tv Hearing on Electric Grid Security CSPAN April 18, 2016 3:47am-6:01am EDT
if the goal of the bad guys is to collapse the system, they're going to try to cut off the power. there have been reports of hacking attempts on the facilities by foreign parties and the national security and public safety and economic competitiveness and according to the homeland security, the energy sector was the target of more than 40% of all recorded -- all reported cyberattacks. more discerning was the attack on ukraine that affected 4,000 substations and left a quarter of a million people without power. call centers were hit with the telephone denial of the service attack as customers were trying to report the outages. if anyone thought this was a glitch, think again.
the electrical grid is under attack and then the power sector is all too familiar with the devastation storms like hurricane sandy can leave behind and the physical attacks like the 2013 incident and the sub cap station in california. -- 2013 incident in the substation in california. thankfully in the cases of storms and physical attacks, the -- sector has strong plans in place and the systems to restore the power quickly and to avoid the loss of life and property. i am concerned about a cyber attack. are there similar plans in place for the industry and for the state and local government? will those provide the same types of protection? most recently i have been discussing this topic with those in my district asking what they will do in their communities if the power is out for a long period of time. honestly, most of them do not know because we don't know what to plan for.
we have brought together the right people here to tell us today. we are also going to discuss what preparedness looks like and the best practices and how to achieve the level of readiness all the way down to the local majors and townships. i am encouraging to hear the talk about an all hazards approach and focusing on the greatest risks, but i think that there are characteristics of the threat that requires specific planning guidelines. i know we cannot gold plate the system but given the daily lives, it's crucial that we understand the risks and be prepared for the likely consequences possible from the failure of that system. i look forward to this conversation today and starting with the witnesses, and i thank you all for being here.
mr. defazio: thank you. you certainly laid it out all against the critical and electrical grid. we know that there's probing and being done by the states and in the just terror groups to the u.s. and we need to be certain that we are as prepared that we can be. the ukraine attack was a harbor of things to come. i think that it can cover the cyber attack area. the issue of probably most
immediate concerns for us that live in the northwestern united states is the threat of a cascade abduction of a quake of nine or nine plus. that will knock you out our, so -- knockout our grid, so there are going to be exercises conducted. two exercises this year with the cooperation of the homeland security and all of the local and state authorities in the region to simulate what would be possible in face of that sort of a disaster. many of the problems that could occur will be the same. the loss of transformers is particularly a concern, and i'm going to be probing the witnesses today. there's a question if the federal government should be stockpiling since they're custom
orders and take six to 18 months. what if we lose a dozen large critical transformers because of a cyber attack? it seems to me a no brainer that we should either through the governmental sources or through cooperation with the industry be creating an industry here in the united states to deal with any and all sorts of potential attacks and coordinate a physical and cyber attack that could of course be the most devastating outside of a massive earthquake, sonali -- earthquake, tsunami and again many of the same issues arise and then one that does not get talked about very much but we held a series on it and then called the committee over the
nuclear power. there is the potential for a bomb in place. that's a nuclear plant. if you destroy the back of system and take over the plant, you create a melt down. how good is the security at our nuclear plants these days? i know that this hearing is not going to get to that topic. i am not sure that it's in the jurisdiction, but it's a concern to me and i just wanted to raise that issue. like aviation and electricity and the grid, and nuclear plants they're of interest to the terror groups and i am pleased that you're holding this hearing today. >> we have two administrators on the panel. assistant secretary haufman from
the office of electricity, delivery and ability. this is those facilitating the recovery from disruption and emergency and the energy supply. assistant secretary for the protection from the department of homeland security, and mr. richard campbell and expert at the congressional research service and the electric power sector. on the second panel it's the president and ceo of the liability corporation and those who the mission is to insure the system in north america and mr.
-- mr. william spence the ceo and the corporation and one of the largest and the utility companies and then bobby kill , a nonprofiter organization in northeastern pennsylvania. i asked for the full statement be including in the record without the objection so ordered. since it's made part of the order, you ask that you limit the oral testimony to five minutes. starting with the first panel . administrator fugate and you may proceed. gate: -- mr. fugate: thank you. i want the to address the question of what they need to plan for.
based on the other experiences causes hazards this can be you are measured in weeks. again with cyber we have seen restoration. if there's not physical damage and you do have it for transformers that will extend it. we do know that it's important that in the initial response that you provide the safety and security. when lights are out, power is out. we have had major metropolitan areas go with this. we have had people trapped the elevators and that may mean to go out and wait for problems and not wait for the call of 911. the next steps are again as the members point out and all hazards. you have to provide the needs and hopefully the critical infrastructure has power and emergency you power. -- emergency power.
generators are expensive and in my other cases there are options. the idea is what are the things required to keep the community up and running until the power can be restored and the lifeline? water treatment and hospitals and communication and the 911 and other facilities. they usually have them but they have to be planned. not just during the monthly test. as you pointed out mr. chairman, it starts to drive other issues. as we saw the longer that you have them, the longer that you have the affects and not getting to retail stores and others and gasoline distribution and as they start to get back to normal, they're all challenges. so the planning is based on the safety, keeping the life systems up, focuses on the restoration of the grid and the reality that the areas are going to be last to get the power because you're going to try to get the retail sectors and major centers up first. the industry has shown a lot of capable of doing the structures. we think that it would apply for cyber. cyber has a lot of unknown. i will differ to my experts to my left on what they are and the potential threats and how likely they are. you said how big is by? -- how big is big? well, we look at things and that's jail to the storms. because of the way that it's built and the transformers. we have developed what we would do and the satellites and systems. we are working currently now with the lessons of the previous power outages on the annex to
add to the natural response frame work to look at the power outages and a lot of the agencies that the government brings and this has to be a true working relationship. we cannot do this separately as a partnership. we have to have levels and then we have the power in the states through the utility regulatory management. that frame work the this summer is going to our senior leadership in the agency to begin the process of occurrence and updating it. it's the frame work if something were to happen now. based on the lessons from sandy and other disruptions. the challenge for people to look at planning for not what they do everyday but what happens if the power is out. not just for hours but for weeks. do they understand what they need to do and that the critical lifelines have the power? i have been through enough hurricanes and few had enough to pass what was there and in a
full load of crisis, they failed. they did not maintain enough fuel in the systems for that. they did not have the contracts for the firm deliveries when the crisis occurred. you really need to get people to focus on this. if you're going to provide the emergency power, it has to be for real and provide it for a long time. you have to do it from a stand approach. -- a standpoint of a phased approach. we don't know how long it's going to be out. we have the response steps, and you have to ask the question if it's only on the 72 hours and if we're out for a week, what are the things that we have to focus on? the story of the industry is also good. we learned a will the how to get the systems back up and bypass the failed systems. in many cases they have replaced the man in the middle and then come back and run a system and get the power back. so i think there's both a good news story, but there's still a
lot that we do not know. so against that, we're not going to run a plan for everything that cannot happen. we need the right thing on consequences. as we have the duration of the impacts, that's going to shake the guidance and officials. we're dealing with the extensive power outages. regardless of the cause of it but the time and what would be happening and the next steps are. again a lot of the lessons have been learned from the hazards and then how wide spread and how they are impacted. that's probably the one difference that a physical threat as much as a hurricane. we know the geographical area . with cyber it will not be defined by physical or political boundaries and that's a system wide. that's another area that we ask questions about. that's probably outside of an
ent detonation and that's the largest impact to the utilities and a lot of work is done to minimize. mr. chairman i stand ready for , the questions, but i tried to answer them in the opening statements. mr. carson: thank you for your testimony. before we move on, i want to recognize the ranking member of the subcommittee mr. carson for the opening statement. >> i want to thank you guys and for the sake of time we should continue, and i was the one that was late. >> thank you. >> thank you. >> we will move on assistant secretary.
thank you for focuses on the attention of being prepared on the outage and to discuss the electricity system in an increasingly challenging environment. our economy, national security and even the health and safety of the city depend on the reliable delivery of electricity. the mission of the office of electricity and delivering a liability is the strengthen, transform and improve the structure to improve the access to the clean sources of energy. we're committed to working with the public and private sectors to protect the structure and including the power from the disruption whether it's caused by man made events, cyber attacks. the crucial factor is to be proactive and cultivate what i call an ecosystem of resilience and that owner, operators,
vendors and consumers work together to prepare, respond and recover. our organization works on indent -- in-depth strategies and product itself and tools on the preparedness activity. this is done from forms, training and exercises that have federal, state and local officials. in the cyber security, it's the effort to improve the cyber security capabilities. the department of energy and industry partners have developed the cyber security capability model. this is an evaluation tool that helps organizations prioritize and develop the cyber security capabilities. in there's a clear path form in april, portland and washington , dc. it's an exercise in testing and evaluating the energy sector and
roles and responsibilities with response plans and utilized for the abduction zone of earthquakes and tsunamis. the department works to access the affects on the disaster of local and federal structure, coordinate assets, monitor and from vied regular situation -- monitor and provide regular situation awareness and the key to the state, white house and the agency partners. we also provide leadership by requesting and facilitating the development of an energy and sharing analysis center as well as the development of electric counsel.
this counsel is a group of leaders from across the sector that meet regularly to coordinate and share. when power goes out, the local utility is the first responder. should anybody receive the capability of any private or sector resources congress did several sectors and this act confirms the cyber security and oil and gas information sharing, development of a transform er -- a transformer plan.
in addition the fast act provides them with a new authority. upon declaration of the grid security emergency by the president, the secretary can issue orders to protect and restore the critical structure. the department is actively engaging in the process and procedure. the keys to strengthening resilience is not only through site by innovation. advance in technology and innovation of storage and mick -- micro-grids will help get ahead of the risks. in conclusion, the threats will continue to evolve. the doe is working to stay ahead of the curve. to accomplish this, we must invest in the resilience, encourage the innovation and use the best practices to help the raise the cyber and physical security and strengthen the local and response of the capabilities.
thank you for your time, and this concludes my remarks, and i look forward to the questions that you have. >> thank you for the testimony and you may now proceed. >> good morning and members of the subcommittee. thank you for the community to -- thank you for the opportunity to discuss on the national effort to secure and enhance the natures infrastructure and then the response and recovery from all hazardous events. including the physical impacts of cyber incidents. i want to begin by acknowledging that protecting the grid is a top priority of this administration and the department of homeland security. it is worth underscoring that the grid by its design is resilient.
it's a complex network of the assets that has built in and can adapt to demand and climate in a host of other factors. in short, the electric grid has one principal in mind. reliability. thousands of companies work to run the most reliable grid in the world. while over 85% of the nations electricity infrastructure is in private hands, the federal government realizes that we have to work in partnership to protect the the grid because of its importance to national security and prosperity and resilience. i have the privilege of working with sectors and can say with confidence that the the electric -- that the electric industry takes a multilayered approach with management and is committed to adaptation based on the lessons learned in the real world and exercises and the understanding of the dynamic risk and environment.
industry and government acknowledged that we cannot stop every threat and national hazard. and that we must be prepared to repond to the range of events and consequences. the federal government and the partnership and that's designed under the protection plan reached new levels following two important events. the first was a report publiced -- report published by the adviser commit tee and the counsel in 2011 on the resilience of the electrical and -- sectors and called for the seen were your executives to convene on a regular basis to craft a risk management agenda that was reflect reflective of the threat in environment. nearly a year later we had a scene of an earthquake of the power plant in japan. that had the united states come together to plan for a tragic incident. for nearly four years, 30 ceos
have comprised the electric sector and meet regularly with the counter parts at dhs, doe and other members to address the growing number of the fassetts -- number of sophisticated factors that put us at risks. this is to insure the consequences are minimize and -- are minimized and that the , value of our relationship is strengthened by identifying the authorities and the robust and the planning and regular testing and exercise of these plans. projects conducted by the partnership is action oriented information sharing and then around the physical and cyber events. a 2013 and 2014 outreach is the importance of reporting the suspicious activity. an electric sector playbook and that's a crisis frame work to enable to senior executives to
coordinate on the response and recovery issues, as well as work by dhs and doe with the sec fors to have the coordination with other lifeline functions. in addition to the work, dhs works with owner and operators to help to enhance the facility and posture. understand that dependencies and exercise with the state, local and tribal authorities for a range of problems. this engagement would not be possible without a contrary of security specialists from around the country that engage with asset ordinary reasons on a regular basis to help them understand the threats, perform assessments and insure that they're connect today the broad -- the broader homeland community in the state and local officials. they also work with partners across the government in event to a response or attack
resulting in a failure of the electric grid. they support fema during the response operation and has an understanding of the concern and an impacted area in the decisions ask support and then recovery as well as recovering the communications and the infrastructure. during the cyber communication, the national cyber security is able to coordinate with state, local and private sectors and including law enforcement and intelligent communities so they can be brought to a manner. the emergency response team is the component of the and provides on site support of the industrial control system. in conclusion they have engage -- they have engaged in an effort to access and litigate the success of the cyber attacks and natural disasters.
all that can result had in disruptions of the electric grid. in a major state, the department proposed to transition to an operation component and the cyber protection agency. --s transition would elevate and would provide more comprehensive, coordinated risk management to the the stakeholders that's the growing condition version of the cyber and physical threats. chairman and members carson and the member of subcommittee, thank you for the opportunity to appear approximate before appear before you today and discuss the cyber threats. i look forward to your questions. >> thank you for the testimony. mr. campbell, you may proceed. mr. campbell: thank you. i am richard campbell and i am a specialist for the congressional services. on behalf of crs i want that i don't think you for having testify today.
the want to talk about the role of the respective parties and the roles of the recovery efforts. i should note that we do not advocate policy or take specifics on legislation. electric power generation is vital to the common and daily functioning of the united states. while the electric grid is operated with a high level of reliability and the parts and it's to the failure and natural operational and mandated events. natural events are severe weather or solar storms. operational events can be result in the the failure of the systems and man made events are attacks on the grid. the extent to which these events could damage the grid are there and much of the infrastructure is there and aging.
it is modernized and the new technologies are being incorporated with the activity. one they can improve the performance of the the grid. >> mr. campbell, can you pull the microphone a little bit closer? mr. campbell: while they're going to advance the performance of the grid, they're going to increase the vulnerable of the cyber attacks launched by the internet. in 2014 they saw intrusions of the capabilities to take down the power grids and the water systems and other critical infer -- critical infrastructure. although there's not a cyber security event and resulting of outage in the united states, the potential still exists in the long outage. the first black out contributed and happened in ukraine in 2015. it had the control and the operating systems and the
regional facilities. other critical structures are targeted and then in the attempt of efforts. my report released in 2012 said that the large blackouts for the kounts eries countries or weeks or months. if it happened during the time of extreme weather, hundreds of thousands of deaths could occur with the exposure to the cold. it could cost the economy hundreds of billions of dollars. recovery from a cyber attack ton grid could be complicated by the cost and vulnerability of components. for example, the strategic structure of the number of critical number of transform -- transformers and it may take months or years. they generally prepare and use the potential for a major attack
or a similar event of a low event. if it's severe enough to be a declared disaster than fema, the federal management agency can provide assistance. gave newgress authority to order electric utilities. however, given the potential to damage to the nation's economy, some might suggest that the focus is needed and maybe apart of the strategy as well as the security grid. a focus on the recovery should consider the mutual dependence to other critical infrastructures to a failure and how quickly such impacts could plan for an advance.
congress may also want to consider how the future and the concerns are and incorporating elements to increase it as it develops and will add and reduce -- will aid and reduce the vulnerable of the system. finally they have stated after that after a major grid disruption, the systems will be a first priority. it's the communications systems, fuel, water supply treatment and customers will be a secondary priority. congress may want to consider how planning for the rest of the services would proceed to insure that all facilities are kept informed and treated as equally as possible in the efforts. this this concludes my brief -- this concludes my brief remarks. i look forward to your questions. >> thank you for your testimony mr. campbell. i will limit to five minutes now
for the additional questions following the first round, we will have additional rounds of questions as needed. i will start with administrator fugate. could you walk the committee through a timeline of consequences that we can expect to experience in the event of a large-scale and prolonged power outage which is the result of the combined cyber and physical attack? let's assume that over ten million people are out of power in the northeast and lasts for over a month. i am not talking about how to turn the power back on, but what consequences will state and local governments and residence have to deal with because the power is out? this is many my concern. i am going to put my mayors hat back on. i have been listening to a lot of how prepared that we are and what we can -- what is typical
and unlikely and what we're going to do. i am not convinced that we have connected the dots all the way down for the local government. i have not talked to a mayor or up supervisor yet when asking an unusual and unlikely event that power is out in a cyber attack, how long are you prepared to provide services? nobody can give me that answer. i know it's an unlikely event. so were the chances of two planes running into the twin towers in new york. i was a mayor and people want to know how long can we expect? i don't know if anybody has yet
given me a clear answer in the event of fiscal and cyber in the worst case scenario. very unlikely and unusual. as a mayor and supervisor, i want to be prepared for the worst case circumstance. so in the the first few days there are a thousand of people stuck in the elevators. after three or four days they will will need the fuel for generators. after a week the clean water and waste disposal may have serious problems. at some people may start to sell in large numbers. walk us through the time line of the increasingconsequences as the duration of the scenario increases. >> mr. chairman, the challenge having had this happen during accidents where human error caused power outages, we don't know how long it's going to be out. you only know that you're having them. you're not aware what is is
happening outside. situation awareness is key. the response is no difference. we have had communities go through power outages very substantial that resulted in mass rescues an elevator operations. they're having to deal with the traffic control issues and the commuter trail being knocked off. those communities do the plans, those are the things that from thedoing beginning. what is critical and this is what my partners to the the left are focused on. is this a short term or long term. when i was in the state we had a power knock down that was not occurring in a set pattern but all over the state. we did not know what was going on. by the time we got to the awareness, the next question is will this go through the the night hours. you start to focus on the immediate things like life safety. also safety in the communities because when you lose power and start to see the disruptions,
you have to provide a visible form of policing and give them a sense of safety in the communities. that's going to require more manpower and people on the streets. you start to look at my generators are now running and what systems are going to need something next. s it the next 72 hours? this is important and i learned this the hard way. a lot of communities do not plan for refuelling in a crisis. there are things that you have to have to make sure that you get the deliveries, and they may not be local. we were shipping fuel as far away as philadelphia back into the new jersey and new york to provide gas. we find all kinds of challenges, but you're saying the first step and the emergency response. the next one is next 72 hours. which of my critical facilities ?ill start to run out of fuels by this time, we would've assessed this is a much larger event than local and look at
mobilizing the resources from outside and the fuel and other things to keep them on. it's key to keep the water system and the waste running. electricity has a lot of problems, but the water and waste water are impossible to make up the difference in the population. there's not really a good way to manage that if they go off line. so you continue to escalate. once you get past the 72 hours, then you start to look at what is the retail sector supply chain look like? florida learned this the hard lesson that many of our guest sessions have emergency power. they have transfer switches because as we were dealing with the power outages literally from the hurricanes and some is of them went for a month. -- some of them went for a month. we found that they were starting to do things that were not supporting. they were bringing in generators and we did not do it as a partner. we found ourself competing with them.
think they that most that have a good response they have done this or prepared to do this. it's once you get past 72 hours that you start to think past the plan. where they're going to get the fuel and do things to keep up. where are the points to keep up. as we saw in new jersey and new york, it was the the rescues and trapped people and stuff like that. a lot of people were evacuated and then it was the fuel. it became pharmacies, grocery stores and then the cascading effects. those are the things once you're past 72 hours i am out for a week, two weeks or three weengks. how much of the core is waiting. you are not going to get power back to everybody, and you're not going to get power back to the residential areas.
can you get enough life support back up up andand running for those that do not have the power to get the essentials. it's not going to be easy but difficult. the thing is to trade off and where can i make the activities to find more time to keep the population stable? the evacuations and maybe self-is evacuate and if they have that option, they will. it's unlikely that there are places to go to. it becomes a time of stabilization, continuing to look at the down range impact and what we're able to bring up and the reality is that all of the scenarios and the society as
well as the physical and residential areas are probably going to be the last ones to get the power. can you get enough to get the major supply lines? you're not going to have everything and the normal consumption rates. you may have go with rationing of gasoline to see what is available versus demand signals. this means you have to plan out, not just the power went out but now what are the impacts of that as you go through time x and hopefully this is what our partners are working on is to get you better information about how much time are we talking about before we systems come up? when will we get the final -- we can expect it's coming. we have experience with that. widespread cyberattacks with a physical attack attached i unknown. who is having that conversation with people at the local level
that we do not know. it could be out longer than a week. you need to be prepared. are those conversations happening? i am not convinced that they are. that is where the life will be lost. i think we need to begin to find out how we connect the dots. who is responsible and having those conversations down at the lowest level of the people who will be first charge with trying to protect lives. i am going to turn to ranking member carson. mr. carson: thank you very much mr. chairman. madame hoffman your testimony noted that your departments research and activities with respect to developing space transformer components, what is the cost to manufacture when we are making these alternative components.
has the manufacture been identified and so we can ensure there is no disruption to prior usage? ms. hoffman: so thank you very much for the question. transformers are very critical components to the electric sector, as was stated in the testimonies in some of the conversations earlier. with respect to transformers, the price of a transformer ranges anywhere between $5 million to $10 million. and so these are significant components. so what do we need to do as we look for, what is our research program? what are the activities doing looking for dealing with the transformer issues? first of all looking at the spare components, the spare transformers that industry has and then industries looking at
having spare capacity on their system. we're also looking at how do we develop the next generation transformer which might be a transformer that's -- you have the ability to produce more quickly and also have more standardization and flexibility. so that includes in our research component the development of power electronics and hybrid transformers. our 2017 budget request has a strong program looking at transformers, which is about -- about $10 million in which we're going to look at developing the next generation transformers, as well as doing testing of transformers to make sure we understand any vulnerabilities that may exist. mr. harper: thank you. administrator fugate, in the event of a widespread outage, what are fema's plans for communicating with citizens on response and recoveryefforts when there's essentially zero electricity? mr. fugate: not much different than what we've faced in other significant outages. we have a variety of tools. first of all, within the emergency alert system, the radio stations, tv stations,
many of them that have emergency power, tv stations, partner radio stations we can get signals in. if we lose a transmitter, this will be something we'll be looking at in oregon during the cascadia. we work with the fcc for the non-impact to stations to get signal back in. we encourage people have that battery operated radio. that's why we encourage the idfm chips in cell phones because we can get signals in from the outside but people need to receive it to get the information. but part of this is going to be, where the information is coming from. we are going to be working through the governors office because governors and their teams are going to be the best information at the local level. our job really on the federal side is to provide the backup and tools required. and we're prepared to work with the fcc and broadcasters to get signal from the outside. in addition, we have gone as far and we did this in the sandy response. bring in satellite communications and set up wifi in some of the areas that have lost some of the cellular
communications. but we have another backup. and self-disclosure, i am an amateur radio operator. but sometimes the more we look at the complexity of our risk, we forget that we have some very resilient systems that are part of government but they often are the last thing running when everything else has failed. we look everything from our systems and satellite technology, working with non-impacted station has the broadcast in, amateur radios are all part of that. but it's important that people take the steps to be able to get the information when we can get the signal in. that's why it may seem very passe in an area of streaming everything that a battery powered radio may be that lifeline of communication link to get information. because we have seen even in large-scale, like katrina, stations outside the area could broadcast in but you had to have a way to receive the information. mr. carson: and lastly, have our most critical transformers and
substations been the bulk power system been identified so that we have a clear comprehension of system dependencies and even cascading impacts from a widespread power outage, regardless of the cost? ms. durkovich: thank you very much for that question, ranking member carson. we work very closely with the utility owners, with our partners at d.o.e., as well as nerc and ferc to understand the most critical aspects of the electric grid. we have a number of programs that we leverage to help assess the vulnerabilities of these particular assets and to work with owners and operators to help enhance the security and provide recommendations. equally important as you'll hear later from jerry colley, the president and ceo of nerc, we have a series of standards that are intended to guide the
security of some of these most critical assets. increasingly within my office, we are working to better understand the dependencies and inner detendency on critical energy assets to be able to visualize what an outage is, the impacts it's going to have to other key lifeline sectors and to be able to provide that information as leaders to include administrateor fugate as they are working to get power restored. mr. carson: thank you, ma'am. chairman, i yield back. >> the chair recognizes mr. meadows for five minutes. mr. meadows: thank you, mr. chairman, for this important topic. i think this is one of the interesting aspects that's i get asked about more than anything else. let me tell you why i'm a little troubled here today. i hear a lot of rhetoric that
acts like we have our act together from a federal standpoint when, really, the vast majority of the job that gets done is with the stakeholders, with those public utilities that's for years have been prepared for mass outages, but perhaps the scope of the threat, the cyberthreat and what we're talking about mass outages, we can talk about hurricane sandy. we can talk about, you know, other storms. they are used to that. and i'm just telling you. i used to work for an electric utility many years ago. i was around. i've got enough gray hair. i was around when the d.o.e. was actually formed. so when we look at this, to suggest that the federal government is here to help, i want to make sure that you are helping. and the chairman talked about the real communication being done. the real communication is being done by the local utilities, if
anything is getting done. it's crickets when it comes to the other federal agencies as it relates to this. now i say this as a criticism only because we have to figure out that we're sick before we start to figure out the diagnosis and how to fix it. so let me ask assistant secretary hoffman on one point. you were talking about national security and how you can reprioritize and make sure that those national security interests are supplied by public utilities or governmental agencies. here's my concern. many of our national security interests have their own generating and own distribution capacity. yet i find them woefully underprepared for cyberattacks. some of them are primary metered at the point of entrance so you may have a public utility providing the generating capacity. they do the distribution.
so as we look at this, what kind of turf war did we get in between d.o.d. and d.o.e. with regards to being ready for a cyberattack that would have national security implications? ms. hoffman: thank you congressman for that question. when we deal with any sort of event, we're going to act as a whole government. whether it's -- mr. meadows: but who is in charge? here's the problem. and i have dealt with a number of agencies. we get fema that comes in and local emergency management responses. and what you have is you have different people saying different things. so with regards to national security, who is in charge of the power grid? is it d.o.e. or is it dod? ms. hoffman: the owners and
operators are ultimately in charge of the power grid. the support to the power grid is going to come both from d.o.e. with respect to working with the owners and operators to restore power. dod has a responsibility with respect to national security and protection. so from a physical security perspective, we may look at law enforcement to help with the utilities to protect substations. it depends on the event but the response to be coordinated. mr. meadows: so you have a plan, a coordinated plan that i could look at today on how that would happen? so for -- that you could give to this committee in terms of -- because here's what happens. most of the time an event happens and then you go out and figure out the problems. you know, mr. fugate was talking about the fact we learned lessons from each event we have. the problem with a cyberevent as we're looking at in the ukraine, here we have an outage to over 200,000 people have it was cut off. the real problem was they were in the system for almost six months and we didn't know about it. so the question is, how many times are we getting attacked, and are they in our systems without our knowledge?
ms. hoffman: you bring up a good point, congressman, thank you, but the issue is every event and every incident is going to be different. and we're going to have to think about the capabilities when somebody can take someone's access credentials. we have to look at that and think about that as an industry. mr. meadows: that's more of a physical threat. i want to go back to the cyber aspect. what we're talking about is we're looking at risk management. and really what we need to start to focus on is a real comprehensive plan on how we're going to partner with the private sector or public utilities on doing this because what happens is we get a little check box and say we've gone and talked to x, y, z and asked them to make sure they're vigilant about cybersecurity, which most of them are, but yet what happens is we don't have a comprehensive plan at a federal
level to look at how we can support them in the event of a national attack that would come in the way of cyber. i'm not talking about storms. i'm not talking about stealing a credential. i'm talking about the real attacks we get hit with every day. do we know, have we done a risk assessment where we have intelligence and have we shared that with the public utilities? because a lot of times we have this national security concern that we don't want to share that with an outside, you know, group because of national security concerns. ms. hoffman: thank you. you bring up very good points in your discussion. first of all, we follow the national response frahmwork. as administrator fugate talked about, regardless of whether physical or cyber or weather related we're going to react as a whole government. with respect to your question on intelligence, we are sharing information with the private sector. dhs and d.o.e. host classified
briefings with the private sector to share actionable information. and that is the information that the utilities are able to take back and really do respond for us. with respect to specific events such as ukraine incident, ics alert has provided specific actionable information. d.o.e. working with the electric sector sharing and analysis center has provided actionable information to the industry to learn from these events and prepare. and that's what's important. each event is going to be different. we have to take those events and learn from them. mr. meadows: i've run out of time. i'll yield back. mr. chairman, thank you for your patient. >> the chair recognizes mr. de blasio. mr. deblasio: i regret i had to
step out to go to a hearing upstairs. the committees should look at not scheduling hearings in different subcommittees at the same time. administrator fugate, you made a number of excellent points and talked about being a ham radio operator, that's a potential backup. i was recently in japan and one of their greatest regrets is that they didn't have enough deep ocean sensors, and they underestimated the size of the tsunami. and they did manage to get out a warning with that original estimate before the electrical grid went down in those areas and they had no further capability of broadcasting and warning people. and, therefore, many people sheltered in places that actually were below the crest of the tsunami and died. so they've now moved to a cell phone-based system and required resilient cell towers to be built. are we looking at anything like that here in the u.s.? mr. fugate: yes, sir. part of the charge you gave us and the fcc was to develop
wireless emergency alerts. we implemented faster than we thought. right now every cell phone being manufactured today is required to be able to transmit a wireless emergency alert, part of the emergency alert system. tsunami warnings are built into those. so if there is a triggering event the originator for that will be the national weather service, tsunami warning centers. in case of oregon, the alaska warning center. it would go out. it's geo coded to the areas of impact. those counties and communities at risk would get those notifications on their cell phones. you don't have to opt in or sign up. the only thing you can do to a cell phone is turn it off and not get the alerts. unless you've done that, a tsunami warning would be issued and transferred upon that point and go out. you point out one of the challenges which is why we work closely with local levels. it's hard to get the magnitude of the tsunami so the evacuation zones have to be what's the maximum risk? we've got to move now. a phased approach, we generally don't have time with cascadia. it's too close to the coast.
even before you get the warning if you feel shaking, you have to move to higher ground. even with a warning you only have minutes to move. but the cell phone system now, as soon as the weather service issues a warning, it will get transmitted to those areas. we've seen this occur already. but it has answered this question of, what will wake people up in the middle of the night? your cell phone buzzing and humming and making strange noises was the whole purpose of the emergency alert system. mr. defazio: when phones are manufactured after what date were required to have that? do you know? mr. fugate: it started -- i believe it's -- i'd have to look at the exact date but it's been about the last -- 2010, 2011 that all new handsets. apple, the ios was the last of the handsets to incorporate this in. so pretty much all the new handsets now have this. and as we see the replacement cycle of cell phones we've now third, fourth, fifth replacement cycles. we're getting good penetration with those systems.
mr. defazio: that's great. i've been on an airplane here where we were held on the ground because of thunderstorms and everybody's cell phones started buzzing as if they had a tornado alert or something. so that is great progress. to the honorable ms. hoffman, just on the issue i raised earlier, you know, the transformer issue. it does seem really critical, and they are very expensive. they are cumbersome. hard to move. but, i mean, where are you at in evaluating the potential or possibility of having some, you know, backup or replacement transformers in a strategic reserve? you're analyzing that? or where are you at in that process? ms. hoffman: thank you very much, congressman, for the
question. the transformer reserve plan that was required as part of the fast act is in progress. we have contracted with oakridge national laboratory to do an assessment with respect to transformers. the transportation issues, any sort of where they would be placed. volumes and size. as you are well aware, the transformers in the united states are quite unique and we also have to look at a parallel process for how do we look at standardization, look at next generation transformer for additional manufacturing. we are also in the process of assessing the transformer manufacturing in the u.s. d.o.e. has had several reports out with respect to transformer manufacturing. there are several manufacturing entities in the u.s., including
efisec, georgia transformer, abb, wau ke sha and hyundai. those are the transformer manufacturers in the u.s. is that enough capacity we need? i would say we need more capacity with respect to transformers. so it's important that we continue to look at a transformer sharing program. so we are in progress and on target to meeting that deliverable for the committee. mr. defazio: so what was the timeline that was established for the conclusion? ms. hoffman: the timeline established in the fast act was one year from enactment. so it would be due in december. mr. defazio: ok. great. are you aware whether or not the regional power administration is, you know, are you working with them, because they obviously have most of the -- are interlinked with private but for the most part provide for the power transmission and high voltage power transmission. and half of that -- well, part of it is d.c. so we have two different sets of transformers. ms. hoffman: thank you very much for highlighting that. yes, we are working with the power marketing administrations which includes wapa, vonnebell.
they are a core asset to the infrastructure rit large. they're a very important part of the conversation. as required by the fafts act we'll do consultation with industry and with experts in this area. mr. defazio: thank you, mr. chairman. >> chair recognizes mr. perry for five minutes. mr. perry: thank you, mr. chairman. secretary hoffman, the fast act you were just discussing includes what you were just discussing some additional roles and authorities. can you talk a little further about the importance of the transformer reserve and what your thoughts on that are particularly? ms. hoffman: thank you very much for the question. the transformers in the united states are very critical component of the system. the fast act recognizes the criticality of these transformers, as well as the need to assess where are we at with respect to any sort of need for a plan to develop a plan for
transformer spare capacity. so what this means is really evaluate ing evaluating the spare capacity in the united states, the ability to transport transformers. so where we should have a transformer stockpile, if necessary. where should it be located? because of the difference sizes and dimensions of the transformers. so part of the plan of what we're look at with oak ridge national laboratories, our plan is assessing the number of transformers, the size of transformers, meaning the different voltage classes, and then where those transformers could potentially be needed to be located because of transportation issues. the industry has had discussions with the class-a railroads and looking at the transportation of transformers. you may not be aware but a lot of substations are in very remote locations. so really the criticality in some of the time is not only
manufacturing the transformers, but it is actually the transforation of those to a location. mr. perry: will you be considering the manufacture time in that study, and when can we expect the results? ms. hoffman: yes, we have started looking and have had several reports out with respect to transformer manufacturing. and those are on d.o.e.'s website, but the result of that will be included in the report in december. mr. perry: do you discuss cost or reimbursement at all in your report? ms. hoffman: so part of the request is to look at policy implications and the cost and financing of that. we are going to work within the department of energy with our energy policy and systems analysis group and assess what are some of the financial implications to setting up and developing a transformer reserve. mr. perry: all right. thank you. in my opinion, the epa continues to overregulate the energy industry and with that, i don't think they have the ability to determine or examine the requirements. mr. fugate, i'm sure you're
aware based on what i have based on december 2015, retiring due to epa policy retiring or converting 81,423 megawatts or 499 units based on regulation. has fema done an examination of how the epa regulations affect the grid and capacity? are you interested in doing that? do you know the capacity and the ramifications of the loss of the 499 units and the 81,000-plus megawatts? ms. hoffman: -- mr. fugate: to be honest, congressman, we depend upon our partners in dhs that do that. we are not the subject matter experts. so we determine for our infrastructure protection what that means and what those impacts are. having come from the state of florida we've seen dependence
move from coal to -- i was in the unique experience of having a gas pipeline severed. knoged out all the natural gas to the southern and middle parts of the state. we suddenly realized we had a tremendous reliability on that. and we were fortunate we had mild weather or we could have had generator capacity shortfalls that would not be made up. mr. perry: so i've got a limited amount of time here. so if fema is not doing it particularly, who are you getting the -- which partner are you getting that information from? who is assessing the effect of the regulation, the loss of capacity and the timing of that loss? who is doing that of your partners? mr. fugate: i would depend upon my partners to the left. we look at energy as a function of government. there are numerous parts of the regulatory and response structure.
we concentrate that into -- mr. perry: so may i ask your partner to the left. do you have that information? are you tracking that? ms. hoffman: thank you very much for the question. the department does look at reliability implications with respect to any sort of master change in generation mix in the united states. with respect to the clean power plan, it is really going to be as the states develop their implementation plans, the assessment will occur with the regional reliability entities and the independent system operators where they will coordinate and understand the reliability impacts. mr. perry: so you don't know what it is up front or you don't assess it as it occurs? you don't know that so many plants and so much capacity is leaving in ohio or pennsylvania or alabama? you don't know that in advance and make an assessment of the potential risk that's involved?
ms. hoffman: so thank you. from a wide -- from a widespread reliability point of view, d.o.e. believes the clean power plan and regulations wul not have any widespread reliability impacts. but -- mr. perry: hold on. you believe that, but do you believe that because you have empirical data to support that or you believe that because somebody is telling you that? or you believe that because you don't have any reason to disbelief that. ms. hoffman: right now the utilities work to ensure reliability. our past experiences as any sort of reliability concerns come up, there is strong coordination within the industry to address any sort of reliability impact. mr. perry: so does that mean if you thought there was going to be a reliability impact based on the regulation and the capacity reduction that you would -- you
would essentially exonerate or waive the requirements for a period of time to make sure that the capacity remains? do you have a policy to do that? is there a thought to that? what is your plan if you come up against something that doesn't comport with what you think it needs to be from a capacity standpoint? ms. hoffman: within clean power plan, the state says they develop their clean power plan, their state plans, they will be coordinating with the reliability entities, the isos and rtos looking at any potential reliability implications. mr. perry: how does that work? i live in the pjm, a multi-state organization. it's not state by state. it's multistates that all feed into the same grid. how does one state's plan affect another, and who coordinates whether reliability or capacity issues in that regard? ms. hoffman: the states are required as part of the clean power plan to coordinate with pgm. npgm has and will continue to do reliability analysis for that region.
mr. perry: thank you, mr. chairman. >> thank you. chair recognizes mr. series. mr. series: thank you for holding this hearing. this is very important. i represent the 8th district in new jersey which got hoboken and some of the other areas, jersey city, which got hit very hard by sandy. if i learned anything about our infrastructure, it's how unprepared we were for the storm or anything else. and there's plenty of blame to go around. everybody points to the federal government but in reality the states could do a lot of things and the locals could do a lot of things and the power companies could do a lot of things. i always think of the example, there was a generator in a flood zone. and the power company was protecting it with a chainlink fence. so when it flooded, obviously, the chain-link fence did not hold the water back. so what i'm trying to get at is,
these are the kind of simple things that we can do to protect, you know, this particular transformer. the other thing was in terms of the -- you were talking about now that we learned. we have plenty of gas, quite frankly, but they couldn't pump it. so a simple thing like a small generator to just move the pump or move the gas from, you know, from the containers to the people. it would have sufficed. so when i say that everybody has shares of blame in this, i just hope that we have come from sandy far enough to learn some of these mistakes, and we are expecting them. so will you please tell me that we've come a long way from where
we were? mr. fugate: we've come a long ways. we haven't gone far enough. you point out what i see is the real challenge in which cyber highlights, the tendency is to plan for what we're used to dealing with, not for what can happen. we put a fence around a generator in a flood zone. the reason you have a generator is if power goes out. one of the likely reasons for a power outage is a coastal storm. but you hadn't had one in a long time so you're more concerned about someone breaking in and damaging the transformer. cyber is new. a lot of things we'll do won't be new in response to the consequence. if we don't know what we're planning against we may run the risk of only planning for what we're used to having. maybe short-term power outages or disruptions strictly local and not plan for what could happen and plan against it. as you point out, we try to promote these lessons, but it seems to again be one of our challenges. how do you get people to change?
let's talk about gas stations. that's a private entity. putting in a generator is a cost. so you can just ship a generator there. most of those utilities were underground and it was hard to get a generator hooked up to it. in some states, they've put in incentives that gas stations would be required to put in a transfer switch. it was a good compromise. that way if they did lose power, we can get jen ratsors in there and hook it up and pump gas. this is where we have to be careful. it's easy to say this is the fix until you ask who is paying for it. and i think this is the trade-off of what would make sense either throughincentives, tax credits. i can't ask businesses to lose money if their other partners or competitors aren't doing the same thing. you have to put a generator in every gas station. that's not also necessarily a great idea either. putting in a transfer switch was a great compromise. as we learn these lessons, we go
back to this trap of, we plan for what we have experienced in will the past, and that does not always scale up for the future impacts. we have got -- the lessons learned. we've put the information out there. but the receptiveness of that audience is based upon do they see this threat as applying to them. as you know for your community. we talk about hurricanes and hurricane evacuations. most said we don't have hurricanes. we have nor'easters. it's getting people to plan. we know what these impacts are. it's having people plan for what can happen, not only based upon their past experiences. and we've not had a lot of experience with cyber. so part of this again is getting -- what are we planning against? and then, what will we do differently? and if that requires resources, where are those resources coming from?
mr. sires: i also think that we have to be prepared post sandy or post -- because we still have problems in new jersey where people still aren't in their homes years later. and, to me, that's really unacceptable two or three years later that we have these issues where people, with the insurance, with the evaluation of the property. somehow we have to be prepared for some of these things because it impacts real people. mr. fugate: it does, and our experiences coming out of hurricane katrina five years after that we still had families living in travel trailers because we didn't have the right answers. rebuilding after disaster is time consuming. a lot of hurdles to go through. it's ideal to get people back in their homes as quickly as possible but that requires a lot of things that go beyond even some of my programs. it's really, as you point out, state, local -- mr. sires: sorry. i'm not just putting the blame on you. i'm also putting it on the locals and the state that we
should prepare for any of these storms or whatever we have. thank you, mr. chairman. >> thank you. the chair recognizes mr. massey. mr. massey: thank you, mr. chairman. i'm going to yield as much of my time as he might consume to the gentleman from north carolina. >> i thank the gentleman from kentucky for yielding. miss hoffman, i want to follow up on one thing. you talked about the transformers and having these backup transformers as a redundancy. one of my major concerns is that get made by d.o.e. or dhs or fema all of a sudden what we do is we transfer that liability to others that are providing service. so what we -- right now, all utilities have backup transformers, primarily for distribution purposes. but even for larger transmission related transformers and switches. however, if you're going to make a decision, it directly impacts
rate holders for two reasons. if they are having to have $10 million transformers sitting there, i don't know that they can get a return on that investment. if you start to extrapolate that out if it's not in service, just kind of like generating capacity, there's a certain length of time they have in order to bring that online so they can get a return. ultimately it affects the rate payer, anything you do. when we start to look at the security implications, what i'd encourage both of you to do is look at it as we would from fema is that it is a federal redundancy required, not that needs to be done by utility to utility to utility. do i have that commitment you'll look at it as a federal obligation rather than utility obligation?
for the record, both of them said yes. let me finish with one other concern when we talk about sharing in a classified setting with the stakeholders. have all of the utilities participated in that secured setting where you have let them know of both the threats, potential and real threats that we already have experienced? so you were saying that we've done that in a classified setting, and i just find that interesting. i'm not challenging you, but i want to drill down on that because i don't know of too many -- maybe the big utilities but there are hundreds of utilities. they come into a classified setting. this is your risk. this is where that is.
this is your testimony today. ms. hoffman: so thank you for that question. information sharing occurs at multiple levels. we do have classified information with the electric sector coordinating council which is a 30 ceos that comprise the whole sector. they are investor owned utilities, co-ops that participate in that information sharing, that classified information. in addition we've had one day read-ins where we've brought a larger section of utilities in to do classified information sharing. we have done that. dhs has done regional information sharing, meetings where they've had opportunities to bring folks in and do information. it occurs on multiple levels. have we hit every single of those -- mr. meadows: i'm not saying -- i want it to be systemic. i'll yield back to my good friend from kentucky in a couple of seconds, but i want to make sure that i'm clear. as we get the stakeholders, what
i want it to be is more than just a box that we're checking off. i want eei, i want all of the groups that are there to buy in and say, we have a plan. we do it for mass outages like sandy and other hurricanes. we haven't done that, i believe, adequately, as it relates to cyber. and do i have both of your commitments that you'll redouble your efforts to include them as stakeholders? ms. hoffman: yes, we will redouble our efforts. one thing i'd say codifies how we're redoubling our efforts is the grid-x that happens between utility and industries where we are actively exercising this. mr. meadows: i'll yield back to my good friend. mr. massey: thank you. i just have a brief question that occurs to me during the questioning. of this classified information, if we sought to get a brief on that, would you make yourself available in a classified setting for us as we contemplate what sort of legislation might be necessary?
ms. hoffman: yes, congressman, we would be glad to have a briefing with you? mr. massey: is that the case for everybody? ms. durkovich: yes, sir, of course. mr. massey: mr. fugate? mr. fugate: i wourld originate most of the data but i'd be -- most of the origination of the classified data would come from my partners to the left. mr. massey: understood. thank you very much. and i yield back. >> with respect to time for our second panel, we're going to move on. and i think if i can summarize, and i thank you all for participating today. i think if i can summarize administrator fugate that planning for local and state governments should be -- needs to be in terms of weeks, not days. and that's important because that's the furstirst time i've heard what we need to begin to look at in the event of an attack. i want to thank you all for your testimony. your comments have been very respectful in today's
of the subcommittee. very glad to be here today testifying. i'm the president and ceo of the north american electric reliability corporation, nerc say non-profit international organization overseeing the reliablity and security of the power grid in the united states, canada and a portion of mexico. we have authority assigned by congress to develop and enforce standards affecting reliability and security of the grid. and that authorities overseen by the federal energy regulatory commission. electricity is the most critical lifeline sector for national security, for other lifeline sectors like finance, water and transportation, for the economy and for public safety. every day we're reminded of a seriousness of our job related to securing the grid. there have been terrorist attacks in france and belgium and even here domestically. there have been cyber attacks and data breaches across various industries and across government. of particular relevance to our grid on december 23rd, 2015,
there was a cyberattack in the ukraine which was launched against three distribution companies and in which the perpetrators gained control of three distribution companies and were able to put out the lights for 225,000 customers for up to six hours. a team from the u.s. went to investigate that incident in the ukraine, including a member of the nerc staff, and what i can tell you is that the cyberthreats are real. but i think we have a very different situation in the ukraine as compared to what we have in the united states and north america. our security controls in north america are very different. we're the only industry with mandatory and enforceable reliability standards affecting physical and cybersecurity. we're currently in the fifth generation of cybersecurity standards. risk-based standards based on nist-type controls. they are adaptable and can keep
up with the current threats. we have a very robust compliance monitoring and enforcement program. system operators use modern controls to ensure the security of the system, including separation of corporate and business systems from control systems. physical access controls. patch management. aggressive threat hunting and mitigation and employee and contract training and many other measures they take. we've established the electricity seccor coordinating council at the highest levels of industry and government including ceos and top officials from government. the ceos and boards of power companies take security very seriously and security is one of their highest priorities on a regular basis. our information sharing and analysis center, which you've heard about, the isac, provides robust information sharing regarding physical and cyberthreats.
we've recently gone through a review and upgrade of the capabilities of the isac and the isac, i believe, is closely integrated with the security operations and information sharing at individual companies, as well as the state fusion centers and other sectors. we also operate a tool called crisp to monitor the internet traffic to key sites around the industry and compare that traffic to threats and vulnerabilities that we're aware of worldwide and warn the utilities about issues they may be experiencing in realtime. in the unlikely event of a successful cyber or physical attack, i believe that we are well prepared. ferc and nerc recently completed a study of the restoration and recovery capableility plans and drills and exercises of nine major companies in the industry, and that report is available
publicly. it's posted on the nerc website. but it demonstrated the preparation is there and that the plans have been exercised. as you heard before, november this past year, nerc led what i believe is the largest grid security exercise in the world. grid-x 3. over 400 entities in north america participated. over 4400 registered users. in my estimation probably closer to 10,000 actual participants. the distributive play portion where we're in a central control place and we inject the attacks outward and so the power companies are engaged in the exercise locally in their own control centers in their own substations and power plants. they're receiving the information from us. that portion -- i apologize for my voice. just getting over a cold. that portion lasted two days.
on the second day there wauns executive table top that brought it together for senior execute ufs from industry and government. the scenario included cyber attacks, physical attacks, including active shooters, truck-mounted explosive devices and unmanned surveillance drones. this hypothetical event was extreme and intentionally extreme to go beyond our capability and to test the system and really the point was to find out what can we learn and what do we need to do to improve. during the distributive play exercise we caused outages on a simulated fashion. no one was controlled or affected. we simulated 5 million customers were out, and during the executive section to invoke all the policy questions at the national level we were looking to pull out, we had 15 million customers out, and those outages were projected to be extended for weeks and even into months to really push the questions that the chairman is trying to raise today.
participating entities work through their emergency procedures. very extensive contacts with local law enforcement and first responders. those local government officials and first responders did participate in the exercise. we had in the exercise the white house, dhs, d.o.e., department of defense, cyber command, nsa, northcom, fema and the illinois and wisconsin national guards are some of the players who participated in the executive exercise. a number of key take aways were to make sure that we are able to better coordinate between industry and government in terms of the situation assessment. and what do we communicate to the public? it would be a constant race with regard to information to the public. we all know social media and the news are very quick. we want to make sure we're getting reliable information out to the public. we're focussed on ensuring unity
of effort and unity of scale. we can resolve all of our resources for both industry and government together. looking forward, i would say in this exercise we'll continue to expand the role of state and local governments and participants in the exercise to make sure we can exercise some of the things the chairman is looking to get here which is, how do we engage, how do we inform and how do we set expectations? i look forward to your questions. mr. bartlett: thank you for your testimony. mr. spencer. members of the committee, my name is bill spence. i'm president, chairman and ceo of ppl corporation. we deliver electric ut to more than 10 million customers in the u.s. and the uk. beyond my role overseeing ppl's operations, i'm also on the eei ceo policy committee on reliability and business continuity. i also am a member of the electricity subcommittee -- or subsector coordinating council that you heard about earlier today.
the escc serves as a principal liaison between the federal government and the electric power sector to protect against cyberthreats to the nation's power grid. protecting the nation's power grid as you heard earlier is not only a top priority of the federal government. it's also a top priority for the industry. we have a very strong record of working together closely in all kinds of disasters and storms. along with our government partners. we identify, assess and respond to all threats. the electric sector takes a defense and depth approach to protecting grid assets. this approach includes three key elements. the first is a rigorous mandatory enforceable and regularly audited reliable standards. jerry talked about that in his testimony. also, close coordination among industry and with government partners at all levels. and thirdly, efforts to prepare, respond and recover should power grid operations be affected. our industry already maintains
hundreds of spare transformers. i don't believe that came up earlier, but you should be aware of that. in addition we just recently launched as an industry a new project called grid assurance. under grid assurance, many of the major utilities in this sector are coming together to establish regional centers, what we will not only store spare transformers but other critical equipment necessary to quickly recover the power system in any type of an event. among all the kritsical unfra structure sect ors you should know the electric sector invests more annually than any other critical infrastructure sector. last year alone, we invested more than $100 billion. regarding security standards and regulations, as you heard, we're subject to nerc's reliability standards. entities found violating these standards face penalties of up to $1 million per violation per day. in fact, our industry is the only industry subject to these mandatory federally enforceable cyber and physical standards.
the industry's also implementing requirements for physical security as part of a broader suite of nerc standards and using voluntary standards to drive improvement. secondly we're accordinating closely with the federal government, sharing threat information between the government and industry to protect the grid. according to the national infrastructure advisory council, the electric power sector is viewed as a model for how other critical infrastructure sectors can more effectively partner with government. our intent is to keep it that way. the electric subsector coordinating council brings senior government and industry executives like myself together with agency officials to improve sectorwide resilience against all hazards and potential threats. the escc and our electric information sharing and analysis center offer programs like the cyber risk information sharing program, as jerry also mentioned, which we share
information on potential threat. this is an area where i think the federal government has been very helpful to the industry. by allowing us to utilize proprietary hardware and software developed at the national labs and is now helping to protect the grid. we now have over 75% of the u.s. customer base covered by industry participation in this critical program. the escc is also focused on several key other areas including planning and exercising responses to major disruptions. our last exercise was a combined cyber and physical threat. we're also ensuring rapid threat communication amongst share owners and stakeholders who were also developing government-held technologies on electric power systems that improve situational awareness and cross-sector coordination. last, but not least, we're focused on incident response and recovery efforts. electric power companies continuously plan and exercise for a broad range of potential threats. we share crews and equipment in
times of trouble, and we regularly drill for potential emergencies. for our part, ppl is actively engaged in the industry efforts i've highlight and pursuing an aggressive approach to protecting the power grid. thank you, and i look forward to your questions. mr. bartlett: thank you for your testimony, mr. spence. ms. killmer, you may proceed. thankuley: -- ms. kilmer: you for inviting me to testify today on how electric cooperatives manage the consequences of a power outage. regardless of the cause, getting power restored quickly and safely requires advanced thinking and planning. my name is bobby kilmer. i'm testifying on behalf of the national rural electric cooperative association. they deliver electricity to member owners at over 18,000 locations in rural northeastern pennsylvania. we have low consumer density averaging less than six consumers per mile of line, and we serve primarily residential accounts.
we are one of pennsylvania's 13 electric cooperatives and our electric distribution system is not directly connected to the bulk power system. the national rural electric cooperative association is a service organization dedicated to representing the national interests of electric cooperatives and their consumers. nreca represents more than 900 not for profit consumer owned rural electric utilities that provide electricity to over 42 million people in 47 states. electric co-ops are accountable to their consumer members. those same members own and govern the co-op through a locally elected board. they reflect the values of their membership and are uniquely focusod providing reliable energy at the lowest reasonable cost. responding to power outages is a major part of our business. assessing the situation, knowing who to call and determining how to proceed is imperative, and it requires coordinated efforts in the public and private sectors during major events.
one of the seven principles of the cooperative business mod cell cooperation among cooperatives. this cooperation is integral to our emergency planning and response. in pennsylvania, as in many states, the electric cooperatives statewide association plays an important role in emergency coordination. electric co-ops have mutual assistance agreements between one other so during a major event the process of securing additional crews and resources is simplified. there is also a national cooperative database which facilitates cross-state mutual assistance. as i noted in my written testimony, this network helped our statewide secure crews from florida to assist us in our restration following hurricane sandy. also important are the relationships that we have with state and local government agencies. during major events our statewide association is in regular contact with the
pennsylvania public utility commission and the pennsylvania emergency management agency. the statewide communicates outage information and requests for assistance from other governmental decisions divisions on our behalf. we're in touch with our county local emergency management agencies. we advise them of outages in their counties and expected restoration times. this allows them to coordinate with other organizations like the red cross to set up services such as warming shelters. we also have close relationships with our local police and fire departments. and along with other agencies and utilities, we, too, participate in table-top exercises which simulate emergency snaurcenarios and strengthen our community networks. communication with our members is important, too. we always provide the option to speak with a live customer service representative. we use outgoing telephone messages, information postings on our website and social media
and use radio and television broadcasts which could be used even in the event the internet is down to keep members and the public informed about outages. we test our business continuity and disaster recovery plans annually, and we have plans in place so that we can operate from a remote location if necessary. cybersecurity and awareness is a critical part of our operational preparedness. though we are a small utility, we strive to follow industry best practices such as the use of network scanning and intrusion detection programs in protecting our operationalidata and our business and member information. we also participate in the pennsylvania department of homeland security's task force on cybersecurity. our preparedness in the field is tested throughout the year during localized outages caused by weather events and other conditions. lessons learned through experience, along with the coordination with our national, statewide and local networks would form the basis of our response to a national or cyber event. again, thank you for the opportunity to testify today on our emergency preparations and recovery efforts.
mr. bartlett: thank you for your testimony. ms. kilmer, i'll now begin our first round of questioning. and this question is to all. i'm going to ask you the same question i asked our first panel. what is the planning scenario that state and local governments should be using for a cyberattack on the electric grid? will the power be out for days or weeks or months? considering both a cyberattack and a physical attack, the worst case scenario. how widespread could the outage be? mr. cauley, nerc runs an exercise on the failure of the grid. what scenario do you use? mr. cauley: thank you, mr. chairman, for the question. as i mentioned in my presentation, we do probably pose a scenario that's ten times
beyond any sort of realistic expectation in terms of magnitude, it's to test and shake us out and see what we can do. the difficulty in understanding the question is that there's many kinds of hazards that can cause outages. and, in fact, if we look at -- we do a lot of data and analysis about what causes blackouts. that's one of our jobs. since 2011, so four years running in our data, weather has been the top ten causes of all major outages in north america. so we have that sort of baseline. so, the question for me, i i phrase it as what kinds of things can cause outages from a few hours up to two to three days? and there's a lot of things that can contribute towards that and what kind of response and capability we have. so it could be storms, it could be equipment failure, a number of things.
then i think as we get to the kinds of things we're talking about here in terms of cyber and physical attacks, i think it's reasonable to ask -- and severe storms, ice storms, hurricanes, it is reasonable to ask the question how are we taking care of people? in a one to two-week outage? it may not be everywhere, but it might be in some local areas, it might be some cities that could reasonably be facing a one to two-week outage. i would hate for us to say it's a cyberevent or it's a storm. really the public safety issue is similar. the major difference would be, to me -- the major difference would be we knows there some kind of security concerns, law enforcement would be involved. still the same fundamental law enforcement would be involved, still the same fundamental without electricity, you need to take care of people, you need to get them fuel, food and water. the one scenario i think that is the exception, and i think it was appropriate that the committee participated in the legislation around spare equipment, the one scenario i think realistically concerns me
longer than the one to two-week time frame is damage to spare equipment. particularly the transformers . that could happen from bomb blasts, shootings, other gmd storms. the question is not what caused it, but the question is what you are going to do if you lose transformers and they're not replaceable for an extended period of time. >> i guess what i'm getting at, i want to get this -- connect the dots down to the local and state. i feel pretty confident that getting to that point we've got all the ducks in order. i'm just concerned that there's a missing link to what should the state and local governments be preparing for or planning for in length of time because they need do the same thing you're doing. they need to know the scenario of worst case, what do we need to prepare for?
>> right. i've been doing reliability for 35 years. i really think there's two levels. there's normal expected, you would see a number of times a year, is that one to three days is a normal kind of scenario that everybody should be prepared for. i think a one to two-week scenario is a scenario that if you're prudent, i would be talking with the mayors and the city councils about what you can do to be ready for a one to two-week outage in the extreme case of hurricanes, earthquakes. my only exception is spare equipment damage may be more challenging. i think it really is independent of the cause, whether it's cyberattack. i can't imagine a cyberattack that will damage equipment to have an outage more than hours or days. >> i would agree with mr. cauley. i think the prudent thing would be the same as what we're doing today for devastating storms which is really a one to two-week outage preparation. there are a lot of resources
currently available to local communities, both at the state and local community level. they are a really great resource that all the towns and communities don't take advantage of. a lot of good best practices that have been used by towns and cities that have been more experienced with devastating storms -- for example the state of florida, has a lot of experience. a lot of lessons learned there that are available to towns and communities. i think the other thing -- i think this was mentioned by the representative of fema earlier today, really boils down to, in many cases, the probability of the event happening that risk of the event, and willingness to put in place and spend the upon -- spend the money on backup generation or other backstops that would be necessary for one to two-week event. so i think that's where i would
direct the towns and communities to be aware of what's available, utilize that fully, make the critical investments that they need to survive a one to two-week period. >> i will connect the dots. so do you think it's the federal government's responsibility or the state government's responsibilityto make sure that -- responsibility to make sure that the local government is doing all that? because i'm just concerned we'll have everybody pointing fingers at each other, i thought you said, i thought you did, and nobody did. whose responsibility should it be that we make sure that the local governments are prepared? because today is really the first time i'm hearing a length of time. >> right. >> in my own mind, again, i'll put that mayor's hat back on, i'm thinking if it's a week or , two weeks, there's a lot of things i need to be prepared for here, and i'm probably not. which means most cities are probably not prepared. that's what this hearing is about, to raise a red flag here today that we are not prepared in the event of something
drastic, major, unlikely, but could be. >> couple comments. first, i would say -- you probably would not want to hear this necessarily, i think it's a shared responsibility between local government and the federal government. and i really do believe that because you're just not going to be able to have federal boots on the ground in all these local communities to get the communities back up and running. secondly i would say there's things that the local yew -- local utilities do have at their disposal in terms of communication and backup generators that we can deploy to high-priority areas to make sure when we need to restore the system and can't do it in a timely fashion, at least there's a basic level of service that we can provide. in an extended period of outage, you'll still have power to certain areas. it may not be this town or that town, but collectively there will be ways to get resources
available to the local towns and communities. to be quite frank, i was skeptical when we started this electric sub sector coordinating council and whether the federal government would be able to help us as an industry to restore power quickly. i've been pleasantly surprised at the level of cooperation and collaboration that's gone on in the last three, four years. simple things like providing fuel that we desperately needed during hurricane sandy to restore towns and communities in jersey and pennsylvania, and there's other things like providing beds for crews that are coming from out of state. we were able to access barracks at the department of defense facilities. we were able to access portable generators. we were able to access experts in emergency response. there are some things that the federal government can be helpful for. and i think now that we have a playbook that really dictates who does what when, which was always my concern in a major
event who do i call? , and are they going to be ready for that call? i can say that from what i've seen so far, i believe we're more ready than we've ever been in the past and we have a very good system and play book and we can go right down the line and have access, we're talking about this committee, to cyberresources at the highest level of the federal government. >> thank you. >> ms. kilmer? >> i agree with my fellow on -- panelists on the shared responsibility. i would also like to emphasize to the subcommittee the importance of communications during crisis periods. my experience has been that sometimes it's not the length of the outage but simply knowing how long it's going to be or what expectation is. it can help both residential consumers as well as townships and towns understand how they need to plan. i'd also like to add one thing that we've seen in our rural
area, especially since hurricane sandy. that is a focus on individual preparedness. i'm seeing our local county management agencies doing a great job in trying to educate the public on being prepared. we try to do the same thing. we are in a rural area, we're subject to many weather events, so i think our consumers are relatively prepared. i'm not suggesting we can rely on that but that is an element in all of that. >> the chair recognizes ranking member carson. >> thank you, chairman barleta. ms. kilmer you mentioned the claverack is not connect to the bulk power services but you receive services from another system. what does that mean for your cooperative in the event of a major cyberattack on the grid? >> in the event that there was a cyberattack that took down the grid, we would be affected by that.
if peneplex was affected and taken down, we would also be without power. >> mr. spence, whoever, there was a newspaper article yesterday that indicated that the fbi and the department of homeland security had been warning the power industry over the last month about a potential cyberattack. what role does the electricity information sharing and analysis center, what role might they play in distributing this kind of information? >> thank you, congressman. that was exactly what the information sharing analysis center does. in fact, i'm not aware of that particular one. we do dozens of these a day. we get information, post it to industry, have several thousand participants in industry who receive those notices every
day. >> i yield back, mr. chairman. thank you. >> the chair recognizes mr. meadows. >> mr. cauley, did i hear you correctly, did you say in the event of a cyberattack the longest period of time that people would be without power is an hour? is that what you said? >> thank you for allowing me to follow up on my -- whatever i said. my point -- >> sometimes i don't hear correctly. i wanted to give you a chance. >> the point i was trying to get to but i rushed, it's a very difficult form of attack go from -- to go from a cyber attack -- it's easier to steal information or disrupt things, it's challenging to go from a cyberattack to causing physical damage to the equipment. even in the ukraine attack, there was no damage to equipment.
so that once they realized what was happening, they basically could defeat the computers and have people go to the station manually flip the switch, a , mechanical switch, and put the power back on. so my point -- i would love to continue working on this and get some actual data to support that, is that it's very hard to transform from a cyberattack into long-term damage that would be measured in weeks or months because you have to hurt the equipment to do that. >> that's my focus, not turning a switch off here or there or, you know, tripping a breaker or making a jack go out. that's minor. i guess the type of cyberattacks that we're seeing and hearing about in classified settings, not directly related to the electric utility business are very sophisticated. so being able to come in and -- so i assume going into a
generating capacity. let's say you have a generator. you know, there's all kinds of controls and switches to make sure that you don't run into problems with the electrons. put it that way. so all of a sudden somebody coming in, nefarious, not just turning a switch off, can scramble it in such a way that would create unbelievable damage, certainly from a standpoint of generating capacity. i don't want to talk about it in an open forum like this, but i guess my concern, are you not having those kinds of conversations which are more than just turning the power switch off as happened in the ukraine, but really causing long-term damage either to generation capacity or transmission capacity? >> yes, congressman. i have the privilege of going to
very similar highly classified briefings as well. but i also have 35 years of experience working in substations with equipment. and i understand the threats of black energy or aurora or those things. it's very difficult to transform an action that the predominant behavior we're seeing today is surveillance-type behavior. to transform that into an action that destroys this equipment -- >> that's comforting to know. that's real comforting what i'm going to do, i'll follow up with you and mr. spence as it relates to this. again, it's one of the number one questions that i get is just a real concern -- it's about hitting the grid and most people don't understand the interconnectivity between utilities and so a lot of that gets blown out of proportion. yet at the same time your
confidence level if there were a cyberattack on an investor-owned utility somewhere in the midwest, that the damage they could cause in your opinion would be minimal? >> the damage on the -- >> physical damage. >> on the systems, that would be their business risk. on the grid it's very difficult. it's very unlikely to put the grid out for one to two weeks. >> so what you're saying mass outages for multiple weeks or days are, in your opinion, is going to be a weather-related event. >> or the other thing is a physical attack, which is shooting and explosive devices at the substation, those are the two things that can get into that one to two-week and beyond. >> but those are a lot easier to anticipate and plan for. >> it's very complicated to do 20 sites at one with a physical attack. that risk is mitigated as well,
but that's the one i worry about the most. >> that's very helpful. i'll follow up with all of you. i want to say thank you as a member of my local r.e.a., i have a great affinity for my r.e.a.s. >> thank you very much. >> i yield back. >> thank you. i have one more question, mr. spencer. my colleague from pennsylvania highlighted that too many coal -- many coal power plants have closed. are you concerned that having fewer generation facilities online makes the grid as a whole more vulnerable? >> i am not. in fact, mr. cauley and his team are also responsible as part of their duties to evaluate with detailing modeling region by region the impact of retirements of any sort on the grid of major power stations. they have evaluated this multiple times and have found
that we continue to maintain an adequate reserve of capacity should we see more retirements than actually forecast. even with the forecast, the retirements which are many, particularly on the coal side, we still have adequate capacity to meet all of our projected needs for power. >> thank you. >> all right. i look forward to working with each and every one of you. welcome your input as we move forward on this initiative. thank you all for your testimony. your comments have been helpful to today's discussion. if there are no further questions, i would ask unanimous consent that the record of today's hearing remain open until such time as our witnesses have provided answers to any questions that may be submitted to them in writing. a unanimous consent that the record remain open for 15 days for additional comments and information submitted by members or witnesses to be included in the record of today's hearings. without objection so ordered. i would like to thank our witnesses for their testimony if
>> today is tax day and the house other -- house of representatives will spend most of the week in oversight of irs. they returned to business for work on a measure related to the homeland security department headquarters in the national capital region. tuesday, the begin debating a series of bills on the irs.
fromould bar the agency rehiring old employees who were fired for misconduct. the senate returns at 3:00 eastern to continue work on wii funding for the federal aviation administration through 2017. there will be a procedural vote to advance the bill. current faa funding expires in july. live coverage of the house on c-span and the senate on c-span2. >> tonight on the communicators, george ford, chief economist for the phoenix center for advanced policy studies and mark cooper, researcher rector for the consumer federation of america, debate the fcc's proposal allows it -- allowing consumers to buy their own set-top boxes, instead of renting them from providers, a move to open up competition in the set-top box market.
we think we need competition in a set-top box market. some places it works, some places it has not. this is one place where it really has not. gethink consumers would better choices and lower prices if we had some vigorous competition. >> the answer in terms of what is delivered over the cable network is no because a set-top box is a component of the network. the most efficient way to design and deliver cable television service, so it is the cheapest way and most efficient way to do it. the companies would prefer a market if it was more efficient. >> what's the communicators tonight at 8:00 eastern on c-span two.
♪ reporter: this week on "q&a" sally denton, as she talks about her book "the profiteers," which takes a look at the largest engineering and construction companies in the world. brian lamb: sally denton, author of "the profiteers." in your notes section you write this, i was denied access to caspar weinberger's papers. why? sally denton: i was really shocked about that and it turns out it is not really shocking at all, that a lot of public officials who give their papers to the library of congress, with restrictions that keep them from the public for as long as the family wants, and it was the library and -- librarian of
congress that made the arrangement with caspar weinberger's family or maybe with him personally, that they would be restricted and the son would determine who would be able to view them. i was surprised but i have learned through my friend, that it is a usual thing. i thought that maybe you would put personal papers in a situation like that, what not -- but not papers related to your position as secretary of defense or secretary of state. brian lamb: what difference does that make to you in this book? sally denton: i think it would have created a treasure trove of documents for me relating to his role as secretary of defense, and i was looking specifically for his relationship with and the sentencing referendum for
the jonathan pollard case. brian lamb: how does that relate to your book? sally denton: jonathan pollard had been spying for israel, as we all now know, and he had, among the things he had given the israelis back in 1985, evidence of american companies building chemical plants in the middle east for israel's enemies and caspar weinberger became very interested in making sure that pollard did not get an easy sentence. brian lamb: you say neither the nnsa was not helpful or forthcoming? sally denton: it is actually an autonomous agency within the department of energy, and it is in charge of the maintenance of the nuclear weapons laboratory,
which figures prominently in my book. brian lamb: why? sally denton: bechtel, the company i'm writing about manages most of the nuclear weapons complex at this point. there are 17 labs and i was focused primarily on lawrence livermore the weapons lab. , brian lamb: bechtel is what? sally denton: bechtel is the first major multinational company from the american west which is why it interested me because i am from the west, fourth generation nevadan and i grew up in the town that was their signature project way back in the 1930's. bechtel is the quintessential multinational company that is involved in all aspects of construction and engineering throughout the world.
brian lamb: how cooperative was bechtel with your project? sally denton: i didn't really, i initially contacted bechtel early on when i was first researching it and they directed me to the company website. i had actually been there before i had even written my book proposal to simon & schuster, so i was familiar with the website, but they directed me to the online press kit, and then when i found that everything i needed was not only available on the website, but there were three corporate histories that are very intensive, dating back through several generations, so between that i did not really need any more from the corporate spokesperson. i did apply for a media fellowship at the hoover institute, which is where i had been for my previous two books,
specifically with the interest of interviewing both stephen bechtel junior and george shultz, an executive and i was denied that fellowship. brian lamb: why? sally denton: they said it was because my project did not relate closely to any of the scholars there, and i could not imagine a book project that was more relevant to the hoover institute which is very supported, long-standing support from the bechtel family and henry kissinger was also there at the time who had been a bechtel consultant. i figured, if this book is not relevant, i will never write a book that is, apparently. brian lamb: is george shultz still attached to hoover? sally denton: yes. brian lamb: let's go back when he was being confirmed in the united states senate, joe biden
is in the chair during the confirmation hearing. joe biden: are you going to go back to bechtel? >> i have no plans, no invitation, i have not given any hot to what i will do. joe biden: let me tell you why i asked, there have been a number of questions on my colleagues who have done a lot of research on bechtel and its relationship with the arab world and everyone is aware of the saudi policy among others in regard to whom they deal with, if they deal with the israelis. if in fact you were, some are going to suggest to you that if in fact you are required to take the position in the interest of the united states of america that was viewed as being very supportive of israel and against the interest of saudi arabia, that you might very well be reluctant to do so because you would know that that would prevent you from ever being able
to reassume a position at bechtel. >> oh no. i do not have any such concern in my mind at all. brian lamb: that was 1982. there is a lot in there that i want to ask you about. he became secretary of state until 1989. did he ever go back to bechtel? sally denton: he went immediately back to bechtel and remains there, quite elderly. he went immediately back and was an active participant in the company since then. brian lamb: does that make a difference to you? sally denton: you know, this is not a, i think what the main thrust of this book and what was surprising to me, this is not a gotcha story. this company is particularly interesting because it is one of the largest privately owned companies, so it does not have the same transparency that other public corporations do.
i think that that kind of revolving door, the weinberger , that revolving door who -- has become common so it does not seem unusual anymore. at the time, it was really the beginning of, i would argue that bechtel created the revolving door, that there was never a company more integral with the u.s. government. i mean, the cooling off period that is standard, it is almost a joke. nobody pays attention anymore. the lines are so blurred, to see joe biden, senator biden talking about that at that time, i cannot imagine that even being a discussion these days. it is so rare on capitol hill for someone to question a nominee about his corporate ties.
brian lamb: george shultz, secretary of labor, director of office of management and budget, executive vice president at bechtel, president and director of bechtel, secretary of state, director and senior counsel at bechtel. is he still on the board? sally denton: i don't know. everything relating to the board of directors and shareholders, all of that you have to take it face value because they are not required to file anything with the security exchange commission or shareholder reports. what his relationship is or his family's relationship is is not declared. brian lamb: on weinberger, secretary of defense, chairperson of the federal trade commission, vice president of general counsel, secretary of
defense. you focus a lot on both weinberger and george shultz in the book. tell us why. sally denton: not really. i focus a lot on that era, the reagan revolution as it relates to the expansion of bechtel throughout the world, the expansion of the american west as a power center, and so reagan coming, both men, as you have said had been in the nixon administration also a california political figure, but the theme of the book beginning with the hoover dam, which really was the first megaproject, the creation of a public-private development that made california possible, made the american southwest