[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]










           CYBER PREPAREDNESS AND RESPONSE AT THE LOCAL LEVEL

=======================================================================

                             FIELD HEARING

                               before the

                            SUBCOMMITTEE ON
                     CYBERSECURITY, INFRASTRUCTURE
                        PROTECTION, AND SECURITY
                              TECHNOLOGIES

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 7, 2016

                               __________

                           Serial No. 114-62

                               __________

       Printed for the use of the Committee on Homeland Security
                                     



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/
                            __________
                            

                         U.S. GOVERNMENT PUBLISHING OFFICE 

22-755 PDF                     WASHINGTON : 2016 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            
                            

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island
    Chair                            Brian Higgins, New York
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Lou Barletta, Pennsylvania           Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania            Filemon Vela, Texas
Curt Clawson, Florida                Bonnie Watson Coleman, New Jersey
John Katko, New York                 Kathleen M. Rice, New York
Will Hurd, Texas                     Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Daniel M. Donovan, Jr., New York
                   Brendan P. Shields, Staff Director
                    Joan V. O'Hara,  General Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY 
                              TECHNOLOGIES

                    John Ratcliffe, Texas, Chairman
Peter T. King, New York              Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             Loretta Sanchez, California
Scott Perry, Pennsylvania            Sheila Jackson Lee, Texas
Curt Clawson, Florida                James R. Langevin, Rhode Island
Daniel M. Donovan, Jr., New York     Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Brett DeWitt, Subcommittee Staff Director
                   John Dickhaus, Subcommittee Clerk
       Christopher Schepis, Minority Subcommittee Staff Director
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
       
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statement

The Honorable John Ratcliffe, a Representative in Congress From 
  the State of Texas, and Chairman, Subcommittee on 
  Cybersecurity, Infrastructure Protection, and Security 
  Technologies...................................................     1

                               Witnesses

Mr. Alphonse Davis, Deputy Director/Chief Operations Officer, 
  Texas A&M Engineering Extension Service:
  Oral Statement.................................................     4
  Prepared Statement.............................................     6
Mr. Sam Greif, Chief, Plano Fire-Rescue Department, Plano, Texas:
  Oral Statement.................................................     7
  Prepared Statement.............................................     9
Mr. Richard F. Wilson, Lieutenant, Dallas Police Department, 
  Dallas, Texas:
  Oral Statement.................................................    11
  Prepared Statement.............................................    14
Mr. Don Waddle, Detective (Ret.), Greenville Police Department, 
  Greenville, Texas:
  Oral Statement.................................................    15
  Prepared Statement.............................................    17

                                Appendix

Questions From Chairman John Ratcliffe for Alphonse Davis........    29
Questions From Chairman John Ratcliffe for Sam Greif.............    30
Questions From Chairman John Ratcliffe for Richard F. Wilson.....    30
Questions From Chairman John Ratcliffe for Don Waddle............    30
 
           CYBER PREPAREDNESS AND RESPONSE AT THE LOCAL LEVEL

                              ----------                              


                        Thursday, April 7, 2016

             U.S. House of Representatives,
                    Committee on Homeland Security,
 Subcommittee on Cybersecurity, Infrastructure Protection, 
                                 and Security Technologies,
                                                       Sherman, TX.
    The subcommittee met, pursuant to call, at 11:09 a.m., in 
the Mabee Foundation Banquet Room, Wright Campus Center, Austin 
College, 1301 East Brockett, Sherman, Texas, Hon. John 
Ratcliffe [Chairman of the subcommittee] presiding.
    Present: Representative Ratcliffe.
    Also present: Representative Burgess.
    Mr. Ratcliffe. Good morning. The Committee on Homeland 
Security, Subcommittee on Cybersecurity, Infrastructure 
Protection, and Security Technologies will come to order.
    The subcommittee is meeting today to learn how State and 
local officials prepare for, respond to, and investigate cyber 
incidents, and to learn about different cyber training 
opportunities for State and local officials to bolster our 
cyber preparedness and response.
    I appreciate the effort taken by everyone that is involved 
here to put together an important field hearing. I would like 
to start by thanking our friends here at Austin College for 
letting us hold this hearing today here at the Mabee Hall.
    This is an official Congressional hearing, as opposed to a 
town hall meeting, and, as such, there are certain rules of the 
Committee on Homeland Security and the House of Representatives 
that we have to abide by. So for our guests here today, we 
can't have demonstrations from the audience, including 
applause, verbal outbursts, the use of signs or placards. All 
those things, as fun as they may sound, are a violation of the 
rules of the House of Representatives. It is important that we 
do respect the decorum and rules of the committee, and I have 
also been requested to say that photography and cameras are 
limited to accredited press only and can't be used for campaign 
or political purposes.
    As Americans become more aware every single day as they 
turn on their computers and their televisions, cyber threats 
are exponentially increasing. They come from criminal 
organizations, nation states like China, Russia, and Iran, and 
even terrorist groups like ISIS. These attackers don't only 
target Federal networks, big banks, and National retail chains. 
They also hit towns and families and local businesses. So there 
is a great need to address cybersecurity at the State and local 
level.
    From emergency response centers, Department of Motor 
Vehicle offices, to courthouses and our critical 
infrastructure, the exploitable vulnerabilities and possible 
consequences for public safety are alarming. On the law 
enforcement side, FBI Director Jim Comey recently testified 
that an element of virtually every National security threat and 
crime problem that the FBI faces is cyber-based or facilitated. 
It is incredible that Federal law enforcement is seeing a cyber 
element to almost every single crime.
    Because society is increasingly connected, we can be 
certain that our State and local law enforcement are seeing the 
same trend, arguably with even fewer tools to address it. It no 
longer takes a sophisticated cyber criminal to compromise 
sensitive information from companies and from everyday 
Americans, and law enforcement is seeing a cyber element to 
almost every crime. It is vital that State and local law 
enforcement, the prosecutors and judges all be properly trained 
to respond to cyber crime and to protect the American people.
    We have recently seen a flurry of ransomware attacks 
against hospitals, including at least one located here in the 
4th Congressional District of Texas, where patients' personal 
medical data is encrypted and held hostage until the hospital 
pays a ransom to get it back. As reports indicate, cyber 
attacks against emergency workers are spiking and will continue 
to rise.
    We all recognize that interconnectivity and automation 
increase convenience and improve responses. Emergency services 
are just one area where automation and interconnectivity 
provide clear benefits to us all. But while these technologies 
increase efficiency and cut costs, they do present new risks 
that, if exploited, could bring vital emergency services and 
our critical infrastructure to a halt.
    Regardless of the magnitude of a natural or man-made 
disaster, first responders--firemen, police, paramedics, and 
National Guardsmen--are the ones, the first ones that are on 
the scene. Their ability to communicate and to execute key 
command-and-control responsibilities during an incident often 
depends entirely on internet-enabled technologies.
    As we examine cyber preparedness and response at the State 
and local level, I am pleased that we are joined by a number of 
distinguished witnesses this morning who are at the tip of the 
spear in this effort. I look forward to hearing about how they 
are preparing for, responding to, and mitigating and 
investigating the threats that we face right now in cyber 
space.
    I am also pleased that this hearing is taking place not in 
the halls of Congress today but right here in the 4th 
Congressional District of Texas, the first-ever Congressional 
hearing here in Grayson County. The police, prosecutors, 
judges, paramedics, and firefighters, they all need the 
appropriate tools and training to respond to the increasing 
threats that we face, and to make sure that they are fully 
equipped, we need to hear directly from them. The best 
solutions, believe it or not, don't usually come from 
Washington, DC. People often hear me say that governing is a 
team sport, and I think that today's hearing and the location 
of today's hearing hopefully reinforces that fact.
    As Chairman of this subcommittee, I have been closely 
examining these challenges. I will continue to lead efforts in 
Congress to strengthen our Nation's cyber defenses and provide 
for the common defense against these National security threats.
    Last fall, I authored and moved legislation to strengthen 
State and local cyber crime-fighting efforts. Specifically, the 
legislation would support the National Computer Forensics 
Institute, or NCFI, which is run by the United States Secret 
Service, and provides greatly-needed cyberforensics training to 
State and local law enforcement across the country, including 
those right here in Texas' 4th District. In fact, we are 
pleased today that one of our witnesses, former Greenville 
Detective Don Waddle, was trained at the NCFI.
    Today I hope this subcommittee will learn more about how 
first responders here in Texas are being trained to address 
cyber incidents, how first responders are preparing for and 
responding to cyber incidents, and how local law enforcement 
officials are being trained in computer forensics.
    This hearing will provide needed background to further 
reinforce the subcommittee's efforts regarding cyber training 
and workforce needs at the State and local level. Cybersecurity 
is a shared responsibility, including all levels of government 
and the private sector.
    While much has been done to improve our Nation's 
cybersecurity, there are a number of challenges that remain. I 
look forward to hearing from our witnesses today as we consider 
ways to address those challenges.
    My good friend, Mr. Burgess of Texas, is here today, and I 
ask unanimous consent for him to be permitted to sit and 
participate in today's hearing.
    Without objection, so ordered.
    Other committee Members are reminded that opening 
statements may be submitted for the record.
    Before I introduce the distinguished panel of witnesses 
before us on this important topic today, again I would like to 
thank a number of folks that are here.
    I mentioned Austin College President Hass, for always being 
a hospitable host to us.
    We have a number of law enforcement folks that are here 
today that are not testifying.
    Lieutenant McGreevy from Sherman Police Department.
    From Denison Police Department we have Assistant Chief Joe 
Clapp, Assistant Chief Don Maury, Paris Fire Chief Larry 
Wright, and Assistant Chief Thomas McGonagall.
    Constable Bob Douglas from Grayson County; Commissioner 
Jeff Whitmeyer from Grayson County; Dan Sharp from the Denison 
IT department; Tom Watt, a Grayson County sheriff-elect.
    We have Rita Knowles, justice of the peace, who is here, 
Tammy Johnson from the Sherman City Council, Kevin Couch from 
the Sherman City Council, Reggie Smith, esteemed local 
activist.
    We have assistant chief of the Sherman Police Department, 
Lieutenant John Henneberg, here. I would also like to welcome 
Terra Petty and Daryl Birkland from Wilson and Jones IT 
department.
    I am sure I am leaving some others out and I apologize, but 
I am trying to recognize everyone who has taken the time to be 
here, including a number of students here from Austin College. 
Welcome. Thank you for being a hospitable host to us. I would 
say that I have been the beneficiary personally of a number of 
Austin College students who have interned in my Congressional 
office, and a number of them are here today. Thank you for 
coming back. It is great to see you all again.
    With that, I would like to recognize our distinguished 
panel of testifying witnesses this morning.
    We have with us Mr. Al Davis, who is the deputy director 
and chief operations officer at Texas A&M Engineering Extension 
Service. Welcome, Mr. Davis.
    Mr. Davis. Thank you, sir.
    Mr. Ratcliffe. We have Mr. Sam Greif, the chief of the 
Plano Fire-Rescue Fire Department, who is testifying on behalf 
of the International Association of Fire Chiefs. Welcome, 
Chief.
    Mr. Greif. Thank you, sir.
    Mr. Ratcliffe. We have Mr. Richard Wilson, who is a 
lieutenant with the Dallas Police Department. Welcome, 
lieutenant.
    Last but not least, we have now-retired Detective Don 
Waddle from the Greenville Police Department.
    Mr. Waddle. Thank you, sir.
    Mr. Ratcliffe. Very good. All right.
    With that, I would like to ask the witnesses to stand so 
that I can administer an oath.
    [Witnesses sworn.]
    Mr. Ratcliffe. Let the record reflect that the witnesses 
have answered in the affirmative.
    The witnesses' full written statements will appear in the 
record.
    You may be seated.
    The Chair now recognizes Mr. Davis for 5 minutes for his 
opening statement.

 STATEMENT OF ALPHONSE DAVIS, DEPUTY DIRECTOR/CHIEF OPERATIONS 
        OFFICER, TEXAS A&M ENGINEERING EXTENSION SERVICE

    Mr. Davis. Thank you very much, Mr. Ratcliffe. I would like 
to thank you and also Mr. Burgess and other Members of the 
subcommittee. It is an honor to appear here before you on 
behalf of our agency, the Texas A&M Engineering Extension 
Service, to discuss cyber preparedness and response at the 
local level.
    I will start by telling you just a little bit about TEEX. 
We are affectionately known as TEEX to those that we train and 
that we partner with. We began training in 1930. The impact is 
at the local, State, and National, and global levels. We cover 
training and technical assistance across the entire homeland 
security enterprise domain to include cybersecurity, and an 
important part of our mission and our role is our extension 
service, we are proud to say, to the great State of Texas.
    Our relationships. First of all, we have relationships with 
responders across all disciplines, all 16 disciplines, at the 
State and local levels. With DHS/FEMA, we have relationships 
not only with the National training and education division but 
with CS&C, Cybersecurity and Communications, who we dialogue 
with. We also dialogue with the Infrastructure Protection 
Directorate, Personal Protection Directorate, and the Office of 
Bombing Prevention.
    We also have consortium memberships, first of all, since 
1998, with the National Domestic Preparedness Consortium, with 
the National Cybersecurity Preparedness Consortium, and we are 
also a member of the Forensics Consortium. Those memberships 
help us to address cybersecurity across a number of areas.
    Our role in addressing the cybersecurity challenge began in 
2010 when DHS/FEMA asked us to take on some training that was 
previously done on a competitive training grant. We have also 
linked cybersecurity to emergency planning and response, and we 
think that is very, very important.
    Why we think it is important: I think the police chiefs and 
fire chiefs would agree, we used to think about cybersecurity 
on the left hand and emergency planning and response on the 
right hand, and they should be thought about together, because 
if the emergency response planner or manager thinks that they 
can really put off a plan or respond without cyber intrusion, 
that is not accurate. That is really not accurate because of 
those reasons you stated, sir.
    We have done some pioneering efforts also, and what I mean 
by that is when we visit a lot with our partners at DHS/FEMA, 
we didn't visit in silos. We thought there was a need to bring 
them together, and we are proud to say that we did, in fact, 
bring those different entities together to actually develop 
further training. So again, we were pioneers in that effort.
    We also at TEEX, through cybersecurity technical assistance 
and vulnerability assessments--that is very important, we do 
that not only with some universities, but we have been doing 
that with some communities. We have done some training also, 
assessments that is, in Congress, and Texas also, sir.
    As far as our products go--and that is our training 
courses--this focuses also on training, and I will refer to 
something we submitted, our statement. We had 5 instructor-led 
courses. Four deal with cyber and incident management, and it 
comes from the community level, the Essentials of Community 
Cybersecurity, Community Preparedness, and Community 
Cybersecurity Exercise Planning.
    We also have 10 on-line courses that are provided at no 
cost to individuals, designed for 3 levels of students, 
including the general user, which is very important--you 
addressed that, sir--the information technology staff and 
specialists, and for business managers also. So again, that 
training is, at no cost, available to the general public.
    As far as our results, over the last 5 years TEEX has 
provided cybersecurity training for students and participants 
in 40 States and 5 territories, reaching a total of 32,900 
training instances, and we think that is very, very important.
    As we move forward, sir, we will continue to work closely 
with States and local communities in identifying their needs 
and supporting their efforts. States have reported, through the 
National Preparedness Reports beginning in 2012, that 
cybersecurity is a key National area of improvement and 
concern, and it is listed as a top priority in the 2014 and 
2015 National Preparedness Report.
    So again, we are very, very pleased to be here. We have 
submitted a statement in more detail, and I will be willing, 
sir, when appropriate, to take your questions that you may 
have.
    [The prepared statement of Mr. Davis follows:]
                  Prepared Statement of Alphonse Davis
                             April 7, 2016
    Chairman Ratcliffe, and other distinguished Members of the 
subcommittee, it is an honor to appear before you today on behalf of 
the Texas A&M Engineering Extension Service (TEEX) to discuss cyber 
preparedness and response at the local level.
         history of teex emergency management training program
    TEEX, a State of Texas agency and member of the Texas A&M 
University System (TAMUS), began training State and local responders in 
1930, and today trains over 170,000 annually from across the world. In 
1998, TEEX became a founding member of the National Domestic 
Preparedness Consortium (NDPC). The NDPC is a partnership of 7 
universities and organizations that are the primary means through which 
the Department of Homeland Security/Federal Emergency Management 
Agency's (DHS/FEMA) National Training and Education Division (NTED) 
provides training to State, local, Tribal, and territorial responders 
and communities in support of PPD-8--National Preparedness. The NDPC is 
Congressionally-authorized and annually appropriated funding through 
the Homeland Security National Training Program to develop and deliver 
training for the Nation's emergency first responders within the context 
of all hazards; including chemical, biological, radiological, and 
explosive Weapons of Mass Destruction (WMD) hazards. To date the NDPC 
has trained over 2.4 million, more than 540,000 of which were trained 
by TEEX.
    This long-term relationship with State and local level emergency 
managers, responders, and leaders, and infrastructure/industrial 
partners, along with more than 20 years of experience in workforce and 
software development, prepared TEEX to provide training on preparedness 
and response for cyber incidents or attacks. In today's connected world 
cyber refers to anything that contains, is connected to, or is 
controlled by computers and computer networks.
                beginning of teex cyber training program
    In 2010, at the request of FEMA, TEEX began training State and 
local communities in cybersecurity awareness, specifically where local 
communities and responders need to collaborate with their critical 
infrastructure partners in planning for and responding to a possible 
cyber attack or incident. TEEX launched this effort within their 
existing HSNTP funding (then fiscal year 2009--$22,344,500) by 
continuing the delivery and maintenance of cyber courses originally 
developed under FEMA Continuing Training Grants and awarded to other 
universities.
    At the National level, the need for an increase in cybersecurity 
awareness and the ability to collaboratively plan with critical 
infrastructure partners was highlighted through PPD-21--Critical 
Infrastructure Security and Resilience and EO-13636--Executive Order 
Cybersecurity/Presidential Policy Directive on Critical Infrastructure 
Security and Resilience. TEEX responded to the growing need by 
expanding the cyber training program and leveraging the partnerships 
with the DHS Office of Infrastructure Protection (IP) and the DHS 
Office of Cybersecurity and Communications (CS&C). TEEX had previously 
developed 2 courses on the protection of critical infrastructure with 
DHS/IP and was asked to develop a third, which specifically-focused on 
the challenges of both physical and cybersecurity on critical 
infrastructure, with DHS/IP and DHS/CS&C.
             current teex training and assessment programs
    TEEX trains students through the DHS/FEMA HSNTP, offered at no cost 
to State, local, Tribal, and territorial communities, and includes:
   5 instructor-led courses that are delivered across the 
        country and the U.S. territories, allowing communities to train 
        together in the classroom:
     4 courses on cyber and incident management
         Promoting Community Cybersecurity
         Essentials of Community Cybersecurity
         Community Preparedness for Cyber Incidents
         Community Cybersecurity Exercise Planning.
     1 course specifically addressing both physical and 
            cybersecurity
         Physical and Cybersecurity for Critical 
            Infrastructure.
   10 on-line courses, available at no cost to individuals, 
        designed for 3 levels of student, including:
     3 courses for General Users, covering broadly-applicable 
            awareness needs
     4 course for Information Technology staff and specialists, 
            addressing security, forensics, and response techniques for 
            IT systems
     3 courses for Business Management staff that include Risk 
            Management and legal parameters critical to small 
            businesses.
    In addition to training, TEEX also provides technical assistance, 
offering community and organizational vulnerability assessments and 
compliance reviews. Vulnerability assessments include network 
vulnerability testing, review and validate IT security processes, and 
review IT system security configurations, while compliance reviews 
include organizational policy conformance reports and recommendations 
to make their systems more secure.
                implementation of teex training programs
    Over the last 5 years, TEEX has provided cybersecurity training for 
students in 40 States and 5 territories, reaching a total of 32,290 
students. These students trained both in the classroom and on-line.
   Instructor-led training (delivered in local communities):
     345 deliveries to 8,413 students in the United States
     31 deliveries to 815 students in Texas.
   Online training:
     23,877 students in the United States
     4,264 students in Texas
     50 students in TX District 4.
                    future of teex training programs
    As we move forward, we will continue to work closely with States 
and local communities in identifying their needs and supporting their 
efforts. States have reported through the annual National Preparedness 
Reports, beginning in 2012, that cybersecurity is a key National area 
of improvement, listing it as a top priority in 2014 and 2015. Some of 
our recent work in support of the States includes:
   Working with States to provide employee training web portals 
        with direct access to State-identified required on-line cyber 
        training and reporting capabilities for States to monitor 
        employee progress in completing the courses. Student training 
        portals are now active for the States of Arkansas, Louisiana, 
        and Wyoming, as well as Fresno Pacific University in 
        California.
   Most recently, as a member of the National Cybersecurity 
        Preparedness Consortium (NCPC), consisting of 5 partners 
        focused on training for State and local communities, TEEX is 
        developing new training on the integration of cybersecurity 
        into the local Emergency Operations Center (EOC). Through FEMA 
        NTED's Continuing Training Grants, TEEX will develop 2 hands-on 
        courses, with simulated scenarios designed to develop 
        managerial and operational-level skills sets. The first course, 
        now in development and piloted in Utah and Rhode Island, is 
        designed to help ensure that traditional emergency management 
        personnel and IT personnel recognize the importance of working 
        together to mitigate the effects of a cyber incident. A second, 
        more technical, course will follow and will provide students 
        with the key skills and processes needed to more effectively 
        defend their organizational networks.
    In summary, we will continue to focus on how we can further assist 
and prepare local entities for a cyber incident, as well as enhancing 
engagement with the public and private sectors in planning and response 
to a cyber incident.

    Mr. Ratcliffe. Thank you, Mr. Davis.
    The Chair now recognizes Chief Greif for his opening 
statement.

 STATEMENT OF SAM GREIF, CHIEF, PLANO FIRE-RESCUE DEPARTMENT, 
                          PLANO, TEXAS

    Mr. Greif. Good morning, Chairman Ratcliffe, Representative 
Burgess. Today I thank you for the opportunity to represent the 
International Association of Fire Chiefs to discuss this 
important topic.
    Cyber crime and cyber attacks are an ever-increasing threat 
to the American homeland. However, fire and emergency services 
are still learning how to recognize these threats and the 
adverse effects of those to our operations. There have been 
attempts to use robocalls and other service attacks that would 
affect operations of 9-1-1 public safety answering points. In 
addition, we have seen recent examples of cyber attacks against 
hospitals in California, Kentucky, and the Washington, DC area.
    The greater concern is that a cyber attack can be used in 
conjunction with kinetic bombing or an active-shooter incident 
to create confusion during the response. Fire and EMS 
departments must be vigilant for malware, phishing, spam, 
spyware, and other new and diverse threats. The keys to 
successful cybersecurity efforts for fire and EMS departments 
are multifaceted.
    We need to harden and test systems, stay aware of and 
informed by our new threats, and make sure that the staff are 
trained and prepared to prevent and to respond to a cyber 
incident. It is vital that fire and EMS departments take steps 
to protect themselves.
    During my tenure with the Fort Worth Fire Department, I 
oversaw our Fire Communications Division. In order to protect 
our computer-aided dispatch and 9-1-1 systems, IT departments 
segregated them from the outside world. This reduced their 
vulnerability. We updated the systems by testing updates and 
manually installing them on our servers.
    To protect the PSAPs, departments have to constantly test 
the 9-1-1 system vulnerabilities to make sure that they can 
withstand a concerted service attack. PSAPs also should be 
constructed securely from the outside attacks and have 
resilient systems as back-up.
    As public safety communications move to digital systems, 
they can become vulnerable to cyber attacks. These 
communication systems must be secured. Fire and EMS departments 
also must stay aware of new threats. State and local fusion 
centers can provide information about cyber threats. In 
addition, Federal information-sharing systems like the Homeland 
Security Information Network are good sources of cyber 
information for fire and EMS chiefs.
    Fire and EMS chiefs also should develop close working 
relationships with their local law enforcement, emergency 
managers, IT departments, and the surrounding jurisdictions. At 
Fort Worth, I worked with the local police and intelligence 
communities to stay aware of these threats. In Plano, I meet 
monthly with the police chief, the public safety communications 
director, the emergency management director, and among our 
discussions is how to improve and secure our communications 
systems.
    Major events require regional planning. For Super Bowl XLV 
in 2011, we developed a multi-county consortium and developed a 
communications plan that actually included response to cyber 
terrorism.
    Finally, training and exercises are key to preventing and 
responding to an incident. Antivirus software must be kept up-
to-date. Staff should adopt preparedness and a culture to not 
put on any links to malware, spyware, or other threats. Fire 
and EMS chiefs also can study the effects of cyber attacks and 
other public safety and private organizations and learn how to 
mitigate the consequences before they occur.
    The Federal Government can be an important partner in a 
Federal cybersecurity regime. Many fire departments are not 
aware of the threat that they face. DHS can work with the U.S. 
Fire Administration and the National Fire Academy to develop 
standards and training for all fire and EMS departments. Fire 
chiefs recommend that the U.S. Fire Administration's budget be 
restored to the fiscal level of 2011, which was $45.6 million, 
in order to facilitate this type of educational effort. In 
addition, DHS can continue to fund the State Homeland Security 
Grant Program and the Urban Area Security Initiative, also 
known as UASI. These programs support their operations. In 
addition, these grants can be used to fund cyber components to 
regional training. Unfortunately, the administration's fiscal 
year 2017 budget request would impose Draconian cuts on these 
programs. The State Homeland Security Grant Program will be cut 
by more than 50 percent, and the UASI program would be cut by 
45 percent. We recommend that these programs be funded at least 
to the fiscal year 2016 level of $467 million for State 
Homeland Security Grant Program and $600 million for UASI.
    Thank you for the opportunity to represent Fire and 
Emergency Services at today's hearing. Local fire and EMS 
departments must take necessary precautions to protect 
themselves from this new and emerging threat. In addition, the 
Federal Government can provide critical information, education, 
and practical training about the threat of cyber attacks.
    I look forward to answering any questions you may have.
    [The prepared statement of Mr. Greif follows:]
                    Prepared Statement of Sam Greif
                             April 7, 2016
    Good morning, Chairman Ratcliffe, Ranking Member Richmond, and 
Members of the subcommittee. I am Chief Sam Greif of the Plano Fire-
Rescue Department. Today I am pleased to testify on behalf of the 
International Association of Fire Chiefs. The IAFC represents more than 
11,000 leaders of the Nation's fire, rescue, and emergency medical 
services. Thank you for the opportunity to discuss important issues 
related to cybersecurity and the fire and emergency service. This is a 
growing threat that adds yet another mission for the America's 
firefighters and emergency medical personnel.
                      the problem of cybersecurity
    Cyber crime and cyber attacks are becoming a more prevalent threat 
to the American homeland. A 2010 report by Norton found that two-thirds 
of the world's population have been the victim of some form of cyber 
crime. A 2009 study by McAfee demonstrated that cyber crime, including 
security breaches and data theft, may have cost international business 
has much as $1 trillion. We have seen how cyber attacks can harm major 
universities, medical facilities, financial institutions, retailers, 
local governments, and Federal agencies.
    The fire and emergency service is just beginning to recognize how 
these threats can affect our operations. There have been attempts to 
use robocalls and other denial-of-service attacks to affect operations 
at 9-1-1 Public Safety Answering Points (PSAP). Just recently, we have 
seen a rash of cyber attacks against hospitals in California, Kentucky, 
and the Washington, DC area. In addition, we always must be vigilant 
for malware, phishing, spammers, and spyware which are aimed at 
infiltrating and debilitating our systems.
    From the fire and emergency service's perspective, it is important 
that we protect vital systems that support our operations. The 9-1-1 
systems are necessary for the public to call and request assistance 
during emergency situations. Computer-aided dispatch (CAD) systems are 
essential for determining which units are available to respond and 
assigning them to an incident scene. These units must be able to 
communicate with the dispatch center, command units and each other 
effectively at the incident scene. In addition, patient reporting 
information must be protected by the emergency medical service (EMS), 
because of the nature of the data. As the Nation transforms to a more 
digital world and the ``Internet of Things,'' all of these capabilities 
will be presented with an increasing number of opportunities to provide 
service to our citizens and a corresponding number of vulnerabilities 
to cyber threats.
               protecting the fire and emergency service
    As they consider the various threats to their computer systems, 
fire and EMS departments must take steps to protect themselves. Before 
I became fire chief in Plano, I served for 30 years in the Fort Worth 
Fire Department, where I oversaw the city's 9-1-1 center for 10 years. 
One of our major missions was to protect our CAD and 9-1-1 systems from 
cyber attacks. To protect our systems, we segregated them from the 
outside world. This action minimized the ability of outsiders to 
compromise our systems through the internet. To update our systems, we 
would have to go to the server and install software manually. It is 
important to recognize, though, that most of a fire and EMS 
department's computer systems, like human resources, email, and 
finance, will be part of the overall jurisdiction's information 
technology (IT) systems.
    Fire and EMS departments also have to take steps to harden their 
systems. In order to protect their 9-1-1 systems from massed robocalls 
aimed at taking down the system, the departments have to constantly 
test their systems' vulnerabilities to make sure that they can 
withstand heavy call volumes. The fire departments also have to 
download and use a testbed to evaluate all software before installing 
it. It is important to realize that--as communications systems move to 
digital systems that use VoIP--these systems need to be secure from 
cyber attacks that might compromise life-saving operations on the fire 
scene. In addition, 9-1-1 Public Safety Answering Points (PSAP) should 
be constructed to be secure from outside attacks and have resilient 
systems and back-up power.
    As with other threats, local fire and EMS chiefs must stay aware of 
new threats and prepare for them. The best way to stay informed is to 
develop relationships with intelligence fusion centers, Federal 
officials and local law enforcement. If fire and EMS departments can 
support the staffing requirements, they should have personnel stationed 
at the State and local fusion centers. Grants administered by the 
Federal Emergency Management Agency (FEMA), including the State 
Homeland Security Grant Program (SHSGP) and Urban Areas Security 
Initiative (UASI), will support fire and emergency service personnel in 
fusion centers. Fire and EMS departments also should maintain close 
relationships with local Joint Terrorism Task Forces. These resources 
will keep fire and EMS chiefs informed on the latest cyber threats and 
help them address any vulnerabilities.
    It also is important to develop close working relationships with 
local law enforcement officials. In Fort Worth, I worked with the local 
police intelligence unit, which was aware of new threats to the 
community. In Plano, the public safety group, composed of the city 
communications director, the police chief, the emergency manager and 
me, meet monthly to discuss threats and how to prepare for them.
    Federal information-sharing systems, like the Homeland Security 
Information Network (HSIN), also can provide important information 
about cyber threats and how to prepare for them. HSIN is a National, 
secure, web-based portal for information sharing and collaboration 
between Federal, State, local, Tribal, territorial, and private-sector 
partners. HSIN has a community of interest dedicated to the fire and 
emergency service. The U.S. Department of Homeland Security (DHS) must 
make sure that cybersecurity-related information is added to this 
community of interest, so that local fire and EMS chiefs can access it.
    Since fire and EMS departments depend on mutual aid to respond to 
major incidents, they should address cybersecurity concerns as part of 
their planning and training. Communications must be interoperable 
during an incident; a breakdown in communications or dispatch systems 
during an incident could cause confusion at a critical time. To address 
this risk, the North Central Texas Council of Governments addressed 
cybersecurity as part of its interoperability plans. For Super Bowl XLV 
in 2011, the Multi-Quad County Consortium developed a communications 
plan that addressed cybersecurity concerns and developed plans for 
responding to a cyber attack.
    Finally, training and exercises are key to preventing and 
responding to an incident. One of the basic ways to protect computer 
systems is to train staff not to click on spamware, malware, or 
spoofing attacks. In addition, fire and EMS departments must ensure 
that all of their virus software is up-to-date. These are simple tasks 
that can protect a system. Fire and EMS departments also can audit 
their systems to evaluate vulnerabilities. It also is worthwhile to 
study the effects of cyber attacks on other public safety organizations 
to see how their operations were affected and what they did to mitigate 
the damage. Local fire and EMS departments can work with local law 
enforcement agencies, emergency managers and the jurisdictions' IT 
staff to plan and exercise contingency plans in case of cyber attacks 
aimed at taking down key systems.
                     the federal government's role
    The Federal Government can be an important partner. Most 
importantly, it can help educate fire and EMS departments about the 
cybersecurity threat. The DHS's Office of Cybersecurity and 
Communications (C&SC) can work with FEMA to raise awareness in local 
fire departments about the threats that cyber attacks can pose. The 
U.S. Fire Administration (USFA) is an agency within FEMA that supports 
the local fire and emergency service. By working with USFA and its 
National Fire Academy, C&SC can develop education and training to help 
fire and EMS departments learn how to determine which systems might be 
vulnerable to cyber attacks and make the necessary changes to protect 
them. It is important to note that the President's fiscal year 2017 
budget proposes to cut USFA by $1.7 million. We recommend that--
instead--Congress fund USFA at the fiscal year 2011 level of $45.6 
million, so that the agency can develop training for emerging threats 
like cybersecurity.
    Also, DHS can continue to support training and exercises to help 
fire and EMS departments prepare for the threat of a cyber attack. A 
cyber-related component can be added to the State and local exercises. 
In addition, DHS should continue to support State and local fusion 
centers, which serve an important purpose in sharing threat 
information. These programs are funded though the SHSGP and UASI 
programs. Unfortunately, the President's fiscal year 2017 budget 
proposes to cut these programs drastically. The budget would cut the 
SHSGP program to $200 million (a decrease of more than 50%) and the 
UASI program would be cut to $330 million (a 45% cut). We urge Congress 
to fund these programs--at least--at the fiscal year 2016 level of $467 
million for the SHSGP program and $600 million for the UASI program.
    Recently, the DHS National Protection and Programs Directorate 
(NPPD) announced a proposal to realign itself to have a greater focus 
on cybersecurity. Overall, the IAFC is supportive of this proposal. 
However, we have concerns about how this realignment would affect the 
Office of Emergency Communications (OEC). The OEC's mission is to 
promote public safety communications interoperability using a local 
stakeholder-directed approach. The IAFC and other public safety 
organizations do not support efforts to move OEC under the 
Infrastructure Security component. Instead, we recommend that OEC 
remain a separate component within NPPD.
                               conclusion
    Thank you for the opportunity to testify at today's hearing. 
Cybersecurity is an issue of growing importance to the Nation. A 
breakdown of a fire and EMS department's CAD or communications system 
during the response to an incident could result in tragic consequences. 
It is important that local fire and EMS departments strengthen their 
systems to protect them. In addition, fire and EMS chiefs should 
develop strong working relationships with Federal, State, and local law 
enforcement officials to be aware of emerging threats. Finally, local 
fire and EMS chiefs should make sure that their staff are trained in 
basic cybersecurity safety, and plan and exercise for the consequences 
of a successful cyber attack. Taking these necessary precautions should 
help local fire and EMS departments to adapt to this emerging threat.

    Mr. Ratcliffe. Thank you, Chief Greif.
    The Chair now recognizes Lieutenant Wilson for his opening 
statement.

   STATEMENT OF RICHARD F. WILSON, LIEUTENANT, DALLAS POLICE 
                   DEPARTMENT, DALLAS, TEXAS

    Mr. Wilson. Good morning, sir. Chairman Ratcliffe, Mr. 
Burgess, thank you and Ranking Member Richmond for the 
opportunity to testify today.
    The challenges faced by law enforcement at the local level 
in preparing for and preventing cyber attacks are on the rise 
and continue to be difficult. While all Americans recognize our 
dependence on the internet and telecommunications devices to 
stay connected with the world, this increasing level of 
connectivity has resulted in additional responsibilities for 
public officials and law enforcement to police the world-wide 
communications network without impeding communications between 
the members of our community.
    The first and perhaps most difficult challenge the Dallas 
Police Department and our community partners face today is our 
total reliance on computer networks for operational and 
investigative functions. This all-inclusive dependence allows 
for a much greater negative impact on our abilities to perform 
our duties when these systems fail or become infected.
    Second, the extent of this connectivity enables persons and 
organizations with malicious intent to conduct cyber attacks 
from greater distances. This ability for a hacker to attack 
systems world-wide expands the list of possible suspects to all 
of the world's population that possess a smartphone or computer 
that is connected to the internet.
    Third, the quantity of information passing through all 
communications networks allows hackers to avoid the trained 
systems analysts and target their attacks to enter networks at 
their weakest points, by exploiting lapses in security 
committed by end-users or consumers.
    Since cyber attacks recognize no State and local 
jurisdictional boundaries, public officials and corporate 
managers must coordinate their investigative and management 
processes to define roles for all the partners.
    The pace at which technology continues to advance is 
currently outpacing law enforcement's ability to educate its 
workforce to recognize and address cyber crime activity. For 
those officials that do recognize the necessity to increase 
security infrastructures, and choose to develop or subscribe to 
cyber protection programs, the costs associated with these 
efforts often compete with funds required to maintain other 
essential tasks within the organizations, where the impact from 
these other functions can be more readily counted and observed 
by such measures as crime rates and response times to calls for 
service.
    For those State and local agencies that commit funds for 
hiring cyber-trained personnel, these agencies are often unable 
to compete financially with compensation packages and programs 
offered by private corporations and Federal agencies.
    Lastly, while most State and local agencies recognize their 
need to enhance cyber training for their existing workforce, 
the growing demand for cybersecurity and cyber investigative 
training far exceeds the current class sizes and training 
opportunities.
    Cyber training is an expanding area of instruction that 
often provides training to State and local partners at reduced 
costs or without tuition. While these programs reduce the 
direct costs of obtaining training for State, local, and Tribal 
employees, some indirect costs may result from committing a 
portion of the workforce to training. The student employee's 
absence can produce temporary staffing shortages that may 
adversely affect the employer agency's responsiveness to calls 
for service, visual presence and enforcement activity in the 
community, and the ability to conduct timely investigations of 
reported crimes.
    Due to the size and mission of the Dallas Police 
Department, and the wide range of assignment-based duties 
performed by DPD officers and civilians, supervisors within 
each division or unit are responsible for identifying job-
specific training needs beyond State-mandated training 
requirements, and obtaining instruction for all employees 
within their workgroup.
    Currently, a variety of on-site cyber training courses are 
offered by organizations such as the Federal Law Enforcement 
Training Center in Georgia, the National Computer Forensics 
Institute in Alabama, and Abbott Laboratories in Illinois. Some 
examples of additional training that can be obtained on-line 
are SEARCH On-line training and at the National White Collar 
Crime Center. There are also additional training and support 
programs offered by other DHS components, FEMA and ICE, as well 
as the Multi-State Information Sharing and Analysis Center.
    While detectives and analysts from the Dallas Fusion Center 
have been able to attend some of these training programs, there 
are always challenges for a first responder organization like 
the Dallas Police Department. As such, our core capabilities at 
the Dallas Fusion Center are always subject to staffing 
patterns, personnel changes, and other policy considerations, 
so that to keep our level of current cyber expertise consistent 
and on the cutting edge we need affordable access to cost-
effective and timely training to stay on the vanguard.
    Having said that, I think we can all agree that this 
challenge is one we face as a Nation, and not just in a select 
few States, regions, or cities. It will take a full-time 
training effort and identified funding resources for the first 
responders of the Dallas Police Department and other major 
metropolitan cities across the country to stay current in our 
struggle to meet the increasing sophistication of cyber crime, 
especially in today's threat landscape.
    While much progress has been made in identifying the needs 
of State, local, Tribal, and territorial agencies to address 
illegal cyber activity, opportunities do still exist to create 
cyber preparedness and responsiveness at the local level.
    The first area of support should be to provide increased 
scholarship support of formal education programs that contain 
emphasis on cybersecurity and cyber forensics. Funding for 
training is always an issue in the budgets of State, local, and 
Tribal agencies.
    Second, education and public service announcements should 
be developed and communicated by all levels of government to 
all Americans to clarify the importance of each citizen's role 
and responsibilities for creating a safer cyber network. This 
type of community outreach should emphasize the importance of 
hardening computer systems and provide tips for using 
technology in ways that reduce opportunities for computer 
hackers and criminals who benefit from security lapses.
    Third, until the gap between training opportunities supply 
is reduced to match the increasing need for training, 
additional facilities and programs should be created to provide 
training to State, local, and Tribal government employees.
    Last, I would urge each Member of Congress to continue to 
create legislation as necessary to address emerging methods of 
cyber crime activity as they are identified and require stiff 
incarceration sentences for those convicted of committing cyber 
crimes.
    Thank you again, Chairman Ratcliffe and Mr. Burgess, for 
the opportunity to testify before you today. I would be glad to 
answer any questions.
    [The prepared statement of Mr. Wilson follows:]
                Prepared Statement of Richard F. Wilson
                             April 7, 2016
    Chairman Ratcliffe, Ranking Member Richmond, Members of the 
subcommittee, thank you for the opportunity to testify today.
    The challenges faced by law enforcement at the local level in 
preparing for and preventing cyber attacks are on the rise, and 
continue to be difficult. While all Americans recognize our dependence 
on the internet and telecommunication devices to stay connected with 
the world, this increasing level of connectivity has resulted in 
additional responsibilities for public officials and law enforcement to 
police the world-wide communications network without impeding 
communications between all members of their community.
    The first and perhaps most difficult challenge the Dallas Police 
Department and our community partners face today, is our total reliance 
on computer networks for operational and investigative functions. This 
all-inclusive dependence allows for a much greater negative impact on 
our abilities to perform our duties when these systems fail or become 
infected.
    Second, the extent of this connectivity enables persons and 
organizations with malicious intent to conduct cyber attacks from 
greater distances. This ability for a hacker to attack systems world-
wide expands the list of possible suspects to all of the world's 
population that possess a smartphone or computer connected to the 
internet.
    Third, the quantity of information passing through all 
communications networks allows hackers to avoid the trained systems 
analysts, and target their attacks to enter networks at their weakest 
points, by exploiting lapses in security committed by end-users or 
consumers.
    Since cyber attacks recognize no State and local jurisdictional 
boundaries, public officials and corporate managers must coordinate 
their investigative and management processes to define roles for all 
partners.
    The pace at which technology continues to advance is currently 
outpacing law enforcement's ability to educate its workforce to 
recognize and address cyber crime activity. For those officials that do 
recognize the necessity to increase security infrastructures, and 
choose to develop or subscribe to cyber protection programs, the costs 
associated with these efforts often compete with funds required to 
maintain other essential tasks within the organizations, where the 
impact from these other functions can be more readily counted and 
observed by such measures as crime rates and response times to calls 
for service.
    For those State and local agencies that commit funds for hiring 
cyber-trained personnel, these agencies are often unable to compete 
financially with compensation packages and programs offered by private 
corporations and Federal agencies.
    Lastly, while most State and local agencies recognize their need to 
enhance cyber training for their existing workforce, the growing demand 
for cybersecurity and cyber investigative training far exceeds the 
current class sizes and training opportunities.
    Cyber training is an expanding area of instruction that often 
provides training to State and local partners at reduced costs or 
without tuition. While these programs reduce the direct costs of 
obtaining training for State, local, and Tribal employees, some 
indirect costs may result from committing a portion of the workforce to 
training. The student employee's absence can produce temporary staffing 
shortages that may adversely affect the employer agency's 
responsiveness to calls for service, visual presence, and enforcement 
activity in the community, and the ability to conduct timely 
investigations of reported crimes.
    Due to the size and mission of the Dallas Police Department, and 
the wide range of assignment-based duties performed by DPD officers and 
civilians, supervisors within each division or unit are responsible for 
identifying job-specific training needs beyond State-mandated training 
requirements, and obtaining instruction for all employees within their 
workgroup.
    Currently, a variety of on-site cyber training courses are offered 
by organizations such as the Federal Law Enforcement Training Center in 
Georgia, the National Computer Forensics Institute in Alabama, and 
Abbott Laboratories in Illinois. Some examples of additional training 
that can be obtained on-line are, SEARCH On-line training and at the 
National White Collar Crime Center. There are also additional training 
and support programs offered by other DHS components FEMA and ICE, as 
well as the Multi-State Information Sharing & Analysis Center.
    While detectives and analysts from the Dallas Fusion Center have 
been able to attend some of these training programs, there are always 
challenges for a first responder organization like the Dallas Police 
Department.
    As such, our core capabilities at the Dallas Fusion Center are 
always subject to staffing patterns, personnel changes, and other 
policy considerations, so that to keep our level of current cyber 
expertise consistent and on the cutting edge, we need affordable access 
to cost-effective and timely training to stay on the vanguard.
    Having said that, I think we can all agree that this challenge is 
one we face as a Nation, and not just in a select few States, regions, 
or cities.
    It will take a full-time training effort and identified funding 
resources for the first responders of the Dallas Police Department, and 
other major metropolitan cities across the country, to stay current in 
our struggle to meet the increasing sophistication of cyber crime, 
especially in today's threat landscape.
    While much progress has been made in identifying the needs of 
State, local, Tribal, and territorial agencies to address illegal cyber 
activity, opportunities to create cyber preparedness and responsiveness 
at the local level do still exist.
    The first area of support should be to provide increased 
scholarship support of formal education programs that contain emphasis 
on cybersecurity and cyber forensics. Funding for training is always an 
issue in the budgets of State, local, and Tribal agencies.
    Second, education and public service announcements should be 
developed and communicated by all levels of government to all 
Americans, to clarify the importance of each citizen's role and 
responsibilities for creating a safer cyber network. This type of 
community outreach should emphasize the importance of hardening 
computer systems, and provide tips for using technology in ways that 
reduce opportunities for computer hackers and criminals who benefit 
from security lapses.
    Third, until the gap between training opportunities supply is 
reduced to match the increasing need for training, additional 
facilities and programs should be created to provide training to State, 
local, and Tribal government employees.
    Last, I would urge each Member of Congress to continue to create 
legislation as necessary to address emerging methods of cyber crime 
activity, as they are identified, and require stiff incarceration 
sentences for those convicted of committing cyber crimes.
    Thank you again Chairman Ratcliffe and Ranking Member Richmond for 
the opportunity to testify before you today. I would be glad to answer 
any questions.

    Mr. Ratcliffe. Thank you, Lieutenant Wilson.
    The Chair now recognizes Detective Waddle for his opening 
statement.

 STATEMENT OF DON WADDLE, DETECTIVE (RET.), GREENVILLE POLICE 
                 DEPARTMENT, GREENVILLE, TEXAS

    Mr. Waddle. Good morning, Chairman Ratcliffe and Mr. 
Burgess. I thank you for the opportunity to speak with you all 
today.
    I served as a police officer in both the military and 
civilian police departments for 39 years. The last 25 years 
were spent with the Greenville Police Department in Greenville, 
Texas. The last 15 years I was also assigned to the Criminal 
Investigation Division working property crimes and fraud. Fraud 
often involves the use of computers to facilitate those crimes. 
Checks are generated and printed on computers. Credit card 
abuse and identity theft are often committed using the 
internet.
    I did retire from law enforcement on the 31st of last month 
and am now trying to settle into the quiet life.
    During the last 10 years I have also been assigned to the 
North Texas Electronic Crimes Task Force with the United States 
Secret Service and worked side-by-side with both special agents 
of the Secret Service and with numerous State and local 
investigators. We were all trained to recover evidence from 
computers and cell phones, and we do these examinations from 
agencies throughout North Texas. These cases involve anything 
from fraud, to narcotics, to child pornography, to murder, and 
capital murder. I have testified in trials from possession of 
child pornography, to enticing a child, to murder, and capital 
murder.
    As I look back at my career in law enforcement, I remember 
going to a call for a burglary, throwing some dust around and 
hoping that the perpetrators didn't get guns or the victims' 
checkbooks or credit cards. As time moved forward, computers 
and cell phones came into the game, and then my concern was, 
did they get the victims' computer passwords for their I-pads 
or their cell phones? It was obvious to me that for me to 
provide better service to the people of my city, I had to know 
how to catch the criminals and what they were doing, and what I 
needed to do to be able to present a case that would put these 
criminals in jail.
    Computer crime investigation is not an inexpensive pursuit. 
All of the software programs that you use for investigations 
are all very expensive. All of them have licenses that have to 
be renewed every year, and the monetary cost to a city of my 
size can be anywhere from $300 a year to tens of thousands of 
dollars a year for the software and equipment to do these 
investigations.
    We needed help. There was no way that we were going to be 
able to do that. That is where the Secret Service and Federal 
Government stepped in. They helped us help our citizens by 
providing us with training, equipment, and expertise. Because 
of the training I received, I became a more valuable asset to 
my department. I was sought out by other detectives for help 
with their investigations. In major crimes I have used the 
training I have received to assist with murder investigations 
by mapping out locations perpetrators used to hide their 
victims' bodies, or to helping detectives plot computer 
searches that outlined their case to intelligence for narcotics 
investigators.
    I am also called on to assist other local agencies with 
their investigations. They have used the information I provided 
to prepare their cases for prosecution. I am also called on by 
the prosecutors to answer questions regarding computer crime. 
Had I not had this training, I would not have made the new 
contacts that I had that have been very beneficial to me.
    In early 2006 I went to the United States Secret Service 
office, the Dallas field office, to drop off a computer for 
examination. I knew nothing about computers at that time. I 
spoke with Bob Sheffield, who was the head of the Electronic 
Crimes Special Agent Program there in the Dallas field office 
and the North Texas Electronic Crimes Task Force at the Dallas 
field office, and was telling him how interested I was in 
learning about forensics. He plainly said, ``We can do that for 
you.'' I went to the Federal Law Enforcement Training Center in 
Brunswick, Georgia for 6 weeks learning about computers and 
computer forensics. This was prior to the National Computer 
Forensics Institute.
    In that training I learned what a computer was, what the 
programs on a computer were, what their purposes were, and the 
overall operation of the computer, and I learned how to look 
for evidence of a crime.
    After that I went to the National Computer Forensics 
Institute in Hoover, Alabama. I started to go to the training 
there. I went to Advanced Forensics Training there. I went to 
the first class, which was one of the very first classes at the 
Institute of any kind, so there was a little bit of tweaking 
that needed to be done, and then I went back and learned a 
great deal that helped me towards my computer forensics.
    I also went to the Mobile Device Data Recovery school, or 
MDDR, which is cell phone training, and also just this last 
February went to Mac Forensic Training at the NCFI. The NCFI 
has worked very hard to give State and local officers like me a 
good, quality education and lots of tools for my toolbox and 
are always there to answer questions. I can call up there at 
any time if I have a question about something, and there is 
just somebody there who is going to be able to answer that 
question.
    The instructors that they have are all very expert in their 
field, and they work very hard to provide all of us with the 
proper training that we need to be able to do our jobs. You 
don't have to be on a level way above our heads to talk to us.
    I think that probably the best training that I ever 
received in my 39 years of law enforcement was there at NCFI. I 
walked away from each class very confident in what I had 
learned and was able to put all those things back into practice 
and was able to do those things, and I am grateful for that. I 
am grateful to the Federal Government for providing that kind 
of tool.
    I would encourage giving thought to increasing the size of 
those classes that were offered at the facility because cyber 
crime is not going to do anything but increase. I have 2 trials 
coming up later this month that come from the investigations 
and the training that I got from the NCFI.
    I want to thank you for your time today.
    Oh, one other thing I wanted to say is that I am grateful 
for the training that I received, but my citizens have been the 
major benefactors of that training because I was able to do a 
better job for them.
    The other thing I really liked about NCFI is that they 
didn't just work with law enforcement officers. They also work 
with judges and prosecutors to help them understand about cyber 
crime and what is happening there so they are able to do their 
jobs more efficiently, too.
    I am thankful for the time that you all have given me to 
talk today, and I appreciate the opportunity that I have to say 
something about this.
    [The prepared statement of Mr. Waddle follows:]
                    Prepared Statement of Don Waddle
                             April 7, 2016
    I served as a police officer in both military police and civilian 
police departments for 39 years. The last 25 years were spent with the 
Greenville Police Department in Greenville, Texas. The last 15 years I 
was assigned to the Criminal Investigation Division working Property 
Crimes and Fraud. Fraud often involves the use of computers to 
facilitate the crime. Checks are generated and printed on computers. 
Credit card abuse and identity theft are often committed using the 
internet. I retired from law enforcement on March 31, 2016. During the 
last 10 years I have also been assigned to the North Texas Electronic 
Crimes Task Force with the United States Secret Service in Dallas, 
Texas. In this assignment I have worked side-by-side with special 
agents of the Secret Service and with numerous State and local 
investigators. We are all trained to recover evidence from computers 
and cell phones, and we do these examinations from agencies throughout 
North Texas. These cases involve anything from fraud to narcotics to 
child pornography to murder and capital murder. I have testified in 
trials from possession of child pornography, to enticing a child, to 
murder and capital murder.
    As I look back at my career in law enforcement, I remember going to 
a call for a burglary, throwing some dust around and hoping that the 
perpetrators didn't get guns or the victims checkbook or credit cards. 
As time moved forward computers and cell phones came into being and on 
that same burglary, I now had to hope the perpetrators did not get the 
victims' computer passwords or their cell phones. If that happened 
there was no telling, how much the victim would end up being 
victimized. It was obvious, that for me to provide better service for 
the people of my city, I had to know how to catch the criminals that 
were committing these offenses. Computer crime investigation is not an 
inexpensive pursuit. The monetary cost to the city for training and 
equipment, can be anywhere from $300 dollars a year to tens of 
thousands of dollars a year. We needed help. That is where the U.S. 
Secret Service and Federal Government come in. They helped us help our 
citizens by providing us with training, equipment, and expertise. 
Because of the training I received, I became a more valuable asset to 
my department. I was sought out by other detectives for help with their 
investigations. In major crime I have used the training I have received 
to assist with murder investigations by mapping out locations 
perpetrators used to hide their victims bodies, to helping detectives 
plot computer searches that outlined their case, to intelligence for 
narcotics investigators. I am also called on to assist other local 
agencies with their investigations. They have used the information I 
provided to prepare their cases for prosecution. I am also called on by 
the prosecutors to answer questions regarding computer crime. Had I not 
had this training, I would not have made new contacts that could be 
beneficial for me as well.
    In early 2006, I went to the United States Secret Service, Dallas 
Field Office to drop off a computer for examination. While at the 
office and lab, I spoke with Bob Sheffield who was the head of the 
Electronic Crimes Special Agent Program (ECSAP) and The North Texas 
Electronic Crimes Task Force (N-TEC) at the Dallas Field Office, and 
was telling him how interested I was in learning about forensics. Mr. 
Sheffield plainly stated ``We can do that for you.'' I went to the 
Federal Law Enforcement Training Center in Brunswick Georgia, for 6 
weeks learning about computers and computer forensics. Shortly after 
completing this training the National Computer Forensics Institute 
(NCFI) was opened in Hoover, Alabama. I started to go to the training 
at NCFI, and have been to Advanced Forensics Training (AFT), Mobile 
Device Data Recovery (MDDR) cell phone training, and Mac Forensic 
Training. The NCFI has a solid outline of what is needed for each 
class. They strive hard to provide very qualified instructors, who make 
every effort to give each student all they need to be qualified to do 
their job. The equipment NCFI provides and the equipment used for the 
classes is some of the very best that can be used. Not only is there 
discussion of ways to conduct a forensic investigation but discussion 
also covers court procedure and testifying. I have also been to 
numerous conferences related to electronic crime and have always come 
away with something new. I am not the main benefactor of this training. 
The citizens of Greenville, Texas and Hunt County, Texas, as well as 
the north Texas area reap the benefits of this training with better 
recovery rates for property as well as more perpetrators being taken 
off the streets. NCFI also trains prosecutors and judges in protocols 
and also in evidence.

    Mr. Ratcliffe. Thank you, Detective Waddle.
    I will now recognize myself for an initial round of 
questions for our distinguished panel.
    Let me start with you, Mr. Davis. As you know, prior to 
being elected to Congress, I served on the Advisory Board at 
TEEX, and so I am very familiar with your organization. It is 
the largest homeland security training facility in the world, I 
think some 200,000 folks a year.
    Mr. Davis. Yes, sir. That is exactly correct.
    Mr. Ratcliffe. So it is just a terrific organization, and 
again I am thankful that you are here today.
    So in your capacity there at TEEX, I would be interested in 
your perspective on what are the key challenges with 
cybersecurity training at the local level going forward.
    Mr. Davis. Yes, sir. Thank you. First of all, to your 
comments regarding TEEX, because we are serving and extension 
is part of our mission, I would think that my perspective is 
the awareness issue that training is available that is DHS/
FEMA-funded training, sir. I reeled off some numbers of 32,000 
that we have trained across the United States, but when we look 
at what portion of those numbers come from the State of Texas, 
for example, or if I go to State and local districts, those 
numbers are very, very small.
    So I think the issue is the awareness in accessing that 
training that is available. One of my fellow panel members 
mentioned the need for training, and of course I passed my 
cards out here. But we go to those jurisdictions so they don't 
have to spend any money sending them to us. We do direct-
delivery, face-to-face training.
    So the short answer to your question is awareness and 
accessing--not access, but accessing----
    Mr. Ratcliffe. So as a follow-up, do you know that even 
here in this audience there are a whole bunch of local 
community representatives that could be the beneficiaries of 
that type of cyber training TEEX offers? So how can they get 
it?
    Mr. Davis. Yes, sir. We have on-line training at 
www.teex.org. If you go on our website you will see a section 
on cybersecurity training, and anyone that is in this audience 
can, in fact, access that training on-line.
    Mr. Ratcliffe. So, a follow-up question. Is TEEX right now 
in a position to--or how is TEEX leveraging any relationships 
or partnerships with the Department of Homeland Security at the 
National level?
    Mr. Davis. Yes, sir, we are. I had some details in my 
statement. But first of all, we think it is always important to 
address any issue as a team. I think you used the team sport 
analogy there. There has recently been a reorganization of 
several entities at the DHS level to become more 
operationalized, okay?
    There is a young lady here with me today, Ms. Rebecca Tate. 
When we started doing cyber training back in 2010, we visited 
first with our program manager--back then it was also called 
NCSD, National Cybersecurity Division--and the Infrastructure 
Protection Directorate. We went to them to talk about those 
things we were hearing from State and locals.
    So we met with them on a regular basis to actually find out 
what training needs did they see at the National level, and I 
am proud to say we are on our third course now that is a result 
of that collaboration. We did a recent course in the States of 
Utah and Rhode Island that brings cyber and infrastructure 
protection together, and that is a direct result of our 
collaboration with those folks in DHS.
    Mr. Ratcliffe. Terrific. Thank you.
    Chief Greif, let me turn to you. You bring to us today a 
wealth of professional experience with different public safety 
organizations. I know you are here today as a spokesman for the 
IAFC. So let me ask you, when Congressman Burgess and I and 
others at the National level talk a lot about the importance 
and the need for coordination across critical infrastructure 
sectors to encourage cyber resilience, how are those efforts or 
how do those efforts impact public safety organizations at the 
State and local level like you have been involved with?
    Mr. Greif. For example, we have fusion centers that are 
often funded with Office of Emergency Communications funds. 
Those fusion centers allow all of the common agencies, the 
necessary agencies to mitigate any type of emergency situation, 
to come together with all stakeholders. The more we are coming 
together and sharing some information with one another, that 
would be one example of how that benefits us. At the National 
level, the funding trickles down to the local jurisdictions.
    As I said earlier about the Super Bowl, I had no idea until 
I was put on that committee just what-all goes into a major 
event like that, the planning with all the different agencies 
throughout the 4-county region that came together. We met 
monthly for a year just on my committee, which was 
communications. A big effort was talking about all the 
resources that were available to us, protection as well as 
workarounds, what to do in case of----
    Mr. Ratcliffe. I am glad you mentioned that because as a 
follow-up and in your testimony you talked about it being 
worthwhile to study the effects of cyber attacks on public 
safety organizations. Are you aware of anyone who is putting 
together sort-of a best practices with respect to public safety 
organizations and cybersecurity practices?
    Mr. Greif. One of the efforts that is underway is I chair 
a--I am on the board of directors for a public safety 
communications agency. The DHS has actually sent members a few 
times a year when we meet annually, and there is a panel of 
experts. It is made up of IT personnel, information technology 
people, as well as fire, police, EMS, and they are working on a 
document just like that, that came out at last year's meeting.
    So certainly it is on the forefront of our consciousness. 
We are doing everything we can to piggyback on Mr. Davis' 
comments. It is knowing, understanding what is out there. There 
is some wonderful training available. It is getting personnel 
to understand that the fire and police, especially speaking for 
my brethren, that we understand the necessity for us to get 
involved in the critical questions we need to be asking.
    Mr. Ratcliffe. Terrific. I noticed in your testimony you 
talked about segregating the CAT and the 9-1-1 systems for 
security purposes. Is that common?
    Mr. Greif. I can't say for sure because I have only been a 
part of two jurisdictions, so I don't want to get too specific, 
but I don't believe that it is widely spread. We were very 
cautious where I came from. We wanted to make sure we took all 
reasonable means, even though that added some complexities to 
day-to-day life. The more you secure something, the harder it 
is sometimes to operate it or update it. But we felt it was 
worth the trouble to keep it segregated.
    Mr. Ratcliffe. Terrific. Thank you.
    I do have some additional questions, but I want to yield to 
Congressman Burgess. As I mentioned, I am very grateful that he 
is here today at this subcommittee hearing. He represents the 
26th Congressional District of Texas, which sounds like it is a 
long way away from the 4th District, but it is really next 
door. He represents all of Denton County and most of Tarrant 
County as well. He serves on the House Energy and Commerce 
Committee, and in that capacity he also is the Chairman of the 
Subcommittee on Commerce, Manufacturing, and Trade, and he is 
very steeped in cybersecurity issues. In that role he has been 
a leading voice in Congress on the data breach issues as cyber 
criminals focus on more fraudulent activity that affects more 
Americans and that affects commerce. He has been a leading 
voice with respect to the need for legislation in that area.
    So with that, I want to recognize Congressman Burgess and 
yield him as much time as he may consume to provide some 
remarks on the issue of data breach questions he may have for 
our panel.
    Mr. Burgess. Great. Thank you, Chairman.
    Thank you all for being here. Thank you for allowing me to 
be here.
    Chairman, it is not lost on me that this is a field 
hearing, and I am sure your district is grateful that you are 
doing it and you are here on the campus. Even though we are not 
in the Rayburn Room, Mr. Rayburn, this is his district. So it 
is fitting that we are here.
    I do serve as the Chairman of the Subcommittee on Commerce, 
Manufacturing, and Trade. We are concerned about data breach 
episodes that have occurred and the consequent notification 
that is or should be required for the protection of the 
consumer when these breaches do occur. So while Chairman 
Ratcliffe is Chairman of the subcommittee that deals with the 
.gov side of the world, we deal with the .com side of the 
world. But as I tell people all the time, it doesn't really 
matter. Data security is National security, and if you forget 
that fact, then you are going to be upset at some point, which 
we all found last year at tax filing time and we rather expect 
it may come up again in a couple of weeks when the income taxes 
are filed and people realize that they can no longer file their 
taxes on-line because their accounts have been diverted in the 
past and monies have gone inappropriately.
    The good news is the taxpayer is eventually made whole. It 
does take longer for them to get their refund. The bad news is 
that the Federal Government actually is refunding that money 
twice. It is unlikely they will recover it for the individual 
who is inappropriately reimbursed, and this is no surprise 
because of the behavior of someone who would do that. Sometimes 
they over-estimate the amount of money they are doing that 
reimbursement. So it is kind of like a double-whammy for the 
IRS. I know we got a ton of calls on that last April 15.
    Mr. Wilson, I rather suspect that--a lot of our calls 
started to come from some of our local police agencies when our 
neighbors called the police department and said, oh my gosh, 
our taxes have been hacked and I have been robbed. They said, 
well, let's call your Congressman and he will fix it.
    [Laughter.]
    Mr. Burgess. True, but it took some time, and it was very 
uncomfortable all around.
    I really got interested in the data breach notification. 
All of us are consumers, and we hear the big stories about the 
big breaches, and then the data is taken. It is data that is at 
risk somewhere and you don't really know what anyone is doing 
with it. But from the consumer's perspective, when do we need 
to be notified? It almost seems like we have breach fatigue 
because we hear so much about breaches. I am not going to worry 
about it anymore because I just can't worry about all of these 
things that I am hearing.
    So we really did try to set the parameters around a 
National data security standard and for when that breach 
notification threshold should be triggered, and if law 
enforcement says we need more time, that they be given more 
time. But if law enforcement's time frame is okay, then the 
person who was holding the data that has subsequently been 
breached, that they have a certain time frame in which they 
must notify the individual. Right now, the bill has passed 
through the subcommittee, our subcommittee and our full 
committee, and it is awaiting floor activity right now. That 
time frame is set at 30 days.
    In setting a National security standard, it is your duty to 
tread carefully because there are 51 State jurisdictions, if 
you include the District of Columbia, more if you include the 
territories, who may already have their own ideas about what 
these data security standards are, and I am sensitive to that. 
The Commerce Clause is sometimes over-used and over-interpreted 
by the Federal Government.
    But this is one of those times when I try to envision the 
Founding Fathers sitting down and writing those Article I 
conventions: What are the powers of the Congress? The 
regulation of interstate commerce, the trade between the Indian 
tribes--well, okay, they were 100 years before the telegraph, 
150 years before the telephone, 250 years before the internet, 
but they were probably thinking of e-commerce when they wrote 
the Commerce Clause into the Constitution because e-commerce, 
by definition, needs to flow seamlessly across the borders of 
those States, and the Commerce Clause was absolutely necessary 
for e-commerce to exist. We want to be sensitive to that.
    To the extent that a National standard is set, States do 
need to have a big say in what that floor is that is going to 
be established, and the State attorneys general. The provision 
that passed through the committee, the full committee, was that 
the Federal Trade Commission would use existing enforcement 
authority. We did not want to create a new enforcement 
authority because we already have enough Federal agencies. But 
the Federal Trade Commission, using its existing authority on 
deceptive and unfair trade practices, would exercise that 
authority. But the attorneys general of the several States 
would be able to bring their own cases under those FTC 
provisions if the FTC was not moving fast enough, which will 
occur from time to time.
    That bill has passed through the subcommittee. It is 
awaiting floor activity.
    I wake up every morning kind-of living in fear of, when is 
the next shoe going to drop on this? You hear about a big 
company, and they have been hacked, and they took all these 
records, and they are sitting somewhere, and nothing is really 
happening with that. When is the other shoe going to drop on 
all of those people who were exposed in that breach?
    The other thing that we really have just begun to scratch 
the surface of in our subcommittee, and I know Chairman 
Ratcliffe will work on it in his subcommittee, is it is 
terribly frightening to me as a physician to think about the 
denial-of-service activity that has been hitting some health 
care organizations. To think of having a fragile medical 
patient in the ICU, and you walk in in the morning and you say 
may I see the chart of the overnight vital signs of my patient, 
and they say I am sorry, sir, it has been encrypted, and we 
don't have the key. I mean, what a dreadful situation to find 
oneself in.
    Mr. Wilson, I think you mentioned it in your testimony, 
about coming up with, how do you set the deterrence on some of 
these activities?
    Mr. Chairman, I would just say I think in the case of 
ransomware applied to a health care organization, the 
deterrence ought to be, ``You will be shot at sunrise,'' and 
perhaps that will do it, because this is a life-or-death 
situation with these patients where their medical records have 
been encrypted by a criminal.
    But again, very useful panel for me. We do an emergency 
preparedness summit in my district usually in April of every 
year. I will be doing one in a couple of weeks. We live here in 
an area where severe weather can happen in the month of April. 
It can happen any month, as we learned this year, but April is 
when we are most at risk for that. So I am very interested in 
some of the things I learned this morning about--you protect 
your systems. You conflate a denial-of-service activity with a 
Super Bowl, and that is a big deal. You know the criminal mind 
is just ever--things spring from it all the time, and you just 
can't help but wonder what criminals might be thinking about.
    But let me just start with you, Mr. Davis, and your 
training. You mentioned you have some on-line instruction 
courses----
    Mr. Davis. Yes, sir.
    Mr. Burgess [continuing]. That are available?
    Mr. Davis. Yes, sir.
    Mr. Burgess. Would you tell me just a little bit more about 
this? Can average citizens access those, or is that something 
that is perhaps reserved for the chiefs personnel in part of 
their professional training?
    Mr. Davis. The average citizen, Congressman, can access 
those, and it is good basic information. I will give a personal 
example, and I hope my wife doesn't get to see this----
    Mr. Burgess. It is just between us.
    Mr. Davis. Just between us boys here, right? Okay.
    I got an email from a friend that said, hey, be careful. 
This is a colleague at work, and I forwarded it to my wife. As 
I was forwarding it, she was calling me or texting me to tell 
me that, hey, I just got some information, re-verify my account 
number, my password, my this, that, and the other. She was 
doing a couple, 3 things. These shows that come on at 11 
o'clock, these people, okay? She had given them all her 
information. I said, my gosh, did you read the email I sent? 
She didn't.
    So when we talk about those things, when we talk about the 
on-line courses, the general users, which talks about really 
those things you need to be aware of, okay? Even now, even I am 
more sensitized. Even when I get busy and I am looking at an 
email, if I don't recognize somebody, I get more emails from 
auctioneers, go pick up your money at the bank, we need your 
account because we want to deposit something, and I go delete, 
delete, delete.
    So to answer your question, sir, they are available on-line 
at www.teex.org, and the average citizen can access those 
courses, and I recommend that they take them.
    Also, last, let me say there are 3 States right now, 
Arkansas, Louisiana, and Wyoming, and also a college, Fresno 
Pacific University, where they are requiring their workers to 
take our on-line courses.
    Mr. Burgess. So part of my question, then, is do you 
provide some credential for the person who has satisfactorily 
completed the----
    Mr. Davis. Yes, sir. They get a certificate for completing 
an on-line course, and I think more importantly than the 
certificate, they gain some knowledge that they can spread 
around geometrically about how to protect their own 
information.
    Mr. Burgess. Seems like it would be a useful thing for a 
homeowner's insurance policy. You know, sometimes we will give 
a break to someone who takes a defensive driving course.
    Mr. Davis. Yes, sir.
    Mr. Burgess. On their automobile insurance. This might be 
one of those places where the insurance company might want to 
be proactive, and I am glad that you are providing the service.
    Mr. Davis. Yes, sir.
    Mr. Burgess. Is there a charge?
    Mr. Davis. There is no charge, sir, but I think you have 
just given us an idea to really reach out to insurance 
companies and say, hey, here is an idea here, because you are 
right, I have done that to get that discount. Dad doesn't teach 
me to drive. I pay somebody----
    Mr. Burgess. Very wise.
    Chief, let me just ask you, in your previous role when you 
were at the City of Fort Worth--of course, I don't want to get 
parochial here. Forgive me, Chairman, but we have a Super Bowl 
twice a year in Fort Worth called the Texas Motor Speedway, and 
that will be happening this month. The Commander 500 I think is 
the name of the race. Do you have as many people come to the 
Texas Motor Speedway as come to a Super Bowl?
    Mr. Greif. Yes.
    Mr. Burgess. So even though the Super Bowl is unique, you 
have these large, widely-attended events that happen in the 
city of Fort Worth. I assume there has been kind of a learning 
curve with that, but it gets back to the question that Chairman 
Ratcliffe asked. How do you share that best practices 
information from managing those large, widely-attended events 
with other jurisdictions?
    Mr. Greif. I am certain it is still going on. I am actually 
glad I won't have to be part of that planning committee. We 
used to tease the Arlington folks about we do Super Bowls twice 
a year, as you alluded to. It starts months in advance, holding 
meetings. You hold these meetings so often, you start building 
personal relationships where you get to know Captain Webster 
from Texas Department of Public Safety. I met more people 
throughout the Denton region.
    We came together and started about 3 or 4 months in advance 
of each race, and you just literally shared as much information 
as possible across lines with one another. As I said, it is so 
important to prepare for a cyber attack and prevent it, and you 
have to have preparations, which I won't go into details about, 
but what do you do when one actually occurs? You need to have 
back-up.
    Those types of meetings are a mini-fusion center when it 
really comes together and we sit there and spitball and come up 
with ways to mitigate. So it is just a series of meetings, sir.
    Mr. Burgess. Let me just ask you a question. We do have 
some students in the audience, and you referenced the UASI 
program. The former mayor of Mont Creek taught me a number of 
new words, and UASI was one of them. I thought it was a 
pejorative term when he first used it because when those 
initial grants came out, if I recall correctly, as the 
Department of Homeland Security was being organized, the UASI 
grants were administered regionally. They were delivered to 
Dallas and expected to be shared with Fort Worth, and I just 
remember the mayor having some issues with that.
    But for the students here, could you kind-of go through 
what the UASI program is?
    Mr. Greif. Well, a Federal program that provides funding 
for fire and police in other jurisdictions as well, but 
obviously those are the ones I am most concerned about, and 
many things get funded out of that, like training 
opportunities. We can hold anything from hazardous materials 
classes, where that funding not only was paying for our 
personnel to go get the needed training, but it was paying for 
the backfield because you still had to have troops driving 
trucks to keep the city safe, to hardened equipment. It is 
amazing.
    Again, some of the stuff is somewhat--I won't talk about 
necessarily some of the equipment that was purchased to protect 
the community, but a major expense in equipment was purchased 
for the protection of many different types of terroristic 
activities, and that equipment was in place in cities all 
across central Texas because of UASI.
    Mr. Burgess. Chairman, I will yield back to you, and if 
possible I will do a second round as well.
    Mr. Ratcliffe. Perfect. I thank the gentleman.
    Detective Wilson, I want to take advantage of the fact that 
you are here on behalf of the Dallas Police Department, 
obviously one of the largest, most visible police departments 
in the United States. I am just curious if you can offer 
perspective on what the daily cyber threat looks like at the 
Dallas Police Department.
    You talked about in your testimony reliance on computer 
networks for operational and for investigative functions, so I 
assume that you have to take that into account in terms of the 
daily threats that are coming into the Dallas Police 
Department, and also take that into account in how you are 
training your personnel to deal with those threats.
    Mr. Wilson. Well, as you said, the Dallas Police Department 
is the ninth-largest police department in the country, the 
second largest in the State. So we act as a nexus for a lot of 
information sharing, as well as collection. Daily, we get 
notifications from agencies asking for information to support 
an investigation or some type of threat that they have 
uncovered, to give them the guidance or put them in the right 
direction, who is the expert who can go in and help them.
    Unfortunately, the Dallas center does not have a technical 
expert within the center that deals with cybersecurity, but as 
part of the approach to dealing with a wide varieties of crimes 
that we deal with, we have a partnership with our Federal 
agencies, and we have an expert within the Dallas Police 
Department who actually works with a task force and the FBI. We 
also have a couple of officers that deal with computers, and 
they have been doing it for years and years. We find that as 
they continue to perform these functions and people know the 
capabilities that we have, we are increasingly tasked with 
trying to assist other agencies.
    As a fusion center director, I see most of the emails that 
come into our center on a daily basis, so my email averages 
approximately 200 to 300 per day coming in from Federal 
partners, State partners, local partners, and from other States 
as well, trying to reach out to you, to take advantage of the 
network.
    As we look forward to increasing our ability to address the 
cyber threats, we basically have 2 problems. One is stop the 
cyber threat in itself, and No. 2 is how do you pursue the 
cyber threat actor, the person who actually committed it, and 
to what extent do we go to prosecute? That definitely leans 
toward our Federal partners. That is their jurisdictional area. 
They have the resources and the expertise oftentimes that we do 
not have, and they are always looking to try to assist us in 
these types of situations.
    Mr. Ratcliffe. Terrific. Thank you, Lieutenant.
    Detective, I actually had a bunch of questions for you, but 
your testimony was so thorough that you pretty much covered it. 
I wanted to ask you about your experience with the Electronic 
Crimes Task Force and, of course, the NCFI, National Computer 
Forensics Institute, which my bill would authorize into law. I 
really appreciated your testimony. You spoke eloquently of how 
it benefitted you with respect to your career, but also 
benefitted the folks that you serve as a detective in 
Greenville. I just think that, more than anything else, it is a 
great message, and I hope that as you go into retirement that 
you will still continue to be a great ambassador because I 
think that is what you are, an ambassador for how State, local, 
and Federal partnerships, particularly as they pertain to 
National security issues and cybersecurity as a National 
security issue, how they are supposed to work.
    We all know that 9/11 was a communication failure in many 
respects, and we have worked hard in trying to eliminate that, 
and with respect to the threats in cyber space and 
cybersecurity, we want to avoid a cyber 9/11, if you will. So 
some of the programs that you have been a part of, some of the 
partnerships that you have been a part of have prevented that 
up to this point in time and, I think, can in the future.
    So again, I just appreciate you being here today, your 
testimony, and what you stand for in that respect.
    I am just going to close with a question for anyone that 
wants to take it, or all of you that want to take it. We asked 
the question about what are the key challenges, and from your 
testimony many of you talked about the financial side of things 
and, obviously, fundamentally the role that Congressman Burgess 
and I and others in Washington can play with respect to that 
and how that affects workforce issues.
    But are there authority issues out there that we can help 
you with in Washington? In other words, are there things from 
an authority perspective that we should be legislating on in 
this space that you think need to be addressed? Anyone.
    Mr. Wilson. I would say that the proper authority for 
investigating cyber crimes is the way that you can get the most 
impact, obviously, achieve a conviction. I would love the 
Federal system to stay for the day instead of 1 day or 3 days. 
So oftentimes, when we can't get the impact to take that 
offender off the streets in a time that we consider to be 
reasonable, we turn to our Federal partners. They have a much 
wider reach, a little bit bigger handle to hit them with it. 
They are most gracious and most times if they can do so, they 
will. They have expanded powers. I believe that through 
legislation you will find it will be even a stronger growing 
trend from a local perspective to turn around and say rather 
than a State trial, let them go and see what they can do to 
stop that behavior. That would be my perspective.
    Mr. Waddle. I kind-of go along the same lines. We see so 
many repeat offenders that go off and that use our State prison 
systems as education. I think that we have to be stiffer in our 
punishments with these offenders because of the amount of 
damage they do monetarily and even physically. So maybe some 
stiffer enforcement.
    Mr. Ratcliffe. Thank you.
    I again recognize my colleague for any additional questions 
he may have.
    Mr. Burgess. Thank you, Chairman.
    Detective, you did an excellent job of detailing how you 
had received the training and being able to provide protection 
for the people of your jurisdiction. We live under the tyranny 
of the Congressional Budget Office where we work, and 
everything is looked at as a cost. But as I listened to you 
provide your testimony, it also occurred to me that there was 
value brought back to your department, to Greenville, value 
back to the community, and sometimes it is very difficult to 
dissect out. When we look at something on a sheet of paper, on 
a spreadsheet, it is just a cost, and we deal with this in 
health care all the time, and it drives me nuts. But there is 
really no way to offset the cost with the value that you 
brought back to your community.
    Just as we conclude the hearing today, if there are 
thoughts that you have on that that you would like to share 
with us about how to better tease out that value figure, 
whether there is a fraction or a multiplier that could be 
applied. Perhaps in your experience you have encountered either 
some examples or even a formulaic approach, this much was 
invested in the activity that I undertook, but this much was 
delivered back to the community.
    Mr. Waddle. The one thing that I failed to mention in my 
testimony was that not only do I cover Greenville, but I also 
assist the local agencies in Hunt County. Privately in our 
office I did that, but also at the Electronic Crimes Task 
Force, we covered most of North Texas. So we assisted agencies 
from Denton, from Steubenville, from Tyler, Lindale, that area, 
all the way out to Texarkana. So the training that I received 
has been able to help me help those people.
    There is a cost, and I understand that. Again, I don't 
question that. We had the same problem in the city, the city 
manager saying, well, you don't need to spend that. I 
understand that. But when we can benefit, and in my case, with 
the experience that I have, when we can benefit our own 
citizens and those around us, and they know that they have 
somebody that they can contact to get answers, I think that the 
money spent is spent well because it benefits so many people in 
getting answers to their questions and assistance in their 
investigations.
    Mr. Burgess. Intangible, difficult to calculate for a 
return on investment, but it definitely exists, doesn't it?
    Mr. Waddle. Exactly.
    Mr. Burgess. Thank you, Mr. Chairman. I will yield back.
    Mr. Ratcliffe. I thank the gentleman.
    I thank all the witnesses that have been here today for 
your valuable testimony.
    Again, I thank Congressman Burgess for being here and 
bringing his insights into this important topic.
    Other Members of this committee that aren't here today may 
have some additional questions for our witnesses. So if that 
happens, we will ask you to respond to those in writing.
    Pursuant to Committee Rule 7(e), the hearing record from 
today will be held open for 10 days for Member statements and 
for follow-up questions.
    In closing, let me just again say thank you to everyone 
that is here today, that has participated in putting this 
together, and thanks to everyone in Grayson County for letting 
me bring the Washington road show here to my home district.
    With that, without objection, this subcommittee stands 
adjourned.
    [Whereupon, at 12:22 p.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

       Questions From Chairman John Ratcliffe for Alphonse Davis
    Question 1. Are State and local governments ever the target of 
nation states, hacktivists, or criminals and are they aware of and 
taking advantage of the protections that DHS offers through its 
Enhanced Cybersecurity Services program?
    Answer. State and local governments are targets currently under 
attack with unstructured, structured, and highly-structured attacks. 
These attacks range from the unstructured ``script kiddies'' looking 
for low-hanging fruit to the less-frequent, highly-structured attack 
from nation states looking to gather information. We are also aware of 
motivated actors from foreign organized crime organizations utilizing 
ransomware in our country, even at the local Government level--a trend 
that seems to be growing.
    Our experiences and relationships across the country indicate that 
the DHS-supported NIST Cybersecurity Framework is gaining recognition 
and respect within local and State communities, as well as with small, 
medium, and large businesses. However, widespread awareness and 
adoption of the DHS Enhanced Cybersecurity Services (ECS) is in the 
very early stages. ECS needs more exposure in order to educate local 
and State governments on its availability and capabilities, with 
additional information on how to request the services.
    Question 2a. How does TEEX decide what cyber-related training 
courses to offer? How are those courses evaluated?
    Answer. For the development or continuation of any cyber-related 
training courses, we conduct a needs analysis to examine gaps in 
operational knowledge and capabilities, gathering data from National 
surveys, utilizing publicly-available data on training needs (from 
reports such as the 2015 National Preparedness Report), and 
interviewing State and local contacts regarding their needs. As part of 
that needs analysis, we evaluate the scope and priority of the need, 
the audience, the method of training delivery, and the availability of 
duplicate or similar training.
    In some instances, the development of a new course is initiated by 
Federal partners. Most recently, the ``Physical and Cyber Security for 
Critical Infrastructure'' course was developed through a collaboration 
between DHS Cybersecurity and Communications and the DHS Office of 
Infrastructure Protection. They recognized the need for a better 
understanding of the interdependency between physical and cybersecurity 
at the local level as well as the need for communities to 
collaboratively formulate enterprise risk management strategies, 
enhancing infrastructure security and resilience efforts. The DHS 
departments worked with TEEX to develop the course that meets that 
need.
    During the recent revision of a course on ``Community Preparedness 
for Cyber Incidents,'' we examined the gap identified between Emergency 
Management and Information Technology. We conducted interviews with 
people in these disciplines to identify what they need to learn to be 
better-prepared for the ever-increasing and ever-evolving threat of a 
significant cyber incident. We are in constant communication with State 
and local governments, and they often describe what they are seeing in 
their communities and ask how we can assist.
    Question 2b. Are they assessed or updated regularly, due to the 
changing cyber landscape?
    Answer. Our courses undergo a needs analysis and recertification 
every 3 years in order to remain relevant and current. In addition, our 
courses are continually evaluated through participant feedback to 
identify improvements and updates prior to a schedule update.
    Our program staff (instructors, curriculum developers, managers) 
dedicates a significant amount of time each week researching and 
learning about the latest trends and threats in the cybersecurity 
landscape. This information is used to update course content and for 
use as updated examples in course deliveries. We also keep in close 
touch with our DHS partners and add information to our courses about 
new DHS resources and assistance available as we learn it.
          Questions From Chairman John Ratcliffe for Sam Greif
    Question 1a. How important is coordination across critical 
infrastructure sectors for encouraging cyber resilience?
    Question 1b. How do these efforts impact public safety 
organizations and State and local entities?
    Answer. As you can imagine, it is vitally important that critical 
infrastructure sectors share information about potential threats. Local 
fire and emergency medical service departments need to be warned of 
potential cyber threats, so that they can take the appropriate 
protective action. For example, while there have been well-publicized 
stories in the media about hospitals having to deal with the effects of 
ransomware incidents, local fire departments also have had to deal with 
these problems. In January, the city of Snoqualmie, Washington, paid a 
ransom of $750 to hackers that took control of a computer at the Duvall 
Fire District.
    I receive notices of possible threats from the local Plano police 
department, the council of governments, and the Homeland Security 
Information Network, among other resources. This information, and the 
lessons learned from cyber attacks, is key to preventing or mitigating 
these threats. It is important to recognize that the ease of 
implementing a cyber attack may encourage a lone-wolf terrorist or 
criminal, who otherwise would not want to risk personal injury in a 
kinetic assault on a fire or police station. So we may see an increase 
in these threats in the future. Again, thank you for the opportunity to 
participate in the discussion on this important topic. The threat of 
cybersecurity only continues to increase. The Nation's fire and 
emergency service must be prepared for it.
      Questions From Chairman John Ratcliffe for Richard F. Wilson
    Question 1. Are State and local governments ever the target of 
nation states, hacktivists, or criminals and are they aware of and 
taking advantage of the protections that DHS offers through its 
Enhanced Cybersecurity Services program?
    Answer. The city of Dallas has in the past, and with daily 
incidents, been subjected to, and been the subject of adversarial 
attacks by foreign powers, foreign extra-territorial actors, National 
and local hacktivists, criminals and unclassifiable agents.
    The city, in addition to local defensive capabilities, also 
utilizes the services and cyber-intelligence capabilities provided by 
Department of Homeland Security, DHS, and other National (private and 
public) capabilities.
    Question 2a. How important is coordination across critical 
infrastructure sectors for encouraging cyber resilience?
    Question 2b. How do these efforts impact public safety 
organizations and State and local entities?
    Answer. It is extremely important and a necessity to have a 
structured, systemic coordination, incident response collaboration, 
monitoring, quality capabilities and management between the SLTT and 
central government.
    The impacts these types of activities provide to public safety 
organizations, and State and local entities are more structured 
protective strategies, more pro-active incident alerting, and responses 
that leads to faster incident identification and management. This in 
turn ensures that outcomes of these incidents are managed effectively 
and timely, thereby ensuring that the adverse potential outcomes of 
these incidents, do not overburden the local resources and 
capabilities.
         Questions From Chairman John Ratcliffe for Don Waddle
    Question 1. How was your work with the Electronic Crimes Task Force 
(ECTF) valuable to your career as a detective?
    Answer. In my police department, while working as a detective, I 
worked property crimes, which covers theft, criminal mischief, stolen 
cars, and fraud. Prior to being assigned to the North Texas Electronic 
Crimes Task Force, there was only a few ways for me to go at fraud. 
This would be what I read in books or by getting guidance form our 
prosecutors. After getting on the task force I learned more by being 
involved in investigations with other agencies and with helping Federal 
authorities with their investigations. I was able to share my knowledge 
with other members of law enforcement and was also able to build up my 
knowledge in investigating fraud. I was also able, because fraud 
oftentimes involves computers and cell phones, to learn about computer 
and cell phone forensics. By being assigned to the task force I learned 
more about the crimes I was investigating, and was able to use that 
knowledge to prepare better cases for prosecution, and to bring answers 
to my victims of crime.
    Question 2. How did your work with ECTF differ from or support your 
work as a detective in Greenville?
    Answer. I do not believe my work with the task force differed from 
my work as a detective in Greenville. My job is to investigate crime 
and I did that in both places. I built a strong network of other 
investigators that could help me if I had a question, or I could help 
if they had a question. When I think of supporting my work as a 
detective in Greenville, I would probably never have been able to 
conduct the investigations I conducted without the equipment and 
training I received as a task force member. One case in particular was 
a defendant who stated he talked to another person very infrequently, 
but when I examined both phones I was able to determine that they had 
numerous conversations all the time. This was done using equipment and 
training I received while assigned to the task force. I also had 
Federal partners that could come in and help me with my investigations, 
and if need be, could assist me in preparing for a Federal prosecution 
of the case.
    I hope that my answers to your questions provide enough information 
for you to make important decisions related to Cybersecurity, 
Infrastructure Protection, and Security Technologies.
    I want to stress that I am extremely grateful for having been on 
the North Texas Electronic Crimes Task Force and the training and 
equipment that I received. The city of Greenville and all of Hunt 
County, Texas, benefitted from my association with the Electronic 
Crimes Task Force.

                                 [all]