a north korean ship was intercepted in the panama canal with false manifests and hidden under legitimate cargo parts for fighter jets and rockets. in addition, according to the council on foreign relations, recent estimates suggest that north korea's nuclear weapons stockpile contains 16-20 weapons and has the potential to go rapidly. furthermore, the center of nonproliferation studies estimated that north korea has between 2500 and 5000 metric tons of chemical weapons. and as we are all aware with the assassination of kim jong-un's half brother with a deadly nerve agent, those weapons have already been put to use. whether or not north korea intends to act on any of its threats to the u.s. directly, we
10:59 am
must also keep in mind that pyongyang is willing and able to supply weaponry, expertise or k technology to other hostile nation states intent on destroys the united states. former department of homeland security secretary john kelly stated in april that the most imminent threat from north korea is a cyber threat. north korea's increasingly sophisticated cyber program has the ability to pose a major threat to the united states' interests. for example, federal prosecutors are investigating north korea for a possible role in an international banking system or the swift hack that resulted in the theft of $81 million from the central bank of bangladesh in 2016. in late 2014 the computer systems of sony pictures entertainment were infiltrated which is said to have been in retaliation over expressed outrage over the sony backed
11:00 am
film centered on kim jong-un. with the growing threats are we prepared to safeguard our infrastructure from a north korea led sicyber attack. other possible threats such as an emp, while some believe as a low probability has the potential to be a catastrophic event that could result in paralyzing the united states electric grid and other key infrastructures. disruption to our power grids would be disastrous. according to a 2016 gao report, a major emp event could result in cascading impacts on fuel distribution, transportation system, food and water supplies and communications and equipment for emergency services.
11:01 am
as north korea continues its belligerent actions, the united states must be prepared to protect the homemade land from an array of threats. the department of home hand security has a vital role in protecting our cyberspace and critical infrastructure and preventing chemical, biological, raidological and terrorism. >> welcome all our guests here today. thank you, sir, for holding this hearing. i thank the witnesses for being here today. also want to take a moment to send my thoughts and prayers to those effected by the california
11:02 am
wildfires. in my district many folks near and dear to me have been evacuated. my staffers and friends have had to be evacuated from their homes. and a couple of camps receiving those evacuated are actually in my district. our thoughts and prayers are with them as well as others in california. also want to thank the first responders for again doing the work they're doing right now in and around my district. as the chairman, while i recognize the seriousness of north korea and threats it poses to us, i just want to take a moment to acknowledge that we also have to look at those affected by hurricanes harvey,a give them attention as well. coming back to north korea, america's current diplomatic policy must be cautious in engaging this individual, this leadership that appears to be very unpredictable.
11:03 am
reports do confirm that north korea's accelerating the pace of its missile testing, devoting more resources to develop its cyber operations and threatening to create a multifunctional nuclear bomb. recent actions such as the north korean connected hacking groups that successfully stole $81 million from banks in bangladesh and southeast asia show that north korea is getting more daring and much more functional with their cyber operations. from the witnesses today, i look forward to hearing from you and how this department of homeland security can better protect the vulnerable, critical infrastructure of cyber, cyber threats and how we can mitigate such threats here in our country. further, while the probability of an electoral magnetic pulse appears to be at this time unlikely, north korea has made it clear that it is testing its
11:04 am
ability to make a hydrogen bomb capable of such destruction. so my question to you is, is an emp something that is a threat at this time or very soon? speaking on his frustration of president trump, he said trump insulted me and my question. my question is, is there anything new or is this what's been going ob fn for the last 2 years? i'm interested to hearing from the witnesses in this panel what happens if the unthinkable happens -- what happened happen the first 10, 20, 30 minutes of an all-out war? hypothetical scenario, but i think it's one we need to be apprised of. i thank you and i yield back the
11:05 am
balance of my time. >> the chair would like to join you in echoing my concerns for those affected in and around your district and of course in california the wildfires and the first responders as well as the victims of the recent hurricanes here in the continental united states and our citizens in puerto rico and the caribbean. with that, other members of the sub committee are reminded that opening statements may be submitted for the record. the witnesses' entire written statements will appear in the record. the chair will introduce the witness first and then recognize each of you for your testimony. mr. frank salufo is an associate vice president at the george washington university and director of its center for cyber and homeland security. he previously served in numerous homeland security positions in
11:06 am
the white house and homeland security advisory council. welcome, sir. mr. anthony ruggerio is a senior fellow with the foundation of defensive democracies. he served in the treasury department and financial crimes and spent 13 years in various positions in the state department. welcome, sir. mr. patrick turrel is a senior research fellow at the center for study of wmd at the national defense university. he served in the u.s. army chemical corps for 27 years and was the wmd military advisor and deputy director for chemical, biological, radiological and nuclear defense policy for countering wmd. welcome. mr. jeff greene is a senior
11:07 am
director of global government affairs and policy at semantech. he served in staff positions on the senate homeland security and governmental affairs and as an attorney with a washington, d.c. law firm. welcome, sir. and dr. peter vincent pry is a nationally recognized expert on electromagnetic pulse. dr. pry was most recently chief of staff of the emp commission and various commissions related to national security as well as the house armed services committee and was an intelligence offer with the central intelligence agency. welcome, sir. thank you all for being here today. the chair recognizes now mr. salufo for an opening statement. >> thank you for the opportunity to testify before you today on
11:08 am
such a critical set of issues. north korea poses an increasingly complex and multidimensional threat to the u.s. homeland. the many facets include the nuclear threat, the missile threat and the proliferation threat. my remarks will focus on the cyber threat. it should be flagged up front that it is not one dimensional. it may manifest itself in at least three ways, as a stand alone cyber threat, as a component in conjunction with a broader campaign or as an indicator of an attack or campaign that is yet to come. the cyber equivalent of intelligence preparation of the battlefield or the mapping of our critical infrastructures. at a conference we cohosted with the central intelligence agency last week a senior cia official described north korea as between bookends, the fear of chinese
11:09 am
abandonment on the one hand and the fear of u.s. strike on the other. the official stated further that north korea exists to oppose the united states and that kim jong-un defines winning as staying in the game. it is against this background, the overriding survival of the kim regime and the military first policy that the north korean cyber threat must be considered and evaluated. in terms to ha s of the bottom front, the cyber threat is already here. it is persistent, ongoing and comes in various forms. the battlefield includes the traditional air, land, sea space, but increasingly cyberspace which is its own domain and transcends all the other domains. moving higher up the chain of conflict going beyond traditional computer network exploit and cyber crime to
11:10 am
bigger and more destructive attacks. if so, what are the primary targets and how can we thwart the attacks? at the high end of the fret spectrum are nation states whose military and intelligence services are integrating computer network attack and exploit into their war fighting strategy and doctrine. north korea is one of a small handful of countries that top the list from a u.s. national security perspective. while many of the details of their actual cyber warfare capabilities are shrouded in secrecy we do know north korea has invested heavily in building out their cyber capabilities. a 2015 report estimates that the north korean cyber army employs an elite squad of 6,000 hackers. this number has likely increased. and it's worth noting that many of these hackers operate outside of pyongyang in northeast china and southeast asia.
11:11 am
and while not yet up to par with the likes of russia or china, what north korea may lack in capability, it unfortunately more than makes up for with intent. north korea has engaged in both extensive espionage as well as destructive activities. they operate without compunct n compunction. recent reports of pilfering from south korean military and the targeting of u.s. energy companies and other industrial control systems here is troubling and reflective of their persistent espionage. the attack on sony is just one example of a destructive activity. there are sadly many many more. what differentiates north korea from other cyber actors is they have turned to cyber crime to raise revenue, including funding their nuclear aspirations especially given recent sanctions leveed upon them. they have been pegged as the
11:12 am
likely culprit behind a string of cyber bank robberies as far as poland. but also the swift tack on the central bank of bangladesh, hacks against bitcoin and the rans ransomware attack. if past is prologue, we ought to be prepared for a further spike in north korean cyber crime. while the cyber twist may be relatively new, north korea has long termed to criminal activity such as counterfeiting to fill its coffers. the country often uses diplomatic cover to pursue illegal activities. in essence they're using national collection means for criminal gain or more aptly to be compared to as a state sponsor of cyber crime. one word on what we do about
11:13 am
this. bottom line, we need to train more and better. we need to exercise. i think contingency plans are really important, make the big mistakes on the practice field not when it's game day. and dhs has done some good work in terms of sharing information intelligence. this is so vital because that's going to be the warning, that's going to be the indicator that something bigger may be afoot. in terms of the broader threat picture other scenarios will require a much broader response and it will need to include partners like d.o.d. and dhs and the utilities would likely be overwhelmed in such a scenario. thank you. >> the chair now recognizes mr.
11:14 am
ruggero for an opening statement. >> chairman perry, ranking member correa, thank you for the opportunity to address you too. missile programs are expanding after a decade of failed american policies and now pose a direct threat to the u.s. homeland. pyongyang has threatened our close allies south korea and japan as well as the u.s. troops stationed for decades on allied territory. the progress of north korea's program should not be surprising since pyongyang conducted its first nuclear test 11 years ago. and its long range missile program has lasted for more than 20 years. pyongyang twice tested a intercontinental ballistic missile in july that could target los angeles, denver and chicago and possibly boston and new york. the kim regime tested a massive
11:15 am
thermo nuclear weapon designed to obliterate cities and could be delivered by pyongyang's long rage missi range missiles. pyongyang has a proclivity for selling weapons to anyone who will pay for them. it has sold items related to independence, chemical weapons and ballistic missiles. among north korea's most troubling relationships are those with iran and syria. the threat we face is acute and growing. after years of strategic patience, the time has come for a policy of maximum pressure that actually stands a chance of restraining the north korean threat without resorting to war. the trump administration is pursuing iran style sanctions to force north korea to denuclearize. and absent that result protect from pyongyang's activities. both critics and supporters of
11:16 am
the 2015 nuclear deal agree that sanctions were the main driver that brought iran to the negotiating table. modeled on the successful iran sanctions program the trump administration's efforts clarify the choice we are asking other countries to make. do business with north korea or do business with the united states. it cannot be both. this approach includes diplomatic efforts to convince over count other countries to cut ties with north korea. the "wall street journal" reported that a yearlong effort by the state department resulted in over 20 counteries cutting of relationships with north korea. flaws in the sanctions regime include failure to prioritize the north korean sanctions program and the need to focus on pyongyang's overseas business network. north korea's shipping network plays a crucial role in supporting this evasion
11:17 am
including the prohibited transfer of commodities. the countering americas adversaries through sanctions act contains several provisions for the department of homeland security that require it to highlight the role of north korean vessels and illicit transfers and the role of third party countries. the department must publish a list of north korean vessels. treasury office currently listed only 40 vessels of blocked property of north korean designated persons. but our research indicated that moreli linked to north korea. we should focus on the activities of north korean linked vessels including increasing the number of entities and individuals sanctioned in the north korea shipping sector, compiling a complete list of vessels linked to north korea and naming ports
11:18 am
in china and russia that facilitate north korea's sanctions evasion. the urgency of that threat should call for the department to take these actions before the 180-day grace period granted by the sanctions law is elapsed. north korea's nuclear weapons and missile programs are a threat to the u.s. homeland and allies. there are two basic policy options for the united states. one accepts this dangerous situation as reality under the false premise that north korea's provocations can be contained or deterred. the other path was successful in this bringing iran to the negotiating table with crushing sanctions that could force the kim regime to realize the futility of continuing its nuclear weapons and missile programs. the only peaceful way to protect the homemade land is to ensure kim jong-un feels the full weight of sanctions implemented by the u.s. and our allies.
11:19 am
thank you. >> the chair now recognizes mr. turrel for an opening statement. >> it's my honor today to testify on the north korean wmd threats to the homemadland. we do not yet face a clear and present existential threat to the homeland but it's getting closer each day. the threat will be very real very shortly. it's potentially management. today north korea possesses weapons that can be unleashed directly or through others against u.s. interests abroad or in the homeland. nuclear weapons development progressed at a steady pace. with kim jong-un we've seen this extreme increase in pace of
11:20 am
intermediate and intercontinental ballistic missile testing and nuclear weapons testing to include the most recent one in september. this acceleration has north korea on the verge of a functional road mobile intercontinental ballistic missile capable of delivering nuclear weapons to the continental united states. while questions remain about the overall trajectory of the program, north korea could have by some estimates enough material for up to 60 nuclear weapons. not all of those would be their most sophisticated design but they could still be employed and whatever miniaturized war heads they have managed to manufacture at this point could be used against guam and the continental united states. additionally north korea maintains a large stockpile of chemical warfare agents probably mostly consisting of blister and
11:21 am
nerve agents. the korean geography supports strategic employment against the people living in the seoul area. the assassination of kim in koauala lumpur this february demonstrated their ability to use chemical weapons overseas. it's believed that given the infrastructure that they possess before north korea they can conduct research and development and possibly produce small batches of biological agents. north korea's long history of shipping arms, drugs and counterfeit money could facilitate attempts to move chemical or biological weapons into the u.s. homeland for
11:22 am
attack. while no one has clear insights into kim jong-un's thinking we can surmise he has two primary objectives, his personal survival and the continued existence of a kim led regime. watching iraq and libya could reinforce his belief that he's more likely to remain in power by demonstrating a credible wmd capability intended to deter attack on the korean peninsula. north korea remains intent on breaking our alliance system in asia and believes that threats to the homeland will cause u.s. to abandon south korea and japan during a time of crisis. we also know that both kim jong-un and his father believed they could manage provocations and the escalation and that by possessing a nuclear weapon, he believes that the u.s. threshold for war may be heightened, allowing him to be more provocative and belligerent. the pressure campaign must remain global.
11:23 am
it must strengthen our homeland and develop a modern approach to deterrents. pressures must be applied to cut off potential trading pere inin. many of the actions the department of defense, department of homeland security and others have taken to prepare for a wmd attack by terrorists would also apply to north korean attacks against the homeland. we must enhance our preparedness to include planning for large scale attacks perhaps with multiple nuclear weapons. i'm not sure we have fully grasped how difficult the logistics and coordination will be for life saving actions, short-term relief efforts and long-term rebuilding following nuclear detonations particularly if one is 2500 miles away in lie
11:24 am
high or 6,000 miles away in guam. finally we need a tailored deterrent approach for north korea. kim jong-un must understand that any conflict with the u.s. will end his regime and he will be denied the effects he's seeking to achieve. he should see how his nuclear threats strengthen our alliance. proper resourcing, training of of response forces and possessing a ready reliable and surviv survival nuclear triad. >> the chair now recognizes mr. greene for an opening statement. >> thank you for the opportunity to be here today. we've been tracking the
11:25 am
lazarus shows little hesitation to engage in activities that other groups might not. their technical capabilities have improved dramatically over the past few years and we view them as above average in overall capability and actually expert in some areas. in particular they're skilled at conducting reconnaissance operations and. in other areas lazarus has made
11:26 am
simple mistakes. these are usually relatively basic and we don't expect to see them making the mistakes in the future given their demonstrated adaptability. they've been connected on attacks from the entertainment industry to critical infrastructure. unlike other groups, lazarus has attacked individual internet users en mass. their methods run the gamut. you both mentioned in your opening statement the theft of $81 million from the bangladesh central bank in 2016. that's only part of the story. they targeted as much as of a billion dollars and but for a simple mistake might have gotten away with it. they initiated fraudulent transfers. this was a well-planned and sophisticated attack.
11:27 am
to cover their attacks they installed malware which printed doctored confirmation receipts. the fraud was detected because they actually misspelled the names of the recipients of one of the fraudulent transfers which led to inquiries. another attack is the wanna cry ransom ware outbreak in may. the national health service in the united kingdom was taken down. it was unique and dangerous because it propagated autonomously. it was the first ransom ware as a worm that has had global impact. while it was very good at infecting computers and encrypting data, it was really bad at collecting ransom. the attackers do not appear to have actually collected the ransom. you both mentioned the sony attack. this is probably the best known lazarus incident out there.
11:28 am
late 2014 they were hit with malware that disabled networks and stole e-mails. most of the media attention after this was focused on the salaries of respective movie stars. but from a cyber security standpoint the big story here was the permanent destruction in the united states of a significant number of computers and servers. the attack impacted as much as three quarters of sony systems. the fbi and the dni attributed this attack to the north korean government. our technical analysis has linked sony to numerous other attacks including the bangladesh bank heist, dark soul which is destructive attacks in korea in 2011, the polish bank heist. in some lazarus is an aggressive and increakreecreasingly sophis attack groups.
11:29 am
unlike other major attack gro s groups, which typically focus on one industry, lazarus has shown no such limitations. >> dr. fry, the chair recognizes you for your opening statement. >> thank you for the opportunity to be here today to talk to you about the threat from north korea. particularly the threat from electromagnetic pulse, emp which would result from the high altitude detonation of a nuclear weapon. it is in effect a super effective lightning that would destroy electric grids and all the critical infrastructures that support life in this country and that depend upon them. this threat has been described a couple of times.
11:30 am
i would recommend that we not use that term in reference to an emp. maybe a better word would be unknown. i suspect people will continue to describe an emp threat as unlikely right up until the day before north korea actually attacks us just like we did with the 9/11 attack that the day before it happened would have been recorded as highly unlikely. north korea has the capability of an emp attack right now. they detonated a hydrogen bomb on september 2nd. the new estimated yield on it is 250 kilotons. that would cause the collapse of electric grids, transportation communications, all the life sustaining critical infrastructures. it wouldn't be a temporary blackout either. we might not ever recover from it. if we are not prepared to defend our electric grid now and put in place the measures and if they
11:31 am
were to strike us now when we are unprotected, millions of americans would die. look at what's happening in puerto rico now if you want to know what the consequences of an emp attack would be. they've only been without electricity for a few weeks and many people are in fear for their lives, legitimately so. that's what would happen to the united states in the event of a north korea nuclear emp attack which they could do today. and with a single weapon. the intelligence community has been virtually alone in having a more accurate estimate of the threat from north korea than the intelligence community has over these years. this summer should have been a humbling experience for those who want to dismiss or minimize
11:32 am
the north korean threat. just six months ago many people were arguing that north korea only had as few as six, perhaps as many as 30 weapons. now the intelligence community estimates they've got 60 nuclear weapons. now we estimate that they can reach all of the united states. so the intelligence community hasn't had a good record on this. the emp commission has been right. two days after that h-bomb test, north korea also released a technical report accurately describing the way a super emp weapon would work and we think they probably have that too, which would generate emp fields even more powerfully than that of the h-bomb. when we think of nuclear weapons and the united states we think north korea would never cross the nuclear line because for us that's a big deep dark red line that we would very reluctantly
11:33 am
cross. north koreans don't think that way about emp, nor does russia or china or iran. in their military doctrine emp is part of a warfare campaign. the likelihood of a nuclear emp attack is exactly the same of the likelihood of getting into war with north korea. if we get into a war with them where they feel the regime is at risk, they will use everything in their power to prevail. so how likely is a nuclear war with north korea? it's not just up to us. it's also up to the north koreans themselves. they are entirely capable of miscalculation. last, i'd like to point in terms of what we should be doing. we're going in exactly the wrong direction in terms of our preparations for emp. two weeks ago a senior official at the department of homeland security described the emp threat as theoretical and something we needed to study a lot longer.
11:34 am
that's basically the plan the u.s. government is on now. they want to spend millions of dollars continuing to study the emp threat way out to 2020 and beyond when emp commission has already spent 17 years studying the threat and has repeatedly told congress this is a real threat here and now and we know how to protect against it and it can be done cost effectively and that is all true. i hope a project called the louisiana project that the emp commission started under secretary kelly will survive the death of the emp commission. in this project we have been working with the state of louisiana to prove you can protect a state electric grid very cost effectively. i think people will be surprised at how little it will cost and it would provide a paradigm for all the other states to follow. thank you so much for hearing me out. >> votes have just been called. i've got to figure out what
11:35 am
we're going to do here quick. >> this is what we're going to do. i'm going to defer my questions because i am going to come back. i'm going to go to mr. duncan, mr. correa.
11:36 am
we're going to vote and i'm going to come back. if anybody else wants to come back, they'll have that option. i hope you guys can indulge us and stick around but this is how things work here. with that, i recognize mr. duncan. >> dr. pry, could you just touch on how difficult it is in iran as a closed society and closed government for our arms treaty focuses and the iaa to actually do inspections there? i would love to get your take on that. >> iran has actually practically told us they're cheating on the iran nuclear deal. there is a military textbook
11:37 am
called passive defense that is a major textbook taught at the general staff academies that describes in admiring terms society successful cheating on arms treaties during the cold war and how they managed to fool us in terms of the number of weapons the quality of weapons and that this would be a good paradigm to follow for iran. it's there in black and white. unfortunately it's not unclassified. it should be unclassified but it's for official use only. but in effect they have told us in their military doctrine black and white that they plan to cheat on agreements in order to get nuclear weapons. in terms of the difficulty, i've written a number of articles on this. one of these military bases, there's a photograph that's actually available from unclassified satellite imagery that shows four high energy
11:38 am
power lines, each one carrying about 750,000 volts going down underground into a facility. something is going on in one of those underground military facilities. >> these are at the military installations? >> yes that the dia has never looked at. they don't have any ability to investigate them. that requires millions of volts of electricity. that could be runni ning seve n treating them as well and cheat on the treaties. something that needs to be declassified is an under president reagan there was a thing called the general advisory committee report on arms control compliance from 1959 to i think it was 1983
11:39 am
which the state department has never allowed to be declassified. it goes through all of the major arms control treaties we had with the soviet union and demonstrated how they cheated on every one. we have a long history of the bad guys cheating on these treaties and at least half the problem is our unwillingness to acknowledge that because there are interests in this town that are very much in favor of not wanting to face the reality that arms control doesn't work, just like there were people around chamberlain during world war ii that didn't want to acknowledge that the nazis and japanese were cheating on arms control agreements that existed before world war ii. >> thank you. >> the chair now recognizes the ranking member mr. correa. >> thank you, dharchairman. very quickly, you talked about
11:40 am
some of the things we can do, failed policies. the question to you, have we ever gone after the bank accounts of north korean generals, business folks? you hit them in the pocketbook at an individual level, that would get a reaction. have we ever attempted to do that? have we done that? if you lose a couple billion dollars in a swiss account, it may get your attention. >> certainly that would be useful. i think on leadership funds, there's a question of where that money is. i think you made a good recommendation there in terms of countries in europe that have bank secrecy is the best way to look at it. in 2005 the united states went after bank delta asia in which was very successful. the issue here is that in a lot of ways this money is held in
11:41 am
chinese banks or in the name of chinese companies and that's why it's important now to go after chinese companies. >> we haven't done it. essentially we lack the information, technology, the knowledge to figure out how to get that money. >> we're starting to do that now. since may the trump administration has taken six actions against china. >> nuke testing started 11 years ago, rocket testing 20 years ago. you figure they're preparing for that even before that and it's just barely now that we're figuring this out. >> certainly. >> dr. fry you talked about an emp pulse not being theoretical but essentially a clear and present situation. why haven't we reacted to it as a country? is this a question of politics or a question of cost? if the answer is this is a threat here, we're going to have to invest a lot of money to
11:42 am
harden our systems. >> it isn't chiefly a question of cost. you can protect against emp quite cost effectively. for $2 billion we could protect the electric grid. that's what we give away every year in foreign aid to pakistan. i think it's a complex question as to why we haven't acted yet. politics is mostly what it has to do with. the electric utilities in this country are not controlled by the federal government. there's 3,000 independent utilities. no agency of the u.s. government including the u.s. federal energy regulatory commission has the authority, has the power to order them to protect the electric grid. they have spent vast amounts of money and huge effort lobbying against emp -- >> that's kind of what we're going through with cyber security right now. >> exactly. >> private sector some folks want to step up, some folks don't. even the federal government, some agencies are there, some
11:43 am
are not. >> they have even opposed the tree branch threat. the great northeast blackout of 2003 was caused when a tree branch hit a line in ohio and it put 50,000 americans in the dark. they begged them to have a plan against a tree branch threat in the future. it's taken them ten years and nobody knows if it will work. >> the chair recognizes mr. higgins. >> in the interest of time, i defer my questions until we return. >> yes, sir. the chair recognizes ms. rice. >> thank you, mr. chairman. this is a question i would put to any of you. what effect would president trump's anticipated act to desed desed
11:44 am
decertify the iran -- >> the second is that from my perspective it's the iranians that are looking at north korea and seeing their pathway to a nuclear weapon. the concern i have is that there are many people who are suggesting we should stay in the iran deal that are the same people that are saying we can accept the threat from north korea right now and just deter them. i think that's the wrong message to iran. i think that we have to when we're looking at north korea, we have to make sure that we undersore thunder so score that our policy is denuclearization. >> we have this summer been surprised by the advancement of the missile and nuclear weapons threat from north korea. i think the next big surprise that's going to face us is iran.
11:45 am
because we have grossly underestimated the iranian nuclear threat. if one reads carefully the 2014 report, while they did not come to the conclusion -- the i.a. doesn't draw these conclusions but members of our commission and former members of the intelligence communities looked at that report. there are indicators that iran already has the bomb and they may have had the bomb since before 2003. before 2003 they were actually manufacturing bridge wire detonators, neutron initiators. in the manhattan project during world war ii when the united states was at that technological phase we were three months from getting the atomic bomb. these were things they were doing before 2003. what's going on in those military facilities? personally i think they've already got the bomb and we're going to be surprised just like we have been about north korea. >> anyone else?
11:46 am
okay. thank you. >> while i'm looking for my questions i just want to do a quick follow up to that. a lot of folks who did not support the iran deal are still coming out publicly and saying even though this is not the best deal the manner in which the president wants to do it is not the way to do it and that is a risk. does anybody have any thoughts on the manner in which it's being done? >> i'd like to volunteer my opinion on this. i think the biggest risk is remaining in the deal. i see it in the press.
11:47 am
i see the defenders of the iran nuclear deal describing it that at least it has constrained the nuclear threat from iran. that's not a fact. there is no evidence it has contained. there's plenty of evidence that it hasn't contained the threat from iran and we have basically deluded ourselves into thinking we have contained a threat. >> do you think the process which the president is following is the right approach? it's a yes or no. >> yes. anything that gets us out of that deal is going to be in the interest of our survival. >> thank you. i want to go ahead and follow up on just in the last ten days between attacking the press and the first amendment and blaming puerto ricans for the disaster caused by hurricane maria the president tweeted the following, our country has been unsuccessfully dealing with north korea for 25 years, giving billions of dollars and getting
11:48 am
nothing. policy didn't work. next tweet, presidents and their administrations have been talking to north korea for 25 years. agreements made and massive amounts of money paid hasn't worked. agreements violated before the ink was dry, making fools of u.s. negotiators. sorry, but only one thing will work. the president's next tweet. just heard foreign minister of north korea speak at u.n. if he echoes thoughts of little rocket man, they won't be around much longer. lastly, we can't allow this dictatorship to threaten our nation and allies with unimaginable loss of life he said at a meeting with top military officers. finally we will do what we must to prevent that from happening and it will be done if necessary, believer me. how would you characterize this
11:49 am
especially considering the rift between the president and his s secretary of state rex tillerson? >> so i'm the cyber expert here. i'm not qualified to opine on the merits or lack thereof of a diplomatic approach. i apologize. i'm not capable of responding on that. >> does anybody on the panel believe that the president's diplomacy by tweeting is the proper way to go? it's a yes or no. >> yes. >> okay. mr. ruggero? >> i think that's tougher to answer via yes/no. there's a lot in there in terms of north korea policy. i think the president is right when he talks about diplomacy has not worked with north korea. i think that -- >> don't you think there's a threat of us getting into a nuclear war because of the president may tweet something to
11:50 am
set off the other side? >> well, that was going to be my next point. when you're talking about deterrents it's important to telegraph to the other side what the consequence of an action will be. have done that. but on both sides, it's gone too far. i think the evidence of miscalculation can happen. >> thank you. i have one more question for mr. greene. >> can the gentle lady yield until we come back. we have a minute to vote. i apologize but i want to adjourn the committee at this time. the recess, correction, at this time. the vote has been called on the house floor. the committee will recess until ten minutes after the last vote.
11:51 am
>> thank you all for your indulgence and your patience. the subcommittee on oversight and management efficiency will come to order. so the chair will now recognize himself for five minutes of questioning, and just be apprised we're back to the five-minute schedule since we don't have votes impending. let me see if i can get my head here in the game quickly. mr. sulufo, 6,000 hackers employed in china and southeast asia. i want to talk to you about that a little bit and the indicators in the intelligence prep of the
11:52 am
battlefield to set your mindframe. these hackers that are employed in china and southeast asia, and maybe i should also include mr. greene because maybe this is some of the lazarus folks i don't know. but do we -- obviously, it's a little tougher for us to track these people in china. do we track them at all? if not china, southeast asia seems like it would be more opportune intelligence target for us. do we track them? do the countries, the host countries where they're operating know that they're there, such that we could impose a sanction or some kind of financial penalty or some kind of penalty on that host country that is hosting these individuals? is that a possibility? >> mr. chairman, i think that's an excellent question. to clarify, the 6,000 is not exclusively those operating overseas. but a vast majority or many of
11:53 am
them actually do. but i do think you raise a great question here, and that's finding levers and points of leverage we can have with other, including allies, by the way, where we can apply greater physical pressure in addition to cyber means. i mean, if you take -- if you look at a photo, a satellite photo of the koreas at night, south korea is lit up like a christmas tree wrrg north korea is dark. so there's very little connectivity there. so obviously, when we look at some of our own capabilities and capacities, the retaliation in kind is going to have minimal effect and impact because they don't have a whole lot to take down. so when you start looking at these outposts that they do have, i think that we do have opportunities to apply new means of pressure and i do think that many of these countries are unwitting to some of these operatives.
11:54 am
i think that is a path that should be pursued. and we should light them up. >> and what about the indicators? when you say essentially ipb and these are indicators when you talk about stand-alone, the broader campaign, and indicators, for instance, keeping with dr. pry, if we're to be, and i think we should be, rightly concerned about emp as a method, or any of the other things, but let's stick with emp, for example. would there be specific indicators in cyber that would clue us into impending testing, utilization, et cetera? >> i think dr. pry rightfully framed the issue that at the end of day, it's not the modality, it's the question or whether or not they get into the game. if they get in the game, they'll come in wholesale if they feel threatened. i think that the indicators are significant in terms of
11:55 am
potential target selection. but i'm not necessarily sure there would be any specific to emp other than they're going after the grid, so if there's one critical infrastructure that every other critical infrastructure is dependent upon, all the life line sectors, it's electric. it is the dwrid, and they could come at that through cyber means or emp attacks. >> i can see we're going to go to round two. mr. greene, i'm going to get to you so hang on, but i want to stay with mr. salufo for continui continuitity. you manipulationed t mentioned u.s. energy companies. can we prove that at this point? that's known information to us? >> this is now known information, yes. there have been actual reports put out by the information sharing and analysis centers for industrial control systems and
11:56 am
for the energy sector in particular. there's a news report that just popped earlier this week, specifically about a particular energy company that was breached. and that's based on information that -- >> it was breached by the north koreans? >> allegedly, that's what the attempt is. so i think one thing to notify, to keep in mind, in addition to ipb, where it could signal targets, it could signal intentions, it's also worth noting if you can exploit, you can also attack. in other words, if you're in the system, you're in the system. it all hinges around intentions and if they've got a foothold in the system and their intention is to attack, they can also attack. >> i'm going to yield and recognize the gentleman from louisiana. >> thank you, mr. chairman. dr. pry, my questions will be addressed at you, sir, so that you can get your head wrapped around where i'm going with
11:57 am
this. i'm specifically going to be asking about north korea's satellite program and their so-called space program, and the kms-4 satellite launch in february of this year. i read your entire testimony. it's fascinating, quite informative. you referred to massive intelligence failures, grossly underestimating north korea's long range missile capabilities, a number of nuclear weapons, warhead miniaturization, the development of an h-bomb, et cetera. do you -- do you stand by that statement, sir? >> absolutely, as does dr. graham, the chairman of our commission. >> moving on. in 2004, you stated that two russian generals, both emp experts, warned the emp commission the design for russia's super emp warhead, capability of generating high intensity emp fields was
11:58 am
transferred to north korea. not long after that, in 2006, north korea nuclear tests indicated yields that were consistent with the size of a super emp weapon. the timing and indicators of that illegal nuclear test were reflective of the warnings as stated by the two russian experts. is that correct? >> yes, that's correct, sir. >> in a super emp weapon, according to your testimony, can be relatively small and lightweight and can fit inside north korea's kms-3 or kms-4 satellites. these two satellites, specifically i'm referring to kms-4 because it was launched in this year, presently orbit the
11:59 am
united states and over every other nation on earth through the southern polar trajectory. the south polar trajectory evades u.s. ballistic missile early warning radars and national missile defenses, which also resembles a russian secret weapon developed during the cold war, similar super emp weapon. is that correct? >> yes, that's correct. >> two experts cited in your testimony stated similar concerns, one confirming that current ballistic missile defense systems are not arranged to defend against even a single icbm or satellite that approaches the united states from the south polar region. another expert stated that north korea might use a satellite to carry a small nuclear warhead into orbit and then detonate it
12:00 pm
over the united states for an emp strike. now, considering the fact that it appears that north korea has had access to a design for super emp warhead for over a decade now, according to the russian experts that were accurate in their predictions of north korean nuclear tests two years later and the indicators of that test, that would suggest that it was a detonation of a super emp device, would you -- would you concur that it's possible or even probable that kms-4 is currently super emp armed? >> we're very concerned about that. you know, we don't know if they're nuclear armed or not, but we know kim jong-un is a high risk player. and we think the threat is intolerable to pose an existential threat to our society. it passes over the country
12:01 pm
several times a day and has recommended that the satellites be shot down over a broad ocean area, over the arctic region so just in case they're salvage fused for emp, they would go off over an area that would limit the damage to humanity. yes, we're very concerned about that. >> would you assess, sir, that the emp threat is significant enough, the existent emp threat, specifically with regards to kms-4, would you assess that threat is significant enough to warrant legislation out of this body as suggested to this subcommittee, mandating the hardening of our grid and the shielding of our grid as you mentioned earlier in your testimony? >> well, absolutely. sir, even before the north koreans launched the satellites back in 2008, that was the recommendation of the emp commission because we feared exactly this kind of development. there are two satellites currently on orbit. one launched in 2012.
12:02 pm
they may launch them in the future. they appear to be atrying to create a constellation so they will in the near term always have a satellite in close proximity to north america. if we don't act to defend ourselves and/or take out those satellites, eventually, we'll be in a situation where we can't easily take the satellites out without the united states being at risk. >> thank you for your testimony. mr. chairman, thank you for indulging my time. i yield back. >> the chairman thanks the gentleman. deviates from protocol and recognized the ranking member, mr. correa, for the beginning of the second round. >> thank you. question, mr. greene. in terms of north korean cyber attack motivation, undermining the u.s. do you think what's higher probability, them going after our critical infrastructure or stealing intellectual property from us? >> so with the lazarus group,
12:03 pm
which has been linked by the fbi to north korea, it's hard to say because they have not shown any limitation in what they're willing to do. they have gone after critical infrastructure. they have gone after financial. they have gone after intellectual property. the recent report that was talked about is concerning because it shows this probing of the battlefield initial effort to get their way into electric systems. and we had a report not lazarus, a different actor just a couple weeks ago, about compromises of control systems at energy facilities. previously, we had seen this actor working on the back end management systems and two years after that, they moved on to control systems. so there currently is an effort. the group that was reported publicly this week has been consistent with the lazarus group. so to see them moving into the electric grid and have public reporting on it suggests to me a renewed interest there, which is worrisome, and depending upon what outcome they want, you're
12:04 pm
going to get a better geopolitical outcome by going after the grid than after an intellectual property. >> following up on that train of thought, if you go after sony, if you go after bank accounts, you may be doing it out of a hotel room in japan or maybe somewhere in china. or now based on the fact that russian state-owned company is now working with north korea, i mean, you could have those kinds of thefts directly and indirectly. they're kind of vague in terms of who did it and where the smoking gun is. but after you go after our power grid and you shut it down, that's a little more direct of an attack. that's kind of a declaration here. >> if you're trying to track back technically looking at who's doing it, it's going to be the same technical means to see where the attack is coming from. you rarely see the last hop to an attack actually come from the bad actor's computer.
12:05 pm
they're going to compromise someone else's computer. a lot of the attacks that happen in the u.s. that are based from overse overseas, the attacking computer is could come from anywhere. in terms of the motivations, we have seen the lazarus group over the past couple years focus on financial gain that has coincided with when the sanctions get worse. the ransomware, wanna cry, there was some speculation if they really wanted to get money out of wanna cry. there was a fairly robust debate in the media circle i spend my days in. what we saw in wanna cry, it was originally miscoded to collect ransom, i believe within 13 hours, they released a new version when they realized they weren't collecting ransom. that suggests it was an effort to get money and that coincides with inthe increase in sanctions. there's been an uptick in the
12:06 pm
effort to get money. at the same time, that was soon after the sony attack. i guess what i'm saying perhaps inartfully is that this group works on multiple different attacks. multiple gf goals. >> let me put down the question and ask you, you have seen those coordinated attacks coming. has our response worldwide been a coordinated offense like it was when we got the ransomware where most of the world reacted quickly. do we have that kind of coordinated response to north korea? are they part of that, you know, folks that we're looking at to make sure they don't surprise us with these kinds of attacks? >> with respect to their main actor, lazarus group, yeah, there's pretty good coordinat n coordination, public/private partnership. the wanna cry was probably the best public/private partnership we have ever seen. we were on the phone with dhs and the white house connecting up our experts. they were sending us indicators
12:07 pm
of compromise for analysis. we were sending them back. there's a growing ability to coordinate in cyber response that is kind of like the snowball going down the hill over the last -- >> i would imagine the key to the coordinated cyber response is time. you have to do it almost instantly, in split seconds. >> when i first heard reports of wanna cry, i confirmed this was real. i shot out a couple e-mails to the white house, to dhs, and i got almost immediate responses. we were talking in a matter of minutes. the concern i would have is still somewhat relationship based. we need to have that happening not because these are folks i know and they know me. there has to be something more structured in place. >> thank you, mr. chair. >> chair thanks the gentleman. i'm going to start the second round, which looks like it's going to be me. are you going to be leaving? you have to go? >> no comment. >> all right. so it will be us. we'll have a good time together. let me start with mr. salufo and
12:08 pm
finish where we were headed there. the targeting of the united states energy companies and indicators. do you know whether we, we the federal government, homeland security and related agencies, are aware of the indicators and are monitoring the indicators developing that intelligence, so to speak? >> in general terms, mr. chairman, they are. and we recently, the federal government recently stood up ctic, the counterterrorism -- the cyber threat integration and intelligence center under the office of the director of national intelligence, which is meant to provide the situational awareness of all the overseas intelligence we may have and combining that with what we may have domestically. >> who is collecting domestically? >> fbi would have different indicators. but the private sector. they're the owners and operators. they're the ones with better insights into their own critical infrastructure, into their data,
12:09 pm
and into particular breaches. so it really is, we talk publ public/private partnerships and i have said long on nouns, short on verbs. we have been talking about it forever, admiring the problem, but we are starting to see genuine solution sets there. and i think this gets to the bigger set of questions. i mean, atthen end of the day, the private sector is on the front lines of this battle, and very few companies went into business thinking they had to defend themselves against foreign militaries or foreign intelligence services. it's an unlevel playing field. how can the federal government provide information, but on the flip side, the private sector provide some of the solution sets, too. it's in where the two come together that the magic is. >> do you have -- do you have recommendations in that regard, regarding a governmental for the homeland in particular, understanding that the intelligence services may be
12:10 pm
handling foreign threats, but threats in the homeland, i'm a little uncomfortable, quite honestly, feel like we're laid a little bare, just counting on the private sector, which with all due respect, they're focused on their business and trying to make a livingering right? >> absolutely. >> this isn't supposed to be their primary focus, but it seems like it should be one of ours. >> i think you should have a specific tiger team set up to deal with the dprk -- with the north korean threat in particular. we talk about cyber and cyber deterrence. you don't deter cyber. you deter from engaging in certain activity. i think there is an opportunity to build a team here specifically. >> there's nothing currently you know of. >> i may be unaware. hopefully there is some activity inside the federal government. but is it as whole and wholesome as it needs to be? probably not. >> okay. fair enough. all right, is part of your name -- because i noticed
12:11 pm
mr. correa kept some of it silent. please tell me how you pronounce your name. i want to get it right. >> ruggiero. >> thank you. so, you talked about the department must be publishing a vessel list regarding north korea. saying we think they have 40, but you're saying it's up to 140. it seems to me a bit odd, so it might be out of place, and you can walk me through it, is this the department of homeland's responsibility? should it be their responsibility? and under what kind of authority, i guess. then i want to talk to you about the 180-day grace period regarding sanctions. i'm not sure i understand that fully. if you could elaborate on those two things. >> sure, in the sanctions law that was signed by the president i believe in august, there are some authorities for the department of homeland security, probably would have to work with the treasury department in terms of vessel lists. the issue with north korea now
12:12 pm
is it's easy to identify vessels that have the north korea flag or the ones that visit north korea. but they are very good at deceptive practices in the commercial and financial sphere, where they use chinese and hong kong and other front companies, and we believe that that is some of what they're doing in the shipping sector, which makes it harder. so that's where that delta comes from. that's why we use the phrase, at least. there are other lists that are much higher than that. and so i think, you know, this is an area where my experience comes on the iran side, where we targeted iran's shipping sector and it was very successful. that's an area now that we're not doing enough on north korea. i think homeland security could help with that. they have some authorities that could be used. i think treasury department, state department, and the point on tiger team, we don't see that in the u.s. government sort of going at sanctions in this way. so i think there's some focus on it, but we need to have more. >> okay, and the 180 days?
12:13 pm
there's a prohibition or a restriction regarding the sanctions regime? >> that's the requirement. when the homeland -- department of homeland security has to make some of these judgments in the law. the point i was making is, you can do it earlier than 180 days. >> okay. do we know, and keeping with you, sir, do we know, you mentioned in your testimony the sale of nuclear materials, and i don't know if we're talking about equipment, et cetera, and also chemical. do you have any examples of those that we need to be aware of that we're maybe not aware of, at least on the committee? >> in terms of nuclear, the biggest case was in 2007, when israel destroyed a nuclear reactor in syria. there's been, you know, rumors that north korea exchanged nuclear material with libya. in that same timeframe. on the chemical weapons side, i detail in my briefly in my testimony about the syria connections, which are not linked to the more recent ones,
12:14 pm
but talking about chemical weapons, suits and other items. these are relationships that are very strong between syria and north korea. >> at least there's a documented history, maybe it's not updated or maybe it's not current from a known fact standpoint, but that might just be because we don't know yet. we haven't found out. >> given my experience is that, as i said, north korea will sell anything to anyone who is willing to pay. and you know, there was a time where we thought that nuclear was a line they were not willing to cross. and they proved that they were willing to do that. >> okay. excuse me just one moment. >> i know you have been -- you're almost exhausted with your participation here. blister and nerve agents, and i
12:15 pm
think the world, at least i do, fundamentally believe that it was used on kim jong-un's half brother in malaysia. and you know, i have a little bit of military experience as well. my chief of staff is a chemical officer. and with that, those eventualities were very concerning to anybody who knows what they're seeing there. maybe -- first, let me ask you this. i don't know what your background is, but i want to get for the record and hear from you folks. conventional artility. conventional. we have assessed the north koreans as as many as 10,000 conventional tubes pointed at the 25 million people living in seoul. 60 plus or minus miles away, right? that is a nerve and blister agent or chemical agents are deliverable by conventional
12:16 pm
artille artillery. are they not? >> yes, sir, they are. deliverable by conventional artille artillery, rockets, and short-range ballistic missiles. >> do you know, and can you comment on whether conventional artillery, rockets, missiles, et cetera, all require electronics or electricity to operate? >> not all of their tube artillery would. >> right, so that's just pulling down range. that's a concern there. they have sufficient stockpiles, according to your testimony, or at least what i read. >> south korean minister of defense estimate between 2500 and 5,000 metric tons. >> right, so that's certainly enough for a first round exchange, right? what about deliverable from -- for a long distance. you mentioned rocket or ballistic missiles. this is literally something, let's take vx, deliverable by
12:17 pm
ballistic missile over a large population or large area? >> they could deliver vx or mustard agent by scuds. most likely targets for those would be places like pusawn, looking at stopping force flow into the theater. >> but we're not talking about -- in your opinion, we're not talking about those being used against -- >> the homeland by icbm, no. >> not the united states or united states territories. at least from that delivery system, right? if they chose to package that up, put it on a ship, put it on a plane, somehow deliver it to the west and use some other methodology, vx is a credibly pervasive. it only takes a little bit to go a long way. they could use that if they so desired in some kind of attack in the homeland or somewhere, one of our territories or one of our significant allies, right? >> correct, yes. >> okay. mr. greene, back to this lazarus
12:18 pm
group. do you know how they were identified, and do we track them? how do we know -- do they identify themselves? do they claim responsibility for certain things? what's the story on these folks? >> they don't claim responsibility. what we do is we see hundreds of attacks, thousands of attacks every day. we classify them. we analyze them, and are able to compare snippets of code, techniques, code obfusation, ip addresses. different techniques and able to group certain attacks. based on that, the first grouping i'm aware of is 2009. they were reported as being behind some service attacks. so moving forward from that, what we see is code reuse or other techniques and tools that reused. >> that's how you identify them. >> correct. >> do they call themselves the lazarus group or is that our common terminology to describe them? >> that's our name and there are other names for the same group. for us, that's a large group that encompasses eventually all
12:19 pm
of the activity attributed to north korea. >> because you're attributing that -- those actions to different techniques and the markers that you already discussed, we don't know them by name, individual persons, or locations, or can we glean that at some point from the work that they're doing? >> it's getting harder. oftentimes, you can determine back to a location. we can often find with some high level of confidence a city or even a time zone where something is coming from. but that's through a variety of means. sometimes we can tell, they leave time stamps when they compile code. they work 9:00 to 5:00. a certain time zone may take holidays off. they have gotten better at hiding that. what we as a technology company have a hard time doing is seeing who is sitting behind the computer. we may know they're in a particular eastern european country, but what you see is an overlap, sometimes you have criminals working.
12:20 pm
sometimes criminals will work for the government. sometimes government workers will moonlight as criminals at night. sometimes you have haktivist groups that will work for the government. we leave that last mile of attribution from intent, not something we can peer into. >> are these countries typically -- these are probably countries, i don't know, are they typically countries that are not necessarily openly hostile to the united states but not necessarily welcoming as allies in the fight against terrorism? or otherwise? can you characterize that either way? >> with the lazarus group, i would have to go back. i can get back to you. i'm not sure how well we have defined the actual origination point of the attacks or the code. we are grouping them, we're relying, as i said, on the u.s. government to tell us this is a north korean actor. we can tell with a high level of certainty that a number of attacks are the same. for instance, when wanna cry
12:21 pm
came out, we knew it was relatively quick, we had a high level of confidence this was lazarus. we didn't know that it necessarily came from north korea, but we knew this was the same actors for a bunch of different reasons. and that became more certain over time. so i don't know, and i can get back to you, that we can tell you specifically. and actually, i'm quite confident, lazarus, no one really knows who patient was with the bad outbreak of laza s lazarus. that hasn't been resolved yet, but that's one that spread autonomously on its own. >> you're a private entity and you record your findings and work with the federal government and various agencies whether it's intelligence agencies or otherwise, regarding your findings, but you don't know if they go the last mile or not or do they ever report that to you? do you ever get feedback regarding your inputs to know that they were ever resolved or
12:22 pm
how does that work? >> split that in two. with respect to attribution to a nation state, very rarely i can think that we didn't find out by picking up the paper, looking online and seeing the government has atrinlted x to y country. we do get feedback on the quality of work we do and the assistant we have provided, going back to wanna cry because it's fresh in my mind, we got a lot of quick feedback from the government saying this was helpful. what do you think about that? that was uk also. working with other countries as well. we is a give and take on the technical level. and we were sharing our thoughts on where we thought it was coming from in terms of a connection to lazarus. we didn't get a, you're right, we agree with you on that. we just pass that part along. >> and you don't know whether treasury or any other federal government agency has pursued these individuals for prosecution or the host countries for
12:23 pm
notification/apprehension or investigation? you don't know any of that, do you? >> not with lazarus. with other groups, they have indicted chinese hackers, iranian hackers. extradited some from, i believe ukraine, maybe bulgaria. we know of some actions and have assisted in some law enforcement actions, but with respect to lazarus, don't know anything. >> okay. we might ask you to comment further off the record in an effort to determine what can be done from your viewpoint. it's one thing to identify them. right? but there's -- in my mind, there's really, i mean obviously, there's a reason to identify them, but if you skip the next series of steps where you go get them or deter them through the host country that may even -- they might be victims as well, right? but if we know and we don't take the next steps, i mean, that's pretty foolhardy. we have spent the energy and the time and the money, and then we're moving on to the next threat, right, which is coming
12:24 pm
momentarily. >> from our perspective as a company looking to protect ourselves, our customers, we're more focused on the how than the who. the who sometimes informs us. there's one thing you might find interesting. there was a group of security companies who got together a couple years ago for something we called operation blockbuster, which was a joint effort to go after lazarus, to try to degrade their efforts. sharing a lot of telemetry across different companies. that's the kind of thing going to what mr. salufo was talking about, you see security companies, we're competitors and also working toward the same end. with some degree of success. it is the proverbial marathon, not the sprint. >> while you may be looking more at methodology, the what as opposed to the who, i think the federal government has to look at both. we're glad you're looking at, and your expertise might be in the what, but we have to, i think, be interested in the who. you can't be. you're not a law enforcement agency, but the federal government is.
12:25 pm
thank you. dr. pry, why did i write louisiana projects on my note pad? >> oh, probably because that's a project that the emp commission launched in cooperation with the department of homeland security to develop a plan to protect the louisiana electric grid. we don't know if it's going to survive the death of the emp commission, but you know, our gimmick has been that we don't have to keep studying the problem for years and years, that we know how to protect the grid now. we can do it now, do it in a cost effective way, and the people of louisiana actually, they're the ones who took the initiative through their louisiana public service commission, to act secretary kelly, who was then the secretary of homeland security to help them come up with a plan to protect the louisiana electric grid, and dhs is currently doing that. it's already done some good work. what we want to end up with is a detailed blueprint that they could actually implement in a
12:26 pm
cost effective way that will prove to those who disagree with emp commission that we can do the job now. we can do it with the current technology, and it can be done cost effectively. >> and we don't have a detailed blueprint at this time? >> not yet. >> what's it going to take to complete it? >> it's going to take some time, for one thing. right now, dhs, the people who would normally be working on the plan are helping out in puerto rico right now, so that delayed it. okay, but it will take, once they are over that and they can focus on this plan, it will take three to four months and dhs has been putting 300k into it, it would have been good to have another $170,000. the emp commission was going to kick that in, but now we're out of business so we weren't able to do that. for less than -- it could probably be done for the 300k. >> you said it's a matter of months. understanding and agreeing that we get past the situation, the disaster in puerto rico and
12:27 pm
getting those folks back in power, et cetera. about a month there. and less than $200,000 or something like that. why is the emp commission out of business? >> well, we were scheduled legislatively, that's a good question. and complicated one. under our charter, commissions typically last about 18 months. all right. and so we reached the end of our life. and nobody asked the commission to be extended. the department of defense didn't, the department of homeland security didn't. you know. >> does that take legislative action as far as you know or something that can be done from a regulatory side? >> it would take legislative action to continue the emp commission or it could be done by the chair -- i think the chairman of the committee, for example, chairman johnson asked about the power of the chairman of the committee to basically continue or establish a commission. he wouldn't be able to pay for it on his own. he would have to have the cooperation of the chairman of the senate appropriations
12:28 pm
committee if it was to be appointed. however, i could tell you, emp commission has been working for 17 years pro bono. commissioners do not get paid. i haven't been mostly paid, so you know, we're used to working for nothing. >> okay. i, like mr. higgins, am concerned -- i didn't realize ms. jackson lee is here, so i'm going to suspend my questions. i'm going to come back to you, dr. pry. but i'm going to recognize ms. jackson lee for her questions. >> mr. chairman, thank you very much. and to the witnesses, thank you for yielding to me. this is a very important discussion. i wish i could spend the time that the chairman has now spent, but i know that we'll have a very extensive record and appreciate you for that. let me just go directly to mr. greene and pursue recent reports about north korea's capacity for attacking the grid.
12:29 pm
we understand, those of us who have been on the committee, i chaired the transportation infrastructure committee and cybersecurity. i have seen all the nuances of homeland security and national security. and we now have a new hurdle, and i think one of the most difficult and challenging parts of the hurdle is that 85% plus of our critical infrastructure is in the hands of the private sector. so what capacity does north korea have in the attack on the critical infrastructure? what would be their inclination? what i suspect they would say, let me drop my other options and this looks like this is either more fun or more devastating or far reaching impact or i can readily see how the impact is. what is your assessment on that, and what's your assessment on
12:30 pm
our protection against it, and what's your assessment on our steps to address something like that? >> so i would say the reports that came out in the past week have been about really the first steps of an operation to implicate the grid and the reports that i saw were by the group that we call lazarus, spearfishing e-mails, attempts to get a bridge head on control systems, i'm sorry, any systems these energy facilities, most reports have said they have been unsuccessful, but cyber can be like seeing one bug in your house, where there's one, there's usually a lot that you can't see. so that suggests to me there's a lot of other activity going on. cyber is one of those things where you really are subject to the weakest link theory. eventually, they're going to find a way onto some system. that goes also to your question about the preparation of the grid generally. there are a lot of companies that have taken significant steps in recent years.
12:31 pm
nerk did take a long time to get regulations out, but they're being followed. but the problem is you do have over 300,000 different utilities and you don't need to compromise the biggest to have some kind of impact. in terms of whether they're there yet, i haven't seen evidence to sunl they have actually gotten onto the control systems. we have seen that with other different actors, but not yet with lazarus. doesn't mean they're not trying. one thing that may be in our favor is 6,000 sounds like a big number of cyber warriors, so to speak, but it is not as big as some other countries, and control system knowledge, the ability to compromise control systems is fairly specialized. i don't know yea or nay whether they have that. very will could be trying to develop that, but there are a lot of hurdles they have to go through. as with the progress we have seen with nuclear and elsewhere, it's not going to stop them from
12:32 pm
trying. i hope i answered the breadth of your questions. >> do you think we're a year away, months away, years away in terms of their capacity to hack a very, very vital network here in the united states? we are sophisticated. we are dependent on technology. our power grid is in varying states of repair or disrepair. and our technology is questi questionable in light of the private sector ownership as to whether the sufficient nlt firewalls are there. you mentioned the concept of breaching someone's, i call it the technological wall, in that there is that kind of activity going on. where do we need to be in terms of the government? i believe we should not be in a voluntary mode of getting the private sector to be required to document that their systems are secure. we don't have a requirement of
12:33 pm
secure documentation. and to take down our grid is weaponry. so how far away are they from that? >> i don't know the specifics of their capabilities, but i can draw an analogy to this group, the dragonfly group, even extremely sophisticated. we saw them take about two years to go from management systems back end systems to control systems. we detected them on those systems earlier this year. so depending upon the level of experti expertise, it could take them, it also depends on luck. they find the right vulnerable system and the right human frailty, they could get on sooner. just being on the system wouldn't be enough. you have to have a certain amount of knowledge of the energy grid, but one thing we have seen lazarus to be quite good at is the reconnaissance element of the operation. i suspect what we saw reported
12:34 pm
earlier this week is the proverbial tip of the iceberg of the efforts going on. >> you believe there is a will and they're making a way, meaning they will be interested in doing this. this would be one of the elements they would find attractive in terms of attack on the united states or any other country that they're at odds with? >> yeah, and i think they're not alone in that. there are other major likely nation state actors looking to get on the beachhead onto the systems. the question becomes at that point, we talked about the intent and understanding of the implications of doing it. with respect to dragonfly, we have reported that there are no technical limitations left for them to be able to cause impacts, significant impact to energy operators. the bridge they would have to cross is a willinginize to do it, understanding the implications to themselves and their own economies and potential retaliation. >> you think russia would have any collaboration on this since they would engage with power
12:35 pm
attacks in ukraine? >> i just don't have any knowledge on that. i'm sorry. >> mr. chairman, would you yield me a few more minutes? appreciate it. >> madam. >> thank you. i see a head going on, dr dr. sulafo. do i have it almost right? >> close enough. i have been called much worse. >> to read it from this distance. this is something that i think -- i'm beginning to believe that there are some elements of business choices and the respect we have for the capitalistic system that requires our very keen study and one of them is the infrastructure of cyber that's in the private sector and what firewalls that have an overwhelming impact. so i yield to you and i want to go to mr. terrell on another matter. >> ms. jackson lee, thank you
12:36 pm
for the question. i think you raise an important point here. firstly, not all critical infrastructure is equally critical. when you get to the most critical, those that affect our so hp called lifeline sectors that affect public safety, national security, and economic security, the grid is top of the list. i don't care how robust everything else is, if you don't have power, it's kind of futile. >> there you are. >> so yes, they are a unique set of entities. on the russia side, what they demonstrated boat in 2015 and 2016, a rubeicon was crossed in that case. we all thought woulda, shoulda, coulda, those were threats, but in this case, they intended to signal a capability because they followed up the disruptive attacks with a denial of service attack. basically an in your face, ha-ha, we got you response to the first attack. the reason i jumped into this
12:37 pm
fray was because obviously, north korea is dependent upon china for much of its support and the like. but you're slowly starting to see russia fill that breach. in fact, there was a russian company that just moved in to provide internet access service to north korea since the chinese capabilities have been minimized. they have back end capabilitiec, so i do think you've got a bigger set of issues here. there is quite a bit of chatter that russia has been supporting and working, whether the state or whether through its proxies, organized crime, hard to discern who's behind the clickety-clack of the keyboard, but there is a lot of interest there. and this comes to a point, mr. chairman, you brought up earlier. one of the most vexing challenges is that you are -- there are digital safe havens. a vast majority of these bad actors are playing in china and
12:38 pm
russia. and we have -- we lack extradition treaties with both of these countries. and the reality is that we have to get more and more creative to be able to extradite them when we go to countries that the u.s. does have cooperative relationships. this issue, as complex as it is, the cyber issue can't be seen in isolation of all of these other matters because it really is about the safe havens and russia and china are there. i think russia is filling the breach that china has been abrogating in north korea. >> well, he's given me, i can look in his direction because his gavel might be moving. i'm going to take the time, i'm glad he had this hearing. i think you should give us maybe in writing our marching orders, and don't think i'm asking you to be presumption. you said safe havens. i would like five points for the record, if you have five points you can say quickly, the safe
12:39 pm
havens. i'm concerned about the vastness of the private sector in these critical areas you talked about, and the firewall that we have, it's in the private sector. we have voluntary, if you call us, we can come. what more can we do that strengthens their protection if in fact their own internal systems are not where they need to be? because this is national security issues with another country hacks x, y, z dealing with the power grid or hospitals or research. it's very important. >> is that a qfr, a question for me to follow up on or -- >> give me one because i'm going to go to the professor. >> so this is not -- it's not to punt the issue, but quite honestly, i don't think we're ever going to firewall our way out of this problem. by that, i mean the initiative remains with the attacker, so if you think of it in the traditional red/blue military kind of environment, we have to shape the environment so it's in
12:40 pm
our best interest. so it's not to abrogate all the cybersecurity responsibilities, but the initiative will always be with the attacker. the attack surface is growing exponentially. every day, it grows and security still tends to be an afterthought when we think of the internet of things and the network devices that are coming onboard, we're never going to simply be egg to firewall our way out of this problem. i feel the private sector has been given an unfair -- they're defending against nation states. so we have to -- we have to level that playing field. and without going into a totally different direction, i think we need to be a little more proactive in shaping the environment so it's in our best interest. >> thank you. i just need to be pursued along other lines. i have probably a different view, but i thank you for that view. and the safe havens is something we need to ascertain. i want to get to the question of
12:41 pm
north korea's danger to the homeland. and maybe get you to -- first of all, let me say that i am a proponent of the nonnuclear agreement with iran, and you might offer to comment on the idea of first of all, that doesn't mean that you do not look at the compliance and other elements that may need to be of concern. that is not a blanket. that is a vigilance on the other elements of iran's terrorism propping up assad and other things. when you look to the agreement, you have to look to the four corners of it, whether or not there is compliance, whether there's access, and all of those at this point have not been negated. but i think the point that i want to raise is if you can ascertain, if you said it, please forgive me, but i would like to hear it, where north
12:42 pm
korea is right now in their capacity, and i don't want the news articles. they can get to alaska or here, whatever. their head of government chooses to say on any given day. but your ascertaining his, where he is, where the country is and the likelihood of his efforts, if you will. that would be helpful. >> yes, ma'am. with respect to a difference between iran and north korea, quickly, we have to deal with every country and every threat in the unique situation that that threat exists in. so iran doesn't match perfectly to north korea. north korea doesn't match perfectly to russia. so approaching each one tailored to that threat is important. so where north korea sits with their willingness and ability to attack the homeland today using
12:43 pm
nuclear or chemical weapons, you know, the nuclear program, he has an ability to employ nuclear weapons today. it's a matter of where can he employ them and when and why would he employ them. so in understanding north korean rationale, they're an extremely rational actor. from their perspective. they do things that are in their national interests. in solidifying his security as the head of state, in solidifying his security within the region. and he has a population surrounding him that almost nobody remembers a time when the kim family was not in charge. for 67 years, they have all been told, everything that is wrong in north korea is the americans' fault. so when pushed into a corner, he will have reason from his
12:44 pm
perspective, he can create a rationality to attack. he -- if he feels he needs to. he's going to try to deter us because he still has two operational regional objectives to try to accomplish. the family has always said, unification of the korean peninsula is important. so can he do that in such a way where he can keep the united states from not supporting the republic of korea and not supporting japan? and keep japan out of a war. and can he do this either/or if he can't reunify initially, can he reach an actual peace treaty on the peninsula that solidifies his position, because in solidifying his position with just a peace treaty can say i have finished what my grandfather started. and he sets himself up for
12:45 pm
long-term control in north korea. which is why a global campaign pressure or pressure campaign that cuts off funding from the outside, cuts off support, weakens that position. so the challenge becomes, can he attack us? yes. can he attack us effectively yet? he's almost there. and the north koreans have also demonstrated they're not nearly as interested in the actual precision that we may be interested in. if he can attack seattle, does he care if he can attack directly at and hit directly on top of the space needle? no. but if he can hit seattle, he can hit seattle. if he can hit the united states, he can hit the united states. so his threshold of use will probably may be lower than us. his threshold of accuracy will be lower than ours. so we're not -- we may not be there tonight. we may be there next week. or we may be there next month, but we're at the point where
12:46 pm
he's going to have the ability to attack the united states and with an intention of killing americans. you know, just hurting us a little bit isn't as important to him as it is killing us. in north korea, they remember, the u.s. bombing campaign during the korean war was there's two bricks stacked on top of each other, united states is going to destroy those two bricks. they're going to want to inflict as much damage as they possibly can if they attack. >> will the gentle lady yield? i have a hard stop. >> i would be happy to yield. mr. chairman, could he be allowed to say the one action to stop that? i would be happy to-year-old. what is our action? other agreements being abandoned? we don't have an opportunity at diplomacy, but go right ahead. >> you know, the overall means of dealing with north korea today, we're at this point where
12:47 pm
we have to continue the pressure campaign, we have to demonstrate our resolve, and we have to be able to talk to them. and it may not actually end up being a negotiated solution, but over the entire course of the cold war in deterrence with russia, we talked to the russians. we talked to the soviets. they understood our message. we understood their message. we have to have those means of being able to talk to the north koreans. so we can have an effective deterrent while we get to a solution that hopefully does not include going to war. >> the chair thanks the gentle lady. >> dr. pry, i want to finish up with you if i could. i, too, like mr. higgins am concerned and interested in the satellite array and the capabilities therewith that north korea has. can they potentially launch an
12:48 pm
emp device from one of those satellites? and is it something that's launched from the satellite? does the satellite come out of orbit? does the satellite deploy something? house does that work? >> we're concerned because the satellites, the orbit, the trajectory, the purpose of this resembles this secret women the soviets came up with in the cold war. and basically, the satellite has a nuclear weapon inside of it. and you orbit the satellite so it's at the optimum altitude already for putting an emp -- >> you're saying it's currently there now? >> yes, it is, and it passes over us several times a day at that place. all you have to do is det nade it when it arrives. because we don't have ballistic missile early warning radars facing south, we're blind defenseless from that direction, which is why it's on a south polar orbit. now they have two of them there. i find it -- we might have actually seen a dry run of a
12:49 pm
north korean total information warfare operation back during the 2013 nuclear crisis we had with north korea after the third nuclear test. you know, that was on april 16th, 2013. you know, it coincided with lots of cyber activity attacks from north korea, but that was the day of the metcalf transformer shooting. okay, we don't know who did that, but when the people who train the u.s. navy s.e.a.l.s went in there, they thought it was a nation state operation. this was done the way the s.e.a.l.s would have done it in terms of all the techniques. and on that very day is the day the kms-2 passed over washington, d.c. and new york city. you had events that threatened the western grid and the eastern grid simultaneously on that day. we don't know if it was north korea that did metcalf, but for sure, that was their satellite passing over washington, d.c. and the new york city corridor.
12:50 pm
>> so the two satellites they have right now, they apparently one at least passes over new york city, the east coast, new york city, washington, d.c., and the other one? >> well, they actually -- they pass -- every time they do an orbit, do an orbit they pass another 90 miles to the east so there are times -- >> i see. >> -- when it's right over to center of the united states and passes over the eastern -- >> and times that are potentially none. >> yes. >> but your testimony indicates they would like to fill the array so there's ever one present. >> right. it used to be that basically would have to wait 90 minutes. all right. now it's ha 45 minutes. >> and we don't know what's in the satellite. >> we don't. according to the north koreans' official position it's an earth observation satellite for peaceful purposes, but then kim jong-un and north korean press have actually included it in their descriptions as part of their nuclear deterrent, and there are quotations from them to that effect.
12:51 pm
>> when you say deterrent, they might say we're just photographing sites where nuclear armaments in the united states might be launched from to see if there's any activity and thus it's a deterrent. they could say this. >> they could say that. they've also described it as peaceful satellite. but why they would be interested in the health of the forests of north america is, you know, open to question. >> right. and i suspect they would consider disruption, removal, whatever you want to call it of that satellite or any of those satellites as an act of aggression or war. >> sure, but the satellites are illegal in the first place. they're not supposed to be launching satellites, which is -- not on that trajectory. >> what is the recourse for nation-states or nations that launch satellites in violation of whatever sanction or whatever u.n. requirements, whatever
12:52 pm
requirements are that make them illegal? what's the remedy? >> i think the only remedy for that is going to be to shoot those satellites down. >> why hasn't than been done already? >> i don't know. i don't know why. >> interesting. gentlemen, you've been very gracious with your time. we appreciate your testimony more than you can imagine. we appreciate you waiting for vote and staying after. maybe we'll see you again. we e hope we have better news or at least improved news the next time we get together. at this time the chair thanks the witnesses for their valuable testimony and the members for their questions. the members may have some additional questions for the witnesses and we will ask you to respond to these in writing pursuant to committee rule 7-delta, the hearing record will remain open for ten days, without objection the subcommittee stands adjourned.
12:53 pm
the family research council and other conservative organizations have gathered in washington for the 12th annual voters value summit. roy moore and house majority whip steve scalise will speak to the gathering set to start at 2:00 p.m. eastern and will be live on our companion network, c-span.
12:54 pm
also coming up at 2:00 p.m. eastern on c-span2, house minority leader nancy pelosi will hold a news conference to talk about president trump's decision to decertify the iran nuclear deal. she'll also discuss the president's decision to stop subsidies that help low-income people by e health insurance. that's live on c-span2 starting at 2:00 p.m. eastern. this weekend on book-tv live coverage of the 2017 southern festival of books in nashville. starting saturday at 11:00 a.m. eastern. with biographer jonathan ige and "ali: a life." nancy mclean with her book "democracy in chains: the deep history the radical right stealth plan for america." and eric ericson, author of "before you wake: life lessons from a father to his children." then on sunday, our live coverage continues at 1:00 p.m. eastern with best-selling author
12:55 pm
liza mundy "code girls: the untold story of the american women code breakers of world war ii." patricia bell scott with "the firebrand and the first lady," portrait of a friendship. and creative writing professor jared sexton, author of "the people are going to rise like the waters upon your shore: a story of american rage." watch our live coverage of the 2017 southern festival of books in nashville this weekend on c-span2's book-tv. this weekend on american history tv, saturday on the civil war, author kwof "for their own cause: on southern morale after black troops were assigned to guard confederate prisoners." >> one might assume that's why they chose these black troops
12:56 pm
because in the mid-19th century most people did believe black men were not talented to fight, that they weren't brave enough to fight. >> at 8:00 on lectures in history, middle tennessee state university professor ashley riley souza on native americans and trade in 19th century california. >> the indian men are cowboys, and they look like a mariachi band, dressed really nicely. that kind of shows you the value that missionaries placed on the work these cowboys did, that they were allowed first of all to ride horses, which was generally forbid on the indians within the california mission system, and secondly they're kind of dressed pretty nice. >> sunday at 7:00 p.m. on oral histories, we continue our series on photojournalist with david valdez, former director of the white house photo office under president george h.w. bush. >> if i say something about his hair, and i take this foe foe
12:57 pm
and his hair looks nice, no one will ever believe this wasn't set up. so i just took the photo and wound up running two full pages in "life" magazine and then over the next 20 years or so it was in the best of life and classic moments of life and in 2011 it was selected in the issue one of the best photos in "life" magazine for the past 75 years. >> american history tv. all weekend, every weekend, only on c-span3. this weekend on our companion network, c-span, utah congressman rob bishop, chair of the national resources committee, who sponsored legislation to limit a president's ability to create national monuments. he'll also discuss disaster aid of puerto rico, wildfires in the west, and the republican agenda in congress. congressman rob bishop is our guest on news makers this coming
12:58 pm
sunday at 10:00 a.m. and 6:00 p.m. eastern on c-span. next week on c-span3, donald trump's longtime attorney michael cohen will testify with regard to russian election interference. that's wednesday beginning at 10:00 a.m. eastern live on c-span3 and on reason listen with the free c-span radio app. >> c-span, where history unfolds daily. in 1979, c-span was created as a public service by america's cable companies and is brought to you today by your cable or satellite provider. testifying before congress yesterday, energy secretary rick perry defended his use of charter flights to travel


info Stream Only

Uploaded by TV Archive on