b"<html>\n<title> - CYBER PREPAREDNESS AND RESPONSE AT THE LOCAL LEVEL</title>\n<body><pre>[House Hearing, 114 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n\n\n\n\n\n\n\n           CYBER PREPAREDNESS AND RESPONSE AT THE LOCAL LEVEL\n\n=======================================================================\n\n                             FIELD HEARING\n\n                               before the\n\n                            SUBCOMMITTEE ON\n                     CYBERSECURITY, INFRASTRUCTURE\n                        PROTECTION, AND SECURITY\n                              TECHNOLOGIES\n\n                                 of the\n\n                     COMMITTEE ON HOMELAND SECURITY\n                        HOUSE OF REPRESENTATIVES\n\n                    ONE HUNDRED FOURTEENTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                             APRIL 7, 2016\n\n                               __________\n\n                           Serial No. 114-62\n\n                               __________\n\n       Printed for the use of the Committee on Homeland Security\n                                     \n\n\n\n[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]\n\n\n                                     \n\n      Available via the World Wide Web: http://www.gpo.gov/fdsys/\n                            __________\n                            \n\n                         U.S. GOVERNMENT PUBLISHING OFFICE \n\n22-755 PDF                     WASHINGTON : 2016 \n-----------------------------------------------------------------------\n  For sale by the Superintendent of Documents, U.S. Government Publishing \n  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; \n         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, \n                          Washington, DC 20402-0001                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n                            \n\n                     COMMITTEE ON HOMELAND SECURITY\n\n                   Michael T. McCaul, Texas, Chairman\nLamar Smith, Texas                   Bennie G. Thompson, Mississippi\nPeter T. King, New York              Loretta Sanchez, California\nMike Rogers, Alabama                 Sheila Jackson Lee, Texas\nCandice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island\n    Chair                            Brian Higgins, New York\nJeff Duncan, South Carolina          Cedric L. Richmond, Louisiana\nTom Marino, Pennsylvania             William R. Keating, Massachusetts\nLou Barletta, Pennsylvania           Donald M. Payne, Jr., New Jersey\nScott Perry, Pennsylvania            Filemon Vela, Texas\nCurt Clawson, Florida                Bonnie Watson Coleman, New Jersey\nJohn Katko, New York                 Kathleen M. Rice, New York\nWill Hurd, Texas                     Norma J. Torres, California\nEarl L. ``Buddy'' Carter, Georgia\nMark Walker, North Carolina\nBarry Loudermilk, Georgia\nMartha McSally, Arizona\nJohn Ratcliffe, Texas\nDaniel M. Donovan, Jr., New York\n                   Brendan P. Shields, Staff Director\n                    Joan V. O'Hara,  General Counsel\n                    Michael S. Twinchek, Chief Clerk\n                I. Lanier Avant, Minority Staff Director\n                                 ------                                \n\nSUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY \n                              TECHNOLOGIES\n\n                    John Ratcliffe, Texas, Chairman\nPeter T. King, New York              Cedric L. Richmond, Louisiana\nTom Marino, Pennsylvania             Loretta Sanchez, California\nScott Perry, Pennsylvania            Sheila Jackson Lee, Texas\nCurt Clawson, Florida                James R. Langevin, Rhode Island\nDaniel M. Donovan, Jr., New York     Bennie G. Thompson, Mississippi \nMichael T. McCaul, Texas (ex             (ex officio)\n    officio)\n               Brett DeWitt, Subcommittee Staff Director\n                   John Dickhaus, Subcommittee Clerk\n       Christopher Schepis, Minority Subcommittee Staff Director\n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n       \n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\n\n                               Statement\n\nThe Honorable John Ratcliffe, a Representative in Congress From \n  the State of Texas, and Chairman, Subcommittee on \n  Cybersecurity, Infrastructure Protection, and Security \n  Technologies...................................................     1\n\n                               Witnesses\n\nMr. Alphonse Davis, Deputy Director/Chief Operations Officer, \n  Texas A&M Engineering Extension Service:\n  Oral Statement.................................................     4\n  Prepared Statement.............................................     6\nMr. Sam Greif, Chief, Plano Fire-Rescue Department, Plano, Texas:\n  Oral Statement.................................................     7\n  Prepared Statement.............................................     9\nMr. Richard F. Wilson, Lieutenant, Dallas Police Department, \n  Dallas, Texas:\n  Oral Statement.................................................    11\n  Prepared Statement.............................................    14\nMr. Don Waddle, Detective (Ret.), Greenville Police Department, \n  Greenville, Texas:\n  Oral Statement.................................................    15\n  Prepared Statement.............................................    17\n\n                                Appendix\n\nQuestions From Chairman John Ratcliffe for Alphonse Davis........    29\nQuestions From Chairman John Ratcliffe for Sam Greif.............    30\nQuestions From Chairman John Ratcliffe for Richard F. Wilson.....    30\nQuestions From Chairman John Ratcliffe for Don Waddle............    30\n \n           CYBER PREPAREDNESS AND RESPONSE AT THE LOCAL LEVEL\n\n                              ----------                              \n\n\n                        Thursday, April 7, 2016\n\n             U.S. House of Representatives,\n                    Committee on Homeland Security,\n Subcommittee on Cybersecurity, Infrastructure Protection, \n                                 and Security Technologies,\n                                                       Sherman, TX.\n    The subcommittee met, pursuant to call, at 11:09 a.m., in \nthe Mabee Foundation Banquet Room, Wright Campus Center, Austin \nCollege, 1301 East Brockett, Sherman, Texas, Hon. John \nRatcliffe [Chairman of the subcommittee] presiding.\n    Present: Representative Ratcliffe.\n    Also present: Representative Burgess.\n    Mr. Ratcliffe. Good morning. The Committee on Homeland \nSecurity, Subcommittee on Cybersecurity, Infrastructure \nProtection, and Security Technologies will come to order.\n    The subcommittee is meeting today to learn how State and \nlocal officials prepare for, respond to, and investigate cyber \nincidents, and to learn about different cyber training \nopportunities for State and local officials to bolster our \ncyber preparedness and response.\n    I appreciate the effort taken by everyone that is involved \nhere to put together an important field hearing. I would like \nto start by thanking our friends here at Austin College for \nletting us hold this hearing today here at the Mabee Hall.\n    This is an official Congressional hearing, as opposed to a \ntown hall meeting, and, as such, there are certain rules of the \nCommittee on Homeland Security and the House of Representatives \nthat we have to abide by. So for our guests here today, we \ncan't have demonstrations from the audience, including \napplause, verbal outbursts, the use of signs or placards. All \nthose things, as fun as they may sound, are a violation of the \nrules of the House of Representatives. It is important that we \ndo respect the decorum and rules of the committee, and I have \nalso been requested to say that photography and cameras are \nlimited to accredited press only and can't be used for campaign \nor political purposes.\n    As Americans become more aware every single day as they \nturn on their computers and their televisions, cyber threats \nare exponentially increasing. They come from criminal \norganizations, nation states like China, Russia, and Iran, and \neven terrorist groups like ISIS. These attackers don't only \ntarget Federal networks, big banks, and National retail chains. \nThey also hit towns and families and local businesses. So there \nis a great need to address cybersecurity at the State and local \nlevel.\n    From emergency response centers, Department of Motor \nVehicle offices, to courthouses and our critical \ninfrastructure, the exploitable vulnerabilities and possible \nconsequences for public safety are alarming. On the law \nenforcement side, FBI Director Jim Comey recently testified \nthat an element of virtually every National security threat and \ncrime problem that the FBI faces is cyber-based or facilitated. \nIt is incredible that Federal law enforcement is seeing a cyber \nelement to almost every single crime.\n    Because society is increasingly connected, we can be \ncertain that our State and local law enforcement are seeing the \nsame trend, arguably with even fewer tools to address it. It no \nlonger takes a sophisticated cyber criminal to compromise \nsensitive information from companies and from everyday \nAmericans, and law enforcement is seeing a cyber element to \nalmost every crime. It is vital that State and local law \nenforcement, the prosecutors and judges all be properly trained \nto respond to cyber crime and to protect the American people.\n    We have recently seen a flurry of ransomware attacks \nagainst hospitals, including at least one located here in the \n4th Congressional District of Texas, where patients' personal \nmedical data is encrypted and held hostage until the hospital \npays a ransom to get it back. As reports indicate, cyber \nattacks against emergency workers are spiking and will continue \nto rise.\n    We all recognize that interconnectivity and automation \nincrease convenience and improve responses. Emergency services \nare just one area where automation and interconnectivity \nprovide clear benefits to us all. But while these technologies \nincrease efficiency and cut costs, they do present new risks \nthat, if exploited, could bring vital emergency services and \nour critical infrastructure to a halt.\n    Regardless of the magnitude of a natural or man-made \ndisaster, first responders--firemen, police, paramedics, and \nNational Guardsmen--are the ones, the first ones that are on \nthe scene. Their ability to communicate and to execute key \ncommand-and-control responsibilities during an incident often \ndepends entirely on internet-enabled technologies.\n    As we examine cyber preparedness and response at the State \nand local level, I am pleased that we are joined by a number of \ndistinguished witnesses this morning who are at the tip of the \nspear in this effort. I look forward to hearing about how they \nare preparing for, responding to, and mitigating and \ninvestigating the threats that we face right now in cyber \nspace.\n    I am also pleased that this hearing is taking place not in \nthe halls of Congress today but right here in the 4th \nCongressional District of Texas, the first-ever Congressional \nhearing here in Grayson County. The police, prosecutors, \njudges, paramedics, and firefighters, they all need the \nappropriate tools and training to respond to the increasing \nthreats that we face, and to make sure that they are fully \nequipped, we need to hear directly from them. The best \nsolutions, believe it or not, don't usually come from \nWashington, DC. People often hear me say that governing is a \nteam sport, and I think that today's hearing and the location \nof today's hearing hopefully reinforces that fact.\n    As Chairman of this subcommittee, I have been closely \nexamining these challenges. I will continue to lead efforts in \nCongress to strengthen our Nation's cyber defenses and provide \nfor the common defense against these National security threats.\n    Last fall, I authored and moved legislation to strengthen \nState and local cyber crime-fighting efforts. Specifically, the \nlegislation would support the National Computer Forensics \nInstitute, or NCFI, which is run by the United States Secret \nService, and provides greatly-needed cyberforensics training to \nState and local law enforcement across the country, including \nthose right here in Texas' 4th District. In fact, we are \npleased today that one of our witnesses, former Greenville \nDetective Don Waddle, was trained at the NCFI.\n    Today I hope this subcommittee will learn more about how \nfirst responders here in Texas are being trained to address \ncyber incidents, how first responders are preparing for and \nresponding to cyber incidents, and how local law enforcement \nofficials are being trained in computer forensics.\n    This hearing will provide needed background to further \nreinforce the subcommittee's efforts regarding cyber training \nand workforce needs at the State and local level. Cybersecurity \nis a shared responsibility, including all levels of government \nand the private sector.\n    While much has been done to improve our Nation's \ncybersecurity, there are a number of challenges that remain. I \nlook forward to hearing from our witnesses today as we consider \nways to address those challenges.\n    My good friend, Mr. Burgess of Texas, is here today, and I \nask unanimous consent for him to be permitted to sit and \nparticipate in today's hearing.\n    Without objection, so ordered.\n    Other committee Members are reminded that opening \nstatements may be submitted for the record.\n    Before I introduce the distinguished panel of witnesses \nbefore us on this important topic today, again I would like to \nthank a number of folks that are here.\n    I mentioned Austin College President Hass, for always being \na hospitable host to us.\n    We have a number of law enforcement folks that are here \ntoday that are not testifying.\n    Lieutenant McGreevy from Sherman Police Department.\n    From Denison Police Department we have Assistant Chief Joe \nClapp, Assistant Chief Don Maury, Paris Fire Chief Larry \nWright, and Assistant Chief Thomas McGonagall.\n    Constable Bob Douglas from Grayson County; Commissioner \nJeff Whitmeyer from Grayson County; Dan Sharp from the Denison \nIT department; Tom Watt, a Grayson County sheriff-elect.\n    We have Rita Knowles, justice of the peace, who is here, \nTammy Johnson from the Sherman City Council, Kevin Couch from \nthe Sherman City Council, Reggie Smith, esteemed local \nactivist.\n    We have assistant chief of the Sherman Police Department, \nLieutenant John Henneberg, here. I would also like to welcome \nTerra Petty and Daryl Birkland from Wilson and Jones IT \ndepartment.\n    I am sure I am leaving some others out and I apologize, but \nI am trying to recognize everyone who has taken the time to be \nhere, including a number of students here from Austin College. \nWelcome. Thank you for being a hospitable host to us. I would \nsay that I have been the beneficiary personally of a number of \nAustin College students who have interned in my Congressional \noffice, and a number of them are here today. Thank you for \ncoming back. It is great to see you all again.\n    With that, I would like to recognize our distinguished \npanel of testifying witnesses this morning.\n    We have with us Mr. Al Davis, who is the deputy director \nand chief operations officer at Texas A&M Engineering Extension \nService. Welcome, Mr. Davis.\n    Mr. Davis. Thank you, sir.\n    Mr. Ratcliffe. We have Mr. Sam Greif, the chief of the \nPlano Fire-Rescue Fire Department, who is testifying on behalf \nof the International Association of Fire Chiefs. Welcome, \nChief.\n    Mr. Greif. Thank you, sir.\n    Mr. Ratcliffe. We have Mr. Richard Wilson, who is a \nlieutenant with the Dallas Police Department. Welcome, \nlieutenant.\n    Last but not least, we have now-retired Detective Don \nWaddle from the Greenville Police Department.\n    Mr. Waddle. Thank you, sir.\n    Mr. Ratcliffe. Very good. All right.\n    With that, I would like to ask the witnesses to stand so \nthat I can administer an oath.\n    [Witnesses sworn.]\n    Mr. Ratcliffe. Let the record reflect that the witnesses \nhave answered in the affirmative.\n    The witnesses' full written statements will appear in the \nrecord.\n    You may be seated.\n    The Chair now recognizes Mr. Davis for 5 minutes for his \nopening statement.\n\n STATEMENT OF ALPHONSE DAVIS, DEPUTY DIRECTOR/CHIEF OPERATIONS \n        OFFICER, TEXAS A&M ENGINEERING EXTENSION SERVICE\n\n    Mr. Davis. Thank you very much, Mr. Ratcliffe. I would like \nto thank you and also Mr. Burgess and other Members of the \nsubcommittee. It is an honor to appear here before you on \nbehalf of our agency, the Texas A&M Engineering Extension \nService, to discuss cyber preparedness and response at the \nlocal level.\n    I will start by telling you just a little bit about TEEX. \nWe are affectionately known as TEEX to those that we train and \nthat we partner with. We began training in 1930. The impact is \nat the local, State, and National, and global levels. We cover \ntraining and technical assistance across the entire homeland \nsecurity enterprise domain to include cybersecurity, and an \nimportant part of our mission and our role is our extension \nservice, we are proud to say, to the great State of Texas.\n    Our relationships. First of all, we have relationships with \nresponders across all disciplines, all 16 disciplines, at the \nState and local levels. With DHS/FEMA, we have relationships \nnot only with the National training and education division but \nwith CS&C, Cybersecurity and Communications, who we dialogue \nwith. We also dialogue with the Infrastructure Protection \nDirectorate, Personal Protection Directorate, and the Office of \nBombing Prevention.\n    We also have consortium memberships, first of all, since \n1998, with the National Domestic Preparedness Consortium, with \nthe National Cybersecurity Preparedness Consortium, and we are \nalso a member of the Forensics Consortium. Those memberships \nhelp us to address cybersecurity across a number of areas.\n    Our role in addressing the cybersecurity challenge began in \n2010 when DHS/FEMA asked us to take on some training that was \npreviously done on a competitive training grant. We have also \nlinked cybersecurity to emergency planning and response, and we \nthink that is very, very important.\n    Why we think it is important: I think the police chiefs and \nfire chiefs would agree, we used to think about cybersecurity \non the left hand and emergency planning and response on the \nright hand, and they should be thought about together, because \nif the emergency response planner or manager thinks that they \ncan really put off a plan or respond without cyber intrusion, \nthat is not accurate. That is really not accurate because of \nthose reasons you stated, sir.\n    We have done some pioneering efforts also, and what I mean \nby that is when we visit a lot with our partners at DHS/FEMA, \nwe didn't visit in silos. We thought there was a need to bring \nthem together, and we are proud to say that we did, in fact, \nbring those different entities together to actually develop \nfurther training. So again, we were pioneers in that effort.\n    We also at TEEX, through cybersecurity technical assistance \nand vulnerability assessments--that is very important, we do \nthat not only with some universities, but we have been doing \nthat with some communities. We have done some training also, \nassessments that is, in Congress, and Texas also, sir.\n    As far as our products go--and that is our training \ncourses--this focuses also on training, and I will refer to \nsomething we submitted, our statement. We had 5 instructor-led \ncourses. Four deal with cyber and incident management, and it \ncomes from the community level, the Essentials of Community \nCybersecurity, Community Preparedness, and Community \nCybersecurity Exercise Planning.\n    We also have 10 on-line courses that are provided at no \ncost to individuals, designed for 3 levels of students, \nincluding the general user, which is very important--you \naddressed that, sir--the information technology staff and \nspecialists, and for business managers also. So again, that \ntraining is, at no cost, available to the general public.\n    As far as our results, over the last 5 years TEEX has \nprovided cybersecurity training for students and participants \nin 40 States and 5 territories, reaching a total of 32,900 \ntraining instances, and we think that is very, very important.\n    As we move forward, sir, we will continue to work closely \nwith States and local communities in identifying their needs \nand supporting their efforts. States have reported, through the \nNational Preparedness Reports beginning in 2012, that \ncybersecurity is a key National area of improvement and \nconcern, and it is listed as a top priority in the 2014 and \n2015 National Preparedness Report.\n    So again, we are very, very pleased to be here. We have \nsubmitted a statement in more detail, and I will be willing, \nsir, when appropriate, to take your questions that you may \nhave.\n    [The prepared statement of Mr. Davis follows:]\n                  Prepared Statement of Alphonse Davis\n                             April 7, 2016\n    Chairman Ratcliffe, and other distinguished Members of the \nsubcommittee, it is an honor to appear before you today on behalf of \nthe Texas A&M Engineering Extension Service (TEEX) to discuss cyber \npreparedness and response at the local level.\n         history of teex emergency management training program\n    TEEX, a State of Texas agency and member of the Texas A&M \nUniversity System (TAMUS), began training State and local responders in \n1930, and today trains over 170,000 annually from across the world. In \n1998, TEEX became a founding member of the National Domestic \nPreparedness Consortium (NDPC). The NDPC is a partnership of 7 \nuniversities and organizations that are the primary means through which \nthe Department of Homeland Security/Federal Emergency Management \nAgency's (DHS/FEMA) National Training and Education Division (NTED) \nprovides training to State, local, Tribal, and territorial responders \nand communities in support of PPD-8--National Preparedness. The NDPC is \nCongressionally-authorized and annually appropriated funding through \nthe Homeland Security National Training Program to develop and deliver \ntraining for the Nation's emergency first responders within the context \nof all hazards; including chemical, biological, radiological, and \nexplosive Weapons of Mass Destruction (WMD) hazards. To date the NDPC \nhas trained over 2.4 million, more than 540,000 of which were trained \nby TEEX.\n    This long-term relationship with State and local level emergency \nmanagers, responders, and leaders, and infrastructure/industrial \npartners, along with more than 20 years of experience in workforce and \nsoftware development, prepared TEEX to provide training on preparedness \nand response for cyber incidents or attacks. In today's connected world \ncyber refers to anything that contains, is connected to, or is \ncontrolled by computers and computer networks.\n                beginning of teex cyber training program\n    In 2010, at the request of FEMA, TEEX began training State and \nlocal communities in cybersecurity awareness, specifically where local \ncommunities and responders need to collaborate with their critical \ninfrastructure partners in planning for and responding to a possible \ncyber attack or incident. TEEX launched this effort within their \nexisting HSNTP funding (then fiscal year 2009--$22,344,500) by \ncontinuing the delivery and maintenance of cyber courses originally \ndeveloped under FEMA Continuing Training Grants and awarded to other \nuniversities.\n    At the National level, the need for an increase in cybersecurity \nawareness and the ability to collaboratively plan with critical \ninfrastructure partners was highlighted through PPD-21--Critical \nInfrastructure Security and Resilience and EO-13636--Executive Order \nCybersecurity/Presidential Policy Directive on Critical Infrastructure \nSecurity and Resilience. TEEX responded to the growing need by \nexpanding the cyber training program and leveraging the partnerships \nwith the DHS Office of Infrastructure Protection (IP) and the DHS \nOffice of Cybersecurity and Communications (CS&C). TEEX had previously \ndeveloped 2 courses on the protection of critical infrastructure with \nDHS/IP and was asked to develop a third, which specifically-focused on \nthe challenges of both physical and cybersecurity on critical \ninfrastructure, with DHS/IP and DHS/CS&C.\n             current teex training and assessment programs\n    TEEX trains students through the DHS/FEMA HSNTP, offered at no cost \nto State, local, Tribal, and territorial communities, and includes:\n  <bullet> 5 instructor-led courses that are delivered across the \n        country and the U.S. territories, allowing communities to train \n        together in the classroom:\n    <bullet> 4 courses on cyber and incident management\n        <bullet> Promoting Community Cybersecurity\n        <bullet> Essentials of Community Cybersecurity\n        <bullet> Community Preparedness for Cyber Incidents\n        <bullet> Community Cybersecurity Exercise Planning.\n    <bullet> 1 course specifically addressing both physical and \n            cybersecurity\n        <bullet> Physical and Cybersecurity for Critical \n            Infrastructure.\n  <bullet> 10 on-line courses, available at no cost to individuals, \n        designed for 3 levels of student, including:\n    <bullet> 3 courses for General Users, covering broadly-applicable \n            awareness needs\n    <bullet> 4 course for Information Technology staff and specialists, \n            addressing security, forensics, and response techniques for \n            IT systems\n    <bullet> 3 courses for Business Management staff that include Risk \n            Management and legal parameters critical to small \n            businesses.\n    In addition to training, TEEX also provides technical assistance, \noffering community and organizational vulnerability assessments and \ncompliance reviews. Vulnerability assessments include network \nvulnerability testing, review and validate IT security processes, and \nreview IT system security configurations, while compliance reviews \ninclude organizational policy conformance reports and recommendations \nto make their systems more secure.\n                implementation of teex training programs\n    Over the last 5 years, TEEX has provided cybersecurity training for \nstudents in 40 States and 5 territories, reaching a total of 32,290 \nstudents. These students trained both in the classroom and on-line.\n  <bullet> Instructor-led training (delivered in local communities):\n    <bullet> 345 deliveries to 8,413 students in the United States\n    <bullet> 31 deliveries to 815 students in Texas.\n  <bullet> Online training:\n    <bullet> 23,877 students in the United States\n    <bullet> 4,264 students in Texas\n    <bullet> 50 students in TX District 4.\n                    future of teex training programs\n    As we move forward, we will continue to work closely with States \nand local communities in identifying their needs and supporting their \nefforts. States have reported through the annual National Preparedness \nReports, beginning in 2012, that cybersecurity is a key National area \nof improvement, listing it as a top priority in 2014 and 2015. Some of \nour recent work in support of the States includes:\n  <bullet> Working with States to provide employee training web portals \n        with direct access to State-identified required on-line cyber \n        training and reporting capabilities for States to monitor \n        employee progress in completing the courses. Student training \n        portals are now active for the States of Arkansas, Louisiana, \n        and Wyoming, as well as Fresno Pacific University in \n        California.\n  <bullet> Most recently, as a member of the National Cybersecurity \n        Preparedness Consortium (NCPC), consisting of 5 partners \n        focused on training for State and local communities, TEEX is \n        developing new training on the integration of cybersecurity \n        into the local Emergency Operations Center (EOC). Through FEMA \n        NTED's Continuing Training Grants, TEEX will develop 2 hands-on \n        courses, with simulated scenarios designed to develop \n        managerial and operational-level skills sets. The first course, \n        now in development and piloted in Utah and Rhode Island, is \n        designed to help ensure that traditional emergency management \n        personnel and IT personnel recognize the importance of working \n        together to mitigate the effects of a cyber incident. A second, \n        more technical, course will follow and will provide students \n        with the key skills and processes needed to more effectively \n        defend their organizational networks.\n    In summary, we will continue to focus on how we can further assist \nand prepare local entities for a cyber incident, as well as enhancing \nengagement with the public and private sectors in planning and response \nto a cyber incident.\n\n    Mr. Ratcliffe. Thank you, Mr. Davis.\n    The Chair now recognizes Chief Greif for his opening \nstatement.\n\n STATEMENT OF SAM GREIF, CHIEF, PLANO FIRE-RESCUE DEPARTMENT, \n                          PLANO, TEXAS\n\n    Mr. Greif. Good morning, Chairman Ratcliffe, Representative \nBurgess. Today I thank you for the opportunity to represent the \nInternational Association of Fire Chiefs to discuss this \nimportant topic.\n    Cyber crime and cyber attacks are an ever-increasing threat \nto the American homeland. However, fire and emergency services \nare still learning how to recognize these threats and the \nadverse effects of those to our operations. There have been \nattempts to use robocalls and other service attacks that would \naffect operations of 9-1-1 public safety answering points. In \naddition, we have seen recent examples of cyber attacks against \nhospitals in California, Kentucky, and the Washington, DC area.\n    The greater concern is that a cyber attack can be used in \nconjunction with kinetic bombing or an active-shooter incident \nto create confusion during the response. Fire and EMS \ndepartments must be vigilant for malware, phishing, spam, \nspyware, and other new and diverse threats. The keys to \nsuccessful cybersecurity efforts for fire and EMS departments \nare multifaceted.\n    We need to harden and test systems, stay aware of and \ninformed by our new threats, and make sure that the staff are \ntrained and prepared to prevent and to respond to a cyber \nincident. It is vital that fire and EMS departments take steps \nto protect themselves.\n    During my tenure with the Fort Worth Fire Department, I \noversaw our Fire Communications Division. In order to protect \nour computer-aided dispatch and 9-1-1 systems, IT departments \nsegregated them from the outside world. This reduced their \nvulnerability. We updated the systems by testing updates and \nmanually installing them on our servers.\n    To protect the PSAPs, departments have to constantly test \nthe 9-1-1 system vulnerabilities to make sure that they can \nwithstand a concerted service attack. PSAPs also should be \nconstructed securely from the outside attacks and have \nresilient systems as back-up.\n    As public safety communications move to digital systems, \nthey can become vulnerable to cyber attacks. These \ncommunication systems must be secured. Fire and EMS departments \nalso must stay aware of new threats. State and local fusion \ncenters can provide information about cyber threats. In \naddition, Federal information-sharing systems like the Homeland \nSecurity Information Network are good sources of cyber \ninformation for fire and EMS chiefs.\n    Fire and EMS chiefs also should develop close working \nrelationships with their local law enforcement, emergency \nmanagers, IT departments, and the surrounding jurisdictions. At \nFort Worth, I worked with the local police and intelligence \ncommunities to stay aware of these threats. In Plano, I meet \nmonthly with the police chief, the public safety communications \ndirector, the emergency management director, and among our \ndiscussions is how to improve and secure our communications \nsystems.\n    Major events require regional planning. For Super Bowl XLV \nin 2011, we developed a multi-county consortium and developed a \ncommunications plan that actually included response to cyber \nterrorism.\n    Finally, training and exercises are key to preventing and \nresponding to an incident. Antivirus software must be kept up-\nto-date. Staff should adopt preparedness and a culture to not \nput on any links to malware, spyware, or other threats. Fire \nand EMS chiefs also can study the effects of cyber attacks and \nother public safety and private organizations and learn how to \nmitigate the consequences before they occur.\n    The Federal Government can be an important partner in a \nFederal cybersecurity regime. Many fire departments are not \naware of the threat that they face. DHS can work with the U.S. \nFire Administration and the National Fire Academy to develop \nstandards and training for all fire and EMS departments. Fire \nchiefs recommend that the U.S. Fire Administration's budget be \nrestored to the fiscal level of 2011, which was $45.6 million, \nin order to facilitate this type of educational effort. In \naddition, DHS can continue to fund the State Homeland Security \nGrant Program and the Urban Area Security Initiative, also \nknown as UASI. These programs support their operations. In \naddition, these grants can be used to fund cyber components to \nregional training. Unfortunately, the administration's fiscal \nyear 2017 budget request would impose Draconian cuts on these \nprograms. The State Homeland Security Grant Program will be cut \nby more than 50 percent, and the UASI program would be cut by \n45 percent. We recommend that these programs be funded at least \nto the fiscal year 2016 level of $467 million for State \nHomeland Security Grant Program and $600 million for UASI.\n    Thank you for the opportunity to represent Fire and \nEmergency Services at today's hearing. Local fire and EMS \ndepartments must take necessary precautions to protect \nthemselves from this new and emerging threat. In addition, the \nFederal Government can provide critical information, education, \nand practical training about the threat of cyber attacks.\n    I look forward to answering any questions you may have.\n    [The prepared statement of Mr. Greif follows:]\n                    Prepared Statement of Sam Greif\n                             April 7, 2016\n    Good morning, Chairman Ratcliffe, Ranking Member Richmond, and \nMembers of the subcommittee. I am Chief Sam Greif of the Plano Fire-\nRescue Department. Today I am pleased to testify on behalf of the \nInternational Association of Fire Chiefs. The IAFC represents more than \n11,000 leaders of the Nation's fire, rescue, and emergency medical \nservices. Thank you for the opportunity to discuss important issues \nrelated to cybersecurity and the fire and emergency service. This is a \ngrowing threat that adds yet another mission for the America's \nfirefighters and emergency medical personnel.\n                      the problem of cybersecurity\n    Cyber crime and cyber attacks are becoming a more prevalent threat \nto the American homeland. A 2010 report by Norton found that two-thirds \nof the world's population have been the victim of some form of cyber \ncrime. A 2009 study by McAfee demonstrated that cyber crime, including \nsecurity breaches and data theft, may have cost international business \nhas much as $1 trillion. We have seen how cyber attacks can harm major \nuniversities, medical facilities, financial institutions, retailers, \nlocal governments, and Federal agencies.\n    The fire and emergency service is just beginning to recognize how \nthese threats can affect our operations. There have been attempts to \nuse robocalls and other denial-of-service attacks to affect operations \nat 9-1-1 Public Safety Answering Points (PSAP). Just recently, we have \nseen a rash of cyber attacks against hospitals in California, Kentucky, \nand the Washington, DC area. In addition, we always must be vigilant \nfor malware, phishing, spammers, and spyware which are aimed at \ninfiltrating and debilitating our systems.\n    From the fire and emergency service's perspective, it is important \nthat we protect vital systems that support our operations. The 9-1-1 \nsystems are necessary for the public to call and request assistance \nduring emergency situations. Computer-aided dispatch (CAD) systems are \nessential for determining which units are available to respond and \nassigning them to an incident scene. These units must be able to \ncommunicate with the dispatch center, command units and each other \neffectively at the incident scene. In addition, patient reporting \ninformation must be protected by the emergency medical service (EMS), \nbecause of the nature of the data. As the Nation transforms to a more \ndigital world and the ``Internet of Things,'' all of these capabilities \nwill be presented with an increasing number of opportunities to provide \nservice to our citizens and a corresponding number of vulnerabilities \nto cyber threats.\n               protecting the fire and emergency service\n    As they consider the various threats to their computer systems, \nfire and EMS departments must take steps to protect themselves. Before \nI became fire chief in Plano, I served for 30 years in the Fort Worth \nFire Department, where I oversaw the city's 9-1-1 center for 10 years. \nOne of our major missions was to protect our CAD and 9-1-1 systems from \ncyber attacks. To protect our systems, we segregated them from the \noutside world. This action minimized the ability of outsiders to \ncompromise our systems through the internet. To update our systems, we \nwould have to go to the server and install software manually. It is \nimportant to recognize, though, that most of a fire and EMS \ndepartment's computer systems, like human resources, email, and \nfinance, will be part of the overall jurisdiction's information \ntechnology (IT) systems.\n    Fire and EMS departments also have to take steps to harden their \nsystems. In order to protect their 9-1-1 systems from massed robocalls \naimed at taking down the system, the departments have to constantly \ntest their systems' vulnerabilities to make sure that they can \nwithstand heavy call volumes. The fire departments also have to \ndownload and use a testbed to evaluate all software before installing \nit. It is important to realize that--as communications systems move to \ndigital systems that use VoIP--these systems need to be secure from \ncyber attacks that might compromise life-saving operations on the fire \nscene. In addition, 9-1-1 Public Safety Answering Points (PSAP) should \nbe constructed to be secure from outside attacks and have resilient \nsystems and back-up power.\n    As with other threats, local fire and EMS chiefs must stay aware of \nnew threats and prepare for them. The best way to stay informed is to \ndevelop relationships with intelligence fusion centers, Federal \nofficials and local law enforcement. If fire and EMS departments can \nsupport the staffing requirements, they should have personnel stationed \nat the State and local fusion centers. Grants administered by the \nFederal Emergency Management Agency (FEMA), including the State \nHomeland Security Grant Program (SHSGP) and Urban Areas Security \nInitiative (UASI), will support fire and emergency service personnel in \nfusion centers. Fire and EMS departments also should maintain close \nrelationships with local Joint Terrorism Task Forces. These resources \nwill keep fire and EMS chiefs informed on the latest cyber threats and \nhelp them address any vulnerabilities.\n    It also is important to develop close working relationships with \nlocal law enforcement officials. In Fort Worth, I worked with the local \npolice intelligence unit, which was aware of new threats to the \ncommunity. In Plano, the public safety group, composed of the city \ncommunications director, the police chief, the emergency manager and \nme, meet monthly to discuss threats and how to prepare for them.\n    Federal information-sharing systems, like the Homeland Security \nInformation Network (HSIN), also can provide important information \nabout cyber threats and how to prepare for them. HSIN is a National, \nsecure, web-based portal for information sharing and collaboration \nbetween Federal, State, local, Tribal, territorial, and private-sector \npartners. HSIN has a community of interest dedicated to the fire and \nemergency service. The U.S. Department of Homeland Security (DHS) must \nmake sure that cybersecurity-related information is added to this \ncommunity of interest, so that local fire and EMS chiefs can access it.\n    Since fire and EMS departments depend on mutual aid to respond to \nmajor incidents, they should address cybersecurity concerns as part of \ntheir planning and training. Communications must be interoperable \nduring an incident; a breakdown in communications or dispatch systems \nduring an incident could cause confusion at a critical time. To address \nthis risk, the North Central Texas Council of Governments addressed \ncybersecurity as part of its interoperability plans. For Super Bowl XLV \nin 2011, the Multi-Quad County Consortium developed a communications \nplan that addressed cybersecurity concerns and developed plans for \nresponding to a cyber attack.\n    Finally, training and exercises are key to preventing and \nresponding to an incident. One of the basic ways to protect computer \nsystems is to train staff not to click on spamware, malware, or \nspoofing attacks. In addition, fire and EMS departments must ensure \nthat all of their virus software is up-to-date. These are simple tasks \nthat can protect a system. Fire and EMS departments also can audit \ntheir systems to evaluate vulnerabilities. It also is worthwhile to \nstudy the effects of cyber attacks on other public safety organizations \nto see how their operations were affected and what they did to mitigate \nthe damage. Local fire and EMS departments can work with local law \nenforcement agencies, emergency managers and the jurisdictions' IT \nstaff to plan and exercise contingency plans in case of cyber attacks \naimed at taking down key systems.\n                     the federal government's role\n    The Federal Government can be an important partner. Most \nimportantly, it can help educate fire and EMS departments about the \ncybersecurity threat. The DHS's Office of Cybersecurity and \nCommunications (C&SC) can work with FEMA to raise awareness in local \nfire departments about the threats that cyber attacks can pose. The \nU.S. Fire Administration (USFA) is an agency within FEMA that supports \nthe local fire and emergency service. By working with USFA and its \nNational Fire Academy, C&SC can develop education and training to help \nfire and EMS departments learn how to determine which systems might be \nvulnerable to cyber attacks and make the necessary changes to protect \nthem. It is important to note that the President's fiscal year 2017 \nbudget proposes to cut USFA by $1.7 million. We recommend that--\ninstead--Congress fund USFA at the fiscal year 2011 level of $45.6 \nmillion, so that the agency can develop training for emerging threats \nlike cybersecurity.\n    Also, DHS can continue to support training and exercises to help \nfire and EMS departments prepare for the threat of a cyber attack. A \ncyber-related component can be added to the State and local exercises. \nIn addition, DHS should continue to support State and local fusion \ncenters, which serve an important purpose in sharing threat \ninformation. These programs are funded though the SHSGP and UASI \nprograms. Unfortunately, the President's fiscal year 2017 budget \nproposes to cut these programs drastically. The budget would cut the \nSHSGP program to $200 million (a decrease of more than 50%) and the \nUASI program would be cut to $330 million (a 45% cut). We urge Congress \nto fund these programs--at least--at the fiscal year 2016 level of $467 \nmillion for the SHSGP program and $600 million for the UASI program.\n    Recently, the DHS National Protection and Programs Directorate \n(NPPD) announced a proposal to realign itself to have a greater focus \non cybersecurity. Overall, the IAFC is supportive of this proposal. \nHowever, we have concerns about how this realignment would affect the \nOffice of Emergency Communications (OEC). The OEC's mission is to \npromote public safety communications interoperability using a local \nstakeholder-directed approach. The IAFC and other public safety \norganizations do not support efforts to move OEC under the \nInfrastructure Security component. Instead, we recommend that OEC \nremain a separate component within NPPD.\n                               conclusion\n    Thank you for the opportunity to testify at today's hearing. \nCybersecurity is an issue of growing importance to the Nation. A \nbreakdown of a fire and EMS department's CAD or communications system \nduring the response to an incident could result in tragic consequences. \nIt is important that local fire and EMS departments strengthen their \nsystems to protect them. In addition, fire and EMS chiefs should \ndevelop strong working relationships with Federal, State, and local law \nenforcement officials to be aware of emerging threats. Finally, local \nfire and EMS chiefs should make sure that their staff are trained in \nbasic cybersecurity safety, and plan and exercise for the consequences \nof a successful cyber attack. Taking these necessary precautions should \nhelp local fire and EMS departments to adapt to this emerging threat.\n\n    Mr. Ratcliffe. Thank you, Chief Greif.\n    The Chair now recognizes Lieutenant Wilson for his opening \nstatement.\n\n   STATEMENT OF RICHARD F. WILSON, LIEUTENANT, DALLAS POLICE \n                   DEPARTMENT, DALLAS, TEXAS\n\n    Mr. Wilson. Good morning, sir. Chairman Ratcliffe, Mr. \nBurgess, thank you and Ranking Member Richmond for the \nopportunity to testify today.\n    The challenges faced by law enforcement at the local level \nin preparing for and preventing cyber attacks are on the rise \nand continue to be difficult. While all Americans recognize our \ndependence on the internet and telecommunications devices to \nstay connected with the world, this increasing level of \nconnectivity has resulted in additional responsibilities for \npublic officials and law enforcement to police the world-wide \ncommunications network without impeding communications between \nthe members of our community.\n    The first and perhaps most difficult challenge the Dallas \nPolice Department and our community partners face today is our \ntotal reliance on computer networks for operational and \ninvestigative functions. This all-inclusive dependence allows \nfor a much greater negative impact on our abilities to perform \nour duties when these systems fail or become infected.\n    Second, the extent of this connectivity enables persons and \norganizations with malicious intent to conduct cyber attacks \nfrom greater distances. This ability for a hacker to attack \nsystems world-wide expands the list of possible suspects to all \nof the world's population that possess a smartphone or computer \nthat is connected to the internet.\n    Third, the quantity of information passing through all \ncommunications networks allows hackers to avoid the trained \nsystems analysts and target their attacks to enter networks at \ntheir weakest points, by exploiting lapses in security \ncommitted by end-users or consumers.\n    Since cyber attacks recognize no State and local \njurisdictional boundaries, public officials and corporate \nmanagers must coordinate their investigative and management \nprocesses to define roles for all the partners.\n    The pace at which technology continues to advance is \ncurrently outpacing law enforcement's ability to educate its \nworkforce to recognize and address cyber crime activity. For \nthose officials that do recognize the necessity to increase \nsecurity infrastructures, and choose to develop or subscribe to \ncyber protection programs, the costs associated with these \nefforts often compete with funds required to maintain other \nessential tasks within the organizations, where the impact from \nthese other functions can be more readily counted and observed \nby such measures as crime rates and response times to calls for \nservice.\n    For those State and local agencies that commit funds for \nhiring cyber-trained personnel, these agencies are often unable \nto compete financially with compensation packages and programs \noffered by private corporations and Federal agencies.\n    Lastly, while most State and local agencies recognize their \nneed to enhance cyber training for their existing workforce, \nthe growing demand for cybersecurity and cyber investigative \ntraining far exceeds the current class sizes and training \nopportunities.\n    Cyber training is an expanding area of instruction that \noften provides training to State and local partners at reduced \ncosts or without tuition. While these programs reduce the \ndirect costs of obtaining training for State, local, and Tribal \nemployees, some indirect costs may result from committing a \nportion of the workforce to training. The student employee's \nabsence can produce temporary staffing shortages that may \nadversely affect the employer agency's responsiveness to calls \nfor service, visual presence and enforcement activity in the \ncommunity, and the ability to conduct timely investigations of \nreported crimes.\n    Due to the size and mission of the Dallas Police \nDepartment, and the wide range of assignment-based duties \nperformed by DPD officers and civilians, supervisors within \neach division or unit are responsible for identifying job-\nspecific training needs beyond State-mandated training \nrequirements, and obtaining instruction for all employees \nwithin their workgroup.\n    Currently, a variety of on-site cyber training courses are \noffered by organizations such as the Federal Law Enforcement \nTraining Center in Georgia, the National Computer Forensics \nInstitute in Alabama, and Abbott Laboratories in Illinois. Some \nexamples of additional training that can be obtained on-line \nare SEARCH On-line training and at the National White Collar \nCrime Center. There are also additional training and support \nprograms offered by other DHS components, FEMA and ICE, as well \nas the Multi-State Information Sharing and Analysis Center.\n    While detectives and analysts from the Dallas Fusion Center \nhave been able to attend some of these training programs, there \nare always challenges for a first responder organization like \nthe Dallas Police Department. As such, our core capabilities at \nthe Dallas Fusion Center are always subject to staffing \npatterns, personnel changes, and other policy considerations, \nso that to keep our level of current cyber expertise consistent \nand on the cutting edge we need affordable access to cost-\neffective and timely training to stay on the vanguard.\n    Having said that, I think we can all agree that this \nchallenge is one we face as a Nation, and not just in a select \nfew States, regions, or cities. It will take a full-time \ntraining effort and identified funding resources for the first \nresponders of the Dallas Police Department and other major \nmetropolitan cities across the country to stay current in our \nstruggle to meet the increasing sophistication of cyber crime, \nespecially in today's threat landscape.\n    While much progress has been made in identifying the needs \nof State, local, Tribal, and territorial agencies to address \nillegal cyber activity, opportunities do still exist to create \ncyber preparedness and responsiveness at the local level.\n    The first area of support should be to provide increased \nscholarship support of formal education programs that contain \nemphasis on cybersecurity and cyber forensics. Funding for \ntraining is always an issue in the budgets of State, local, and \nTribal agencies.\n    Second, education and public service announcements should \nbe developed and communicated by all levels of government to \nall Americans to clarify the importance of each citizen's role \nand responsibilities for creating a safer cyber network. This \ntype of community outreach should emphasize the importance of \nhardening computer systems and provide tips for using \ntechnology in ways that reduce opportunities for computer \nhackers and criminals who benefit from security lapses.\n    Third, until the gap between training opportunities supply \nis reduced to match the increasing need for training, \nadditional facilities and programs should be created to provide \ntraining to State, local, and Tribal government employees.\n    Last, I would urge each Member of Congress to continue to \ncreate legislation as necessary to address emerging methods of \ncyber crime activity as they are identified and require stiff \nincarceration sentences for those convicted of committing cyber \ncrimes.\n    Thank you again, Chairman Ratcliffe and Mr. Burgess, for \nthe opportunity to testify before you today. I would be glad to \nanswer any questions.\n    [The prepared statement of Mr. Wilson follows:]\n                Prepared Statement of Richard F. Wilson\n                             April 7, 2016\n    Chairman Ratcliffe, Ranking Member Richmond, Members of the \nsubcommittee, thank you for the opportunity to testify today.\n    The challenges faced by law enforcement at the local level in \npreparing for and preventing cyber attacks are on the rise, and \ncontinue to be difficult. While all Americans recognize our dependence \non the internet and telecommunication devices to stay connected with \nthe world, this increasing level of connectivity has resulted in \nadditional responsibilities for public officials and law enforcement to \npolice the world-wide communications network without impeding \ncommunications between all members of their community.\n    The first and perhaps most difficult challenge the Dallas Police \nDepartment and our community partners face today, is our total reliance \non computer networks for operational and investigative functions. This \nall-inclusive dependence allows for a much greater negative impact on \nour abilities to perform our duties when these systems fail or become \ninfected.\n    Second, the extent of this connectivity enables persons and \norganizations with malicious intent to conduct cyber attacks from \ngreater distances. This ability for a hacker to attack systems world-\nwide expands the list of possible suspects to all of the world's \npopulation that possess a smartphone or computer connected to the \ninternet.\n    Third, the quantity of information passing through all \ncommunications networks allows hackers to avoid the trained systems \nanalysts, and target their attacks to enter networks at their weakest \npoints, by exploiting lapses in security committed by end-users or \nconsumers.\n    Since cyber attacks recognize no State and local jurisdictional \nboundaries, public officials and corporate managers must coordinate \ntheir investigative and management processes to define roles for all \npartners.\n    The pace at which technology continues to advance is currently \noutpacing law enforcement's ability to educate its workforce to \nrecognize and address cyber crime activity. For those officials that do \nrecognize the necessity to increase security infrastructures, and \nchoose to develop or subscribe to cyber protection programs, the costs \nassociated with these efforts often compete with funds required to \nmaintain other essential tasks within the organizations, where the \nimpact from these other functions can be more readily counted and \nobserved by such measures as crime rates and response times to calls \nfor service.\n    For those State and local agencies that commit funds for hiring \ncyber-trained personnel, these agencies are often unable to compete \nfinancially with compensation packages and programs offered by private \ncorporations and Federal agencies.\n    Lastly, while most State and local agencies recognize their need to \nenhance cyber training for their existing workforce, the growing demand \nfor cybersecurity and cyber investigative training far exceeds the \ncurrent class sizes and training opportunities.\n    Cyber training is an expanding area of instruction that often \nprovides training to State and local partners at reduced costs or \nwithout tuition. While these programs reduce the direct costs of \nobtaining training for State, local, and Tribal employees, some \nindirect costs may result from committing a portion of the workforce to \ntraining. The student employee's absence can produce temporary staffing \nshortages that may adversely affect the employer agency's \nresponsiveness to calls for service, visual presence, and enforcement \nactivity in the community, and the ability to conduct timely \ninvestigations of reported crimes.\n    Due to the size and mission of the Dallas Police Department, and \nthe wide range of assignment-based duties performed by DPD officers and \ncivilians, supervisors within each division or unit are responsible for \nidentifying job-specific training needs beyond State-mandated training \nrequirements, and obtaining instruction for all employees within their \nworkgroup.\n    Currently, a variety of on-site cyber training courses are offered \nby organizations such as the Federal Law Enforcement Training Center in \nGeorgia, the National Computer Forensics Institute in Alabama, and \nAbbott Laboratories in Illinois. Some examples of additional training \nthat can be obtained on-line are, SEARCH On-line training and at the \nNational White Collar Crime Center. There are also additional training \nand support programs offered by other DHS components FEMA and ICE, as \nwell as the Multi-State Information Sharing & Analysis Center.\n    While detectives and analysts from the Dallas Fusion Center have \nbeen able to attend some of these training programs, there are always \nchallenges for a first responder organization like the Dallas Police \nDepartment.\n    As such, our core capabilities at the Dallas Fusion Center are \nalways subject to staffing patterns, personnel changes, and other \npolicy considerations, so that to keep our level of current cyber \nexpertise consistent and on the cutting edge, we need affordable access \nto cost-effective and timely training to stay on the vanguard.\n    Having said that, I think we can all agree that this challenge is \none we face as a Nation, and not just in a select few States, regions, \nor cities.\n    It will take a full-time training effort and identified funding \nresources for the first responders of the Dallas Police Department, and \nother major metropolitan cities across the country, to stay current in \nour struggle to meet the increasing sophistication of cyber crime, \nespecially in today's threat landscape.\n    While much progress has been made in identifying the needs of \nState, local, Tribal, and territorial agencies to address illegal cyber \nactivity, opportunities to create cyber preparedness and responsiveness \nat the local level do still exist.\n    The first area of support should be to provide increased \nscholarship support of formal education programs that contain emphasis \non cybersecurity and cyber forensics. Funding for training is always an \nissue in the budgets of State, local, and Tribal agencies.\n    Second, education and public service announcements should be \ndeveloped and communicated by all levels of government to all \nAmericans, to clarify the importance of each citizen's role and \nresponsibilities for creating a safer cyber network. This type of \ncommunity outreach should emphasize the importance of hardening \ncomputer systems, and provide tips for using technology in ways that \nreduce opportunities for computer hackers and criminals who benefit \nfrom security lapses.\n    Third, until the gap between training opportunities supply is \nreduced to match the increasing need for training, additional \nfacilities and programs should be created to provide training to State, \nlocal, and Tribal government employees.\n    Last, I would urge each Member of Congress to continue to create \nlegislation as necessary to address emerging methods of cyber crime \nactivity, as they are identified, and require stiff incarceration \nsentences for those convicted of committing cyber crimes.\n    Thank you again Chairman Ratcliffe and Ranking Member Richmond for \nthe opportunity to testify before you today. I would be glad to answer \nany questions.\n\n    Mr. Ratcliffe. Thank you, Lieutenant Wilson.\n    The Chair now recognizes Detective Waddle for his opening \nstatement.\n\n STATEMENT OF DON WADDLE, DETECTIVE (RET.), GREENVILLE POLICE \n                 DEPARTMENT, GREENVILLE, TEXAS\n\n    Mr. Waddle. Good morning, Chairman Ratcliffe and Mr. \nBurgess. I thank you for the opportunity to speak with you all \ntoday.\n    I served as a police officer in both the military and \ncivilian police departments for 39 years. The last 25 years \nwere spent with the Greenville Police Department in Greenville, \nTexas. The last 15 years I was also assigned to the Criminal \nInvestigation Division working property crimes and fraud. Fraud \noften involves the use of computers to facilitate those crimes. \nChecks are generated and printed on computers. Credit card \nabuse and identity theft are often committed using the \ninternet.\n    I did retire from law enforcement on the 31st of last month \nand am now trying to settle into the quiet life.\n    During the last 10 years I have also been assigned to the \nNorth Texas Electronic Crimes Task Force with the United States \nSecret Service and worked side-by-side with both special agents \nof the Secret Service and with numerous State and local \ninvestigators. We were all trained to recover evidence from \ncomputers and cell phones, and we do these examinations from \nagencies throughout North Texas. These cases involve anything \nfrom fraud, to narcotics, to child pornography, to murder, and \ncapital murder. I have testified in trials from possession of \nchild pornography, to enticing a child, to murder, and capital \nmurder.\n    As I look back at my career in law enforcement, I remember \ngoing to a call for a burglary, throwing some dust around and \nhoping that the perpetrators didn't get guns or the victims' \ncheckbooks or credit cards. As time moved forward, computers \nand cell phones came into the game, and then my concern was, \ndid they get the victims' computer passwords for their I-pads \nor their cell phones? It was obvious to me that for me to \nprovide better service to the people of my city, I had to know \nhow to catch the criminals and what they were doing, and what I \nneeded to do to be able to present a case that would put these \ncriminals in jail.\n    Computer crime investigation is not an inexpensive pursuit. \nAll of the software programs that you use for investigations \nare all very expensive. All of them have licenses that have to \nbe renewed every year, and the monetary cost to a city of my \nsize can be anywhere from $300 a year to tens of thousands of \ndollars a year for the software and equipment to do these \ninvestigations.\n    We needed help. There was no way that we were going to be \nable to do that. That is where the Secret Service and Federal \nGovernment stepped in. They helped us help our citizens by \nproviding us with training, equipment, and expertise. Because \nof the training I received, I became a more valuable asset to \nmy department. I was sought out by other detectives for help \nwith their investigations. In major crimes I have used the \ntraining I have received to assist with murder investigations \nby mapping out locations perpetrators used to hide their \nvictims' bodies, or to helping detectives plot computer \nsearches that outlined their case to intelligence for narcotics \ninvestigators.\n    I am also called on to assist other local agencies with \ntheir investigations. They have used the information I provided \nto prepare their cases for prosecution. I am also called on by \nthe prosecutors to answer questions regarding computer crime. \nHad I not had this training, I would not have made the new \ncontacts that I had that have been very beneficial to me.\n    In early 2006 I went to the United States Secret Service \noffice, the Dallas field office, to drop off a computer for \nexamination. I knew nothing about computers at that time. I \nspoke with Bob Sheffield, who was the head of the Electronic \nCrimes Special Agent Program there in the Dallas field office \nand the North Texas Electronic Crimes Task Force at the Dallas \nfield office, and was telling him how interested I was in \nlearning about forensics. He plainly said, ``We can do that for \nyou.'' I went to the Federal Law Enforcement Training Center in \nBrunswick, Georgia for 6 weeks learning about computers and \ncomputer forensics. This was prior to the National Computer \nForensics Institute.\n    In that training I learned what a computer was, what the \nprograms on a computer were, what their purposes were, and the \noverall operation of the computer, and I learned how to look \nfor evidence of a crime.\n    After that I went to the National Computer Forensics \nInstitute in Hoover, Alabama. I started to go to the training \nthere. I went to Advanced Forensics Training there. I went to \nthe first class, which was one of the very first classes at the \nInstitute of any kind, so there was a little bit of tweaking \nthat needed to be done, and then I went back and learned a \ngreat deal that helped me towards my computer forensics.\n    I also went to the Mobile Device Data Recovery school, or \nMDDR, which is cell phone training, and also just this last \nFebruary went to Mac Forensic Training at the NCFI. The NCFI \nhas worked very hard to give State and local officers like me a \ngood, quality education and lots of tools for my toolbox and \nare always there to answer questions. I can call up there at \nany time if I have a question about something, and there is \njust somebody there who is going to be able to answer that \nquestion.\n    The instructors that they have are all very expert in their \nfield, and they work very hard to provide all of us with the \nproper training that we need to be able to do our jobs. You \ndon't have to be on a level way above our heads to talk to us.\n    I think that probably the best training that I ever \nreceived in my 39 years of law enforcement was there at NCFI. I \nwalked away from each class very confident in what I had \nlearned and was able to put all those things back into practice \nand was able to do those things, and I am grateful for that. I \nam grateful to the Federal Government for providing that kind \nof tool.\n    I would encourage giving thought to increasing the size of \nthose classes that were offered at the facility because cyber \ncrime is not going to do anything but increase. I have 2 trials \ncoming up later this month that come from the investigations \nand the training that I got from the NCFI.\n    I want to thank you for your time today.\n    Oh, one other thing I wanted to say is that I am grateful \nfor the training that I received, but my citizens have been the \nmajor benefactors of that training because I was able to do a \nbetter job for them.\n    The other thing I really liked about NCFI is that they \ndidn't just work with law enforcement officers. They also work \nwith judges and prosecutors to help them understand about cyber \ncrime and what is happening there so they are able to do their \njobs more efficiently, too.\n    I am thankful for the time that you all have given me to \ntalk today, and I appreciate the opportunity that I have to say \nsomething about this.\n    [The prepared statement of Mr. Waddle follows:]\n                    Prepared Statement of Don Waddle\n                             April 7, 2016\n    I served as a police officer in both military police and civilian \npolice departments for 39 years. The last 25 years were spent with the \nGreenville Police Department in Greenville, Texas. The last 15 years I \nwas assigned to the Criminal Investigation Division working Property \nCrimes and Fraud. Fraud often involves the use of computers to \nfacilitate the crime. Checks are generated and printed on computers. \nCredit card abuse and identity theft are often committed using the \ninternet. I retired from law enforcement on March 31, 2016. During the \nlast 10 years I have also been assigned to the North Texas Electronic \nCrimes Task Force with the United States Secret Service in Dallas, \nTexas. In this assignment I have worked side-by-side with special \nagents of the Secret Service and with numerous State and local \ninvestigators. We are all trained to recover evidence from computers \nand cell phones, and we do these examinations from agencies throughout \nNorth Texas. These cases involve anything from fraud to narcotics to \nchild pornography to murder and capital murder. I have testified in \ntrials from possession of child pornography, to enticing a child, to \nmurder and capital murder.\n    As I look back at my career in law enforcement, I remember going to \na call for a burglary, throwing some dust around and hoping that the \nperpetrators didn't get guns or the victims checkbook or credit cards. \nAs time moved forward computers and cell phones came into being and on \nthat same burglary, I now had to hope the perpetrators did not get the \nvictims' computer passwords or their cell phones. If that happened \nthere was no telling, how much the victim would end up being \nvictimized. It was obvious, that for me to provide better service for \nthe people of my city, I had to know how to catch the criminals that \nwere committing these offenses. Computer crime investigation is not an \ninexpensive pursuit. The monetary cost to the city for training and \nequipment, can be anywhere from $300 dollars a year to tens of \nthousands of dollars a year. We needed help. That is where the U.S. \nSecret Service and Federal Government come in. They helped us help our \ncitizens by providing us with training, equipment, and expertise. \nBecause of the training I received, I became a more valuable asset to \nmy department. I was sought out by other detectives for help with their \ninvestigations. In major crime I have used the training I have received \nto assist with murder investigations by mapping out locations \nperpetrators used to hide their victims bodies, to helping detectives \nplot computer searches that outlined their case, to intelligence for \nnarcotics investigators. I am also called on to assist other local \nagencies with their investigations. They have used the information I \nprovided to prepare their cases for prosecution. I am also called on by \nthe prosecutors to answer questions regarding computer crime. Had I not \nhad this training, I would not have made new contacts that could be \nbeneficial for me as well.\n    In early 2006, I went to the United States Secret Service, Dallas \nField Office to drop off a computer for examination. While at the \noffice and lab, I spoke with Bob Sheffield who was the head of the \nElectronic Crimes Special Agent Program (ECSAP) and The North Texas \nElectronic Crimes Task Force (N-TEC) at the Dallas Field Office, and \nwas telling him how interested I was in learning about forensics. Mr. \nSheffield plainly stated ``We can do that for you.'' I went to the \nFederal Law Enforcement Training Center in Brunswick Georgia, for 6 \nweeks learning about computers and computer forensics. Shortly after \ncompleting this training the National Computer Forensics Institute \n(NCFI) was opened in Hoover, Alabama. I started to go to the training \nat NCFI, and have been to Advanced Forensics Training (AFT), Mobile \nDevice Data Recovery (MDDR) cell phone training, and Mac Forensic \nTraining. The NCFI has a solid outline of what is needed for each \nclass. They strive hard to provide very qualified instructors, who make \nevery effort to give each student all they need to be qualified to do \ntheir job. The equipment NCFI provides and the equipment used for the \nclasses is some of the very best that can be used. Not only is there \ndiscussion of ways to conduct a forensic investigation but discussion \nalso covers court procedure and testifying. I have also been to \nnumerous conferences related to electronic crime and have always come \naway with something new. I am not the main benefactor of this training. \nThe citizens of Greenville, Texas and Hunt County, Texas, as well as \nthe north Texas area reap the benefits of this training with better \nrecovery rates for property as well as more perpetrators being taken \noff the streets. NCFI also trains prosecutors and judges in protocols \nand also in evidence.\n\n    Mr. Ratcliffe. Thank you, Detective Waddle.\n    I will now recognize myself for an initial round of \nquestions for our distinguished panel.\n    Let me start with you, Mr. Davis. As you know, prior to \nbeing elected to Congress, I served on the Advisory Board at \nTEEX, and so I am very familiar with your organization. It is \nthe largest homeland security training facility in the world, I \nthink some 200,000 folks a year.\n    Mr. Davis. Yes, sir. That is exactly correct.\n    Mr. Ratcliffe. So it is just a terrific organization, and \nagain I am thankful that you are here today.\n    So in your capacity there at TEEX, I would be interested in \nyour perspective on what are the key challenges with \ncybersecurity training at the local level going forward.\n    Mr. Davis. Yes, sir. Thank you. First of all, to your \ncomments regarding TEEX, because we are serving and extension \nis part of our mission, I would think that my perspective is \nthe awareness issue that training is available that is DHS/\nFEMA-funded training, sir. I reeled off some numbers of 32,000 \nthat we have trained across the United States, but when we look \nat what portion of those numbers come from the State of Texas, \nfor example, or if I go to State and local districts, those \nnumbers are very, very small.\n    So I think the issue is the awareness in accessing that \ntraining that is available. One of my fellow panel members \nmentioned the need for training, and of course I passed my \ncards out here. But we go to those jurisdictions so they don't \nhave to spend any money sending them to us. We do direct-\ndelivery, face-to-face training.\n    So the short answer to your question is awareness and \naccessing--not access, but accessing----\n    Mr. Ratcliffe. So as a follow-up, do you know that even \nhere in this audience there are a whole bunch of local \ncommunity representatives that could be the beneficiaries of \nthat type of cyber training TEEX offers? So how can they get \nit?\n    Mr. Davis. Yes, sir. We have on-line training at \nwww.teex.org. If you go on our website you will see a section \non cybersecurity training, and anyone that is in this audience \ncan, in fact, access that training on-line.\n    Mr. Ratcliffe. So, a follow-up question. Is TEEX right now \nin a position to--or how is TEEX leveraging any relationships \nor partnerships with the Department of Homeland Security at the \nNational level?\n    Mr. Davis. Yes, sir, we are. I had some details in my \nstatement. But first of all, we think it is always important to \naddress any issue as a team. I think you used the team sport \nanalogy there. There has recently been a reorganization of \nseveral entities at the DHS level to become more \noperationalized, okay?\n    There is a young lady here with me today, Ms. Rebecca Tate. \nWhen we started doing cyber training back in 2010, we visited \nfirst with our program manager--back then it was also called \nNCSD, National Cybersecurity Division--and the Infrastructure \nProtection Directorate. We went to them to talk about those \nthings we were hearing from State and locals.\n    So we met with them on a regular basis to actually find out \nwhat training needs did they see at the National level, and I \nam proud to say we are on our third course now that is a result \nof that collaboration. We did a recent course in the States of \nUtah and Rhode Island that brings cyber and infrastructure \nprotection together, and that is a direct result of our \ncollaboration with those folks in DHS.\n    Mr. Ratcliffe. Terrific. Thank you.\n    Chief Greif, let me turn to you. You bring to us today a \nwealth of professional experience with different public safety \norganizations. I know you are here today as a spokesman for the \nIAFC. So let me ask you, when Congressman Burgess and I and \nothers at the National level talk a lot about the importance \nand the need for coordination across critical infrastructure \nsectors to encourage cyber resilience, how are those efforts or \nhow do those efforts impact public safety organizations at the \nState and local level like you have been involved with?\n    Mr. Greif. For example, we have fusion centers that are \noften funded with Office of Emergency Communications funds. \nThose fusion centers allow all of the common agencies, the \nnecessary agencies to mitigate any type of emergency situation, \nto come together with all stakeholders. The more we are coming \ntogether and sharing some information with one another, that \nwould be one example of how that benefits us. At the National \nlevel, the funding trickles down to the local jurisdictions.\n    As I said earlier about the Super Bowl, I had no idea until \nI was put on that committee just what-all goes into a major \nevent like that, the planning with all the different agencies \nthroughout the 4-county region that came together. We met \nmonthly for a year just on my committee, which was \ncommunications. A big effort was talking about all the \nresources that were available to us, protection as well as \nworkarounds, what to do in case of----\n    Mr. Ratcliffe. I am glad you mentioned that because as a \nfollow-up and in your testimony you talked about it being \nworthwhile to study the effects of cyber attacks on public \nsafety organizations. Are you aware of anyone who is putting \ntogether sort-of a best practices with respect to public safety \norganizations and cybersecurity practices?\n    Mr. Greif. One of the efforts that is underway is I chair \na--I am on the board of directors for a public safety \ncommunications agency. The DHS has actually sent members a few \ntimes a year when we meet annually, and there is a panel of \nexperts. It is made up of IT personnel, information technology \npeople, as well as fire, police, EMS, and they are working on a \ndocument just like that, that came out at last year's meeting.\n    So certainly it is on the forefront of our consciousness. \nWe are doing everything we can to piggyback on Mr. Davis' \ncomments. It is knowing, understanding what is out there. There \nis some wonderful training available. It is getting personnel \nto understand that the fire and police, especially speaking for \nmy brethren, that we understand the necessity for us to get \ninvolved in the critical questions we need to be asking.\n    Mr. Ratcliffe. Terrific. I noticed in your testimony you \ntalked about segregating the CAT and the 9-1-1 systems for \nsecurity purposes. Is that common?\n    Mr. Greif. I can't say for sure because I have only been a \npart of two jurisdictions, so I don't want to get too specific, \nbut I don't believe that it is widely spread. We were very \ncautious where I came from. We wanted to make sure we took all \nreasonable means, even though that added some complexities to \nday-to-day life. The more you secure something, the harder it \nis sometimes to operate it or update it. But we felt it was \nworth the trouble to keep it segregated.\n    Mr. Ratcliffe. Terrific. Thank you.\n    I do have some additional questions, but I want to yield to \nCongressman Burgess. As I mentioned, I am very grateful that he \nis here today at this subcommittee hearing. He represents the \n26th Congressional District of Texas, which sounds like it is a \nlong way away from the 4th District, but it is really next \ndoor. He represents all of Denton County and most of Tarrant \nCounty as well. He serves on the House Energy and Commerce \nCommittee, and in that capacity he also is the Chairman of the \nSubcommittee on Commerce, Manufacturing, and Trade, and he is \nvery steeped in cybersecurity issues. In that role he has been \na leading voice in Congress on the data breach issues as cyber \ncriminals focus on more fraudulent activity that affects more \nAmericans and that affects commerce. He has been a leading \nvoice with respect to the need for legislation in that area.\n    So with that, I want to recognize Congressman Burgess and \nyield him as much time as he may consume to provide some \nremarks on the issue of data breach questions he may have for \nour panel.\n    Mr. Burgess. Great. Thank you, Chairman.\n    Thank you all for being here. Thank you for allowing me to \nbe here.\n    Chairman, it is not lost on me that this is a field \nhearing, and I am sure your district is grateful that you are \ndoing it and you are here on the campus. Even though we are not \nin the Rayburn Room, Mr. Rayburn, this is his district. So it \nis fitting that we are here.\n    I do serve as the Chairman of the Subcommittee on Commerce, \nManufacturing, and Trade. We are concerned about data breach \nepisodes that have occurred and the consequent notification \nthat is or should be required for the protection of the \nconsumer when these breaches do occur. So while Chairman \nRatcliffe is Chairman of the subcommittee that deals with the \n.gov side of the world, we deal with the .com side of the \nworld. But as I tell people all the time, it doesn't really \nmatter. Data security is National security, and if you forget \nthat fact, then you are going to be upset at some point, which \nwe all found last year at tax filing time and we rather expect \nit may come up again in a couple of weeks when the income taxes \nare filed and people realize that they can no longer file their \ntaxes on-line because their accounts have been diverted in the \npast and monies have gone inappropriately.\n    The good news is the taxpayer is eventually made whole. It \ndoes take longer for them to get their refund. The bad news is \nthat the Federal Government actually is refunding that money \ntwice. It is unlikely they will recover it for the individual \nwho is inappropriately reimbursed, and this is no surprise \nbecause of the behavior of someone who would do that. Sometimes \nthey over-estimate the amount of money they are doing that \nreimbursement. So it is kind of like a double-whammy for the \nIRS. I know we got a ton of calls on that last April 15.\n    Mr. Wilson, I rather suspect that--a lot of our calls \nstarted to come from some of our local police agencies when our \nneighbors called the police department and said, oh my gosh, \nour taxes have been hacked and I have been robbed. They said, \nwell, let's call your Congressman and he will fix it.\n    [Laughter.]\n    Mr. Burgess. True, but it took some time, and it was very \nuncomfortable all around.\n    I really got interested in the data breach notification. \nAll of us are consumers, and we hear the big stories about the \nbig breaches, and then the data is taken. It is data that is at \nrisk somewhere and you don't really know what anyone is doing \nwith it. But from the consumer's perspective, when do we need \nto be notified? It almost seems like we have breach fatigue \nbecause we hear so much about breaches. I am not going to worry \nabout it anymore because I just can't worry about all of these \nthings that I am hearing.\n    So we really did try to set the parameters around a \nNational data security standard and for when that breach \nnotification threshold should be triggered, and if law \nenforcement says we need more time, that they be given more \ntime. But if law enforcement's time frame is okay, then the \nperson who was holding the data that has subsequently been \nbreached, that they have a certain time frame in which they \nmust notify the individual. Right now, the bill has passed \nthrough the subcommittee, our subcommittee and our full \ncommittee, and it is awaiting floor activity right now. That \ntime frame is set at 30 days.\n    In setting a National security standard, it is your duty to \ntread carefully because there are 51 State jurisdictions, if \nyou include the District of Columbia, more if you include the \nterritories, who may already have their own ideas about what \nthese data security standards are, and I am sensitive to that. \nThe Commerce Clause is sometimes over-used and over-interpreted \nby the Federal Government.\n    But this is one of those times when I try to envision the \nFounding Fathers sitting down and writing those Article I \nconventions: What are the powers of the Congress? The \nregulation of interstate commerce, the trade between the Indian \ntribes--well, okay, they were 100 years before the telegraph, \n150 years before the telephone, 250 years before the internet, \nbut they were probably thinking of e-commerce when they wrote \nthe Commerce Clause into the Constitution because e-commerce, \nby definition, needs to flow seamlessly across the borders of \nthose States, and the Commerce Clause was absolutely necessary \nfor e-commerce to exist. We want to be sensitive to that.\n    To the extent that a National standard is set, States do \nneed to have a big say in what that floor is that is going to \nbe established, and the State attorneys general. The provision \nthat passed through the committee, the full committee, was that \nthe Federal Trade Commission would use existing enforcement \nauthority. We did not want to create a new enforcement \nauthority because we already have enough Federal agencies. But \nthe Federal Trade Commission, using its existing authority on \ndeceptive and unfair trade practices, would exercise that \nauthority. But the attorneys general of the several States \nwould be able to bring their own cases under those FTC \nprovisions if the FTC was not moving fast enough, which will \noccur from time to time.\n    That bill has passed through the subcommittee. It is \nawaiting floor activity.\n    I wake up every morning kind-of living in fear of, when is \nthe next shoe going to drop on this? You hear about a big \ncompany, and they have been hacked, and they took all these \nrecords, and they are sitting somewhere, and nothing is really \nhappening with that. When is the other shoe going to drop on \nall of those people who were exposed in that breach?\n    The other thing that we really have just begun to scratch \nthe surface of in our subcommittee, and I know Chairman \nRatcliffe will work on it in his subcommittee, is it is \nterribly frightening to me as a physician to think about the \ndenial-of-service activity that has been hitting some health \ncare organizations. To think of having a fragile medical \npatient in the ICU, and you walk in in the morning and you say \nmay I see the chart of the overnight vital signs of my patient, \nand they say I am sorry, sir, it has been encrypted, and we \ndon't have the key. I mean, what a dreadful situation to find \noneself in.\n    Mr. Wilson, I think you mentioned it in your testimony, \nabout coming up with, how do you set the deterrence on some of \nthese activities?\n    Mr. Chairman, I would just say I think in the case of \nransomware applied to a health care organization, the \ndeterrence ought to be, ``You will be shot at sunrise,'' and \nperhaps that will do it, because this is a life-or-death \nsituation with these patients where their medical records have \nbeen encrypted by a criminal.\n    But again, very useful panel for me. We do an emergency \npreparedness summit in my district usually in April of every \nyear. I will be doing one in a couple of weeks. We live here in \nan area where severe weather can happen in the month of April. \nIt can happen any month, as we learned this year, but April is \nwhen we are most at risk for that. So I am very interested in \nsome of the things I learned this morning about--you protect \nyour systems. You conflate a denial-of-service activity with a \nSuper Bowl, and that is a big deal. You know the criminal mind \nis just ever--things spring from it all the time, and you just \ncan't help but wonder what criminals might be thinking about.\n    But let me just start with you, Mr. Davis, and your \ntraining. You mentioned you have some on-line instruction \ncourses----\n    Mr. Davis. Yes, sir.\n    Mr. Burgess [continuing]. That are available?\n    Mr. Davis. Yes, sir.\n    Mr. Burgess. Would you tell me just a little bit more about \nthis? Can average citizens access those, or is that something \nthat is perhaps reserved for the chiefs personnel in part of \ntheir professional training?\n    Mr. Davis. The average citizen, Congressman, can access \nthose, and it is good basic information. I will give a personal \nexample, and I hope my wife doesn't get to see this----\n    Mr. Burgess. It is just between us.\n    Mr. Davis. Just between us boys here, right? Okay.\n    I got an email from a friend that said, hey, be careful. \nThis is a colleague at work, and I forwarded it to my wife. As \nI was forwarding it, she was calling me or texting me to tell \nme that, hey, I just got some information, re-verify my account \nnumber, my password, my this, that, and the other. She was \ndoing a couple, 3 things. These shows that come on at 11 \no'clock, these people, okay? She had given them all her \ninformation. I said, my gosh, did you read the email I sent? \nShe didn't.\n    So when we talk about those things, when we talk about the \non-line courses, the general users, which talks about really \nthose things you need to be aware of, okay? Even now, even I am \nmore sensitized. Even when I get busy and I am looking at an \nemail, if I don't recognize somebody, I get more emails from \nauctioneers, go pick up your money at the bank, we need your \naccount because we want to deposit something, and I go delete, \ndelete, delete.\n    So to answer your question, sir, they are available on-line \nat www.teex.org, and the average citizen can access those \ncourses, and I recommend that they take them.\n    Also, last, let me say there are 3 States right now, \nArkansas, Louisiana, and Wyoming, and also a college, Fresno \nPacific University, where they are requiring their workers to \ntake our on-line courses.\n    Mr. Burgess. So part of my question, then, is do you \nprovide some credential for the person who has satisfactorily \ncompleted the----\n    Mr. Davis. Yes, sir. They get a certificate for completing \nan on-line course, and I think more importantly than the \ncertificate, they gain some knowledge that they can spread \naround geometrically about how to protect their own \ninformation.\n    Mr. Burgess. Seems like it would be a useful thing for a \nhomeowner's insurance policy. You know, sometimes we will give \na break to someone who takes a defensive driving course.\n    Mr. Davis. Yes, sir.\n    Mr. Burgess. On their automobile insurance. This might be \none of those places where the insurance company might want to \nbe proactive, and I am glad that you are providing the service.\n    Mr. Davis. Yes, sir.\n    Mr. Burgess. Is there a charge?\n    Mr. Davis. There is no charge, sir, but I think you have \njust given us an idea to really reach out to insurance \ncompanies and say, hey, here is an idea here, because you are \nright, I have done that to get that discount. Dad doesn't teach \nme to drive. I pay somebody----\n    Mr. Burgess. Very wise.\n    Chief, let me just ask you, in your previous role when you \nwere at the City of Fort Worth--of course, I don't want to get \nparochial here. Forgive me, Chairman, but we have a Super Bowl \ntwice a year in Fort Worth called the Texas Motor Speedway, and \nthat will be happening this month. The Commander 500 I think is \nthe name of the race. Do you have as many people come to the \nTexas Motor Speedway as come to a Super Bowl?\n    Mr. Greif. Yes.\n    Mr. Burgess. So even though the Super Bowl is unique, you \nhave these large, widely-attended events that happen in the \ncity of Fort Worth. I assume there has been kind of a learning \ncurve with that, but it gets back to the question that Chairman \nRatcliffe asked. How do you share that best practices \ninformation from managing those large, widely-attended events \nwith other jurisdictions?\n    Mr. Greif. I am certain it is still going on. I am actually \nglad I won't have to be part of that planning committee. We \nused to tease the Arlington folks about we do Super Bowls twice \na year, as you alluded to. It starts months in advance, holding \nmeetings. You hold these meetings so often, you start building \npersonal relationships where you get to know Captain Webster \nfrom Texas Department of Public Safety. I met more people \nthroughout the Denton region.\n    We came together and started about 3 or 4 months in advance \nof each race, and you just literally shared as much information \nas possible across lines with one another. As I said, it is so \nimportant to prepare for a cyber attack and prevent it, and you \nhave to have preparations, which I won't go into details about, \nbut what do you do when one actually occurs? You need to have \nback-up.\n    Those types of meetings are a mini-fusion center when it \nreally comes together and we sit there and spitball and come up \nwith ways to mitigate. So it is just a series of meetings, sir.\n    Mr. Burgess. Let me just ask you a question. We do have \nsome students in the audience, and you referenced the UASI \nprogram. The former mayor of Mont Creek taught me a number of \nnew words, and UASI was one of them. I thought it was a \npejorative term when he first used it because when those \ninitial grants came out, if I recall correctly, as the \nDepartment of Homeland Security was being organized, the UASI \ngrants were administered regionally. They were delivered to \nDallas and expected to be shared with Fort Worth, and I just \nremember the mayor having some issues with that.\n    But for the students here, could you kind-of go through \nwhat the UASI program is?\n    Mr. Greif. Well, a Federal program that provides funding \nfor fire and police in other jurisdictions as well, but \nobviously those are the ones I am most concerned about, and \nmany things get funded out of that, like training \nopportunities. We can hold anything from hazardous materials \nclasses, where that funding not only was paying for our \npersonnel to go get the needed training, but it was paying for \nthe backfield because you still had to have troops driving \ntrucks to keep the city safe, to hardened equipment. It is \namazing.\n    Again, some of the stuff is somewhat--I won't talk about \nnecessarily some of the equipment that was purchased to protect \nthe community, but a major expense in equipment was purchased \nfor the protection of many different types of terroristic \nactivities, and that equipment was in place in cities all \nacross central Texas because of UASI.\n    Mr. Burgess. Chairman, I will yield back to you, and if \npossible I will do a second round as well.\n    Mr. Ratcliffe. Perfect. I thank the gentleman.\n    Detective Wilson, I want to take advantage of the fact that \nyou are here on behalf of the Dallas Police Department, \nobviously one of the largest, most visible police departments \nin the United States. I am just curious if you can offer \nperspective on what the daily cyber threat looks like at the \nDallas Police Department.\n    You talked about in your testimony reliance on computer \nnetworks for operational and for investigative functions, so I \nassume that you have to take that into account in terms of the \ndaily threats that are coming into the Dallas Police \nDepartment, and also take that into account in how you are \ntraining your personnel to deal with those threats.\n    Mr. Wilson. Well, as you said, the Dallas Police Department \nis the ninth-largest police department in the country, the \nsecond largest in the State. So we act as a nexus for a lot of \ninformation sharing, as well as collection. Daily, we get \nnotifications from agencies asking for information to support \nan investigation or some type of threat that they have \nuncovered, to give them the guidance or put them in the right \ndirection, who is the expert who can go in and help them.\n    Unfortunately, the Dallas center does not have a technical \nexpert within the center that deals with cybersecurity, but as \npart of the approach to dealing with a wide varieties of crimes \nthat we deal with, we have a partnership with our Federal \nagencies, and we have an expert within the Dallas Police \nDepartment who actually works with a task force and the FBI. We \nalso have a couple of officers that deal with computers, and \nthey have been doing it for years and years. We find that as \nthey continue to perform these functions and people know the \ncapabilities that we have, we are increasingly tasked with \ntrying to assist other agencies.\n    As a fusion center director, I see most of the emails that \ncome into our center on a daily basis, so my email averages \napproximately 200 to 300 per day coming in from Federal \npartners, State partners, local partners, and from other States \nas well, trying to reach out to you, to take advantage of the \nnetwork.\n    As we look forward to increasing our ability to address the \ncyber threats, we basically have 2 problems. One is stop the \ncyber threat in itself, and No. 2 is how do you pursue the \ncyber threat actor, the person who actually committed it, and \nto what extent do we go to prosecute? That definitely leans \ntoward our Federal partners. That is their jurisdictional area. \nThey have the resources and the expertise oftentimes that we do \nnot have, and they are always looking to try to assist us in \nthese types of situations.\n    Mr. Ratcliffe. Terrific. Thank you, Lieutenant.\n    Detective, I actually had a bunch of questions for you, but \nyour testimony was so thorough that you pretty much covered it. \nI wanted to ask you about your experience with the Electronic \nCrimes Task Force and, of course, the NCFI, National Computer \nForensics Institute, which my bill would authorize into law. I \nreally appreciated your testimony. You spoke eloquently of how \nit benefitted you with respect to your career, but also \nbenefitted the folks that you serve as a detective in \nGreenville. I just think that, more than anything else, it is a \ngreat message, and I hope that as you go into retirement that \nyou will still continue to be a great ambassador because I \nthink that is what you are, an ambassador for how State, local, \nand Federal partnerships, particularly as they pertain to \nNational security issues and cybersecurity as a National \nsecurity issue, how they are supposed to work.\n    We all know that 9/11 was a communication failure in many \nrespects, and we have worked hard in trying to eliminate that, \nand with respect to the threats in cyber space and \ncybersecurity, we want to avoid a cyber 9/11, if you will. So \nsome of the programs that you have been a part of, some of the \npartnerships that you have been a part of have prevented that \nup to this point in time and, I think, can in the future.\n    So again, I just appreciate you being here today, your \ntestimony, and what you stand for in that respect.\n    I am just going to close with a question for anyone that \nwants to take it, or all of you that want to take it. We asked \nthe question about what are the key challenges, and from your \ntestimony many of you talked about the financial side of things \nand, obviously, fundamentally the role that Congressman Burgess \nand I and others in Washington can play with respect to that \nand how that affects workforce issues.\n    But are there authority issues out there that we can help \nyou with in Washington? In other words, are there things from \nan authority perspective that we should be legislating on in \nthis space that you think need to be addressed? Anyone.\n    Mr. Wilson. I would say that the proper authority for \ninvestigating cyber crimes is the way that you can get the most \nimpact, obviously, achieve a conviction. I would love the \nFederal system to stay for the day instead of 1 day or 3 days. \nSo oftentimes, when we can't get the impact to take that \noffender off the streets in a time that we consider to be \nreasonable, we turn to our Federal partners. They have a much \nwider reach, a little bit bigger handle to hit them with it. \nThey are most gracious and most times if they can do so, they \nwill. They have expanded powers. I believe that through \nlegislation you will find it will be even a stronger growing \ntrend from a local perspective to turn around and say rather \nthan a State trial, let them go and see what they can do to \nstop that behavior. That would be my perspective.\n    Mr. Waddle. I kind-of go along the same lines. We see so \nmany repeat offenders that go off and that use our State prison \nsystems as education. I think that we have to be stiffer in our \npunishments with these offenders because of the amount of \ndamage they do monetarily and even physically. So maybe some \nstiffer enforcement.\n    Mr. Ratcliffe. Thank you.\n    I again recognize my colleague for any additional questions \nhe may have.\n    Mr. Burgess. Thank you, Chairman.\n    Detective, you did an excellent job of detailing how you \nhad received the training and being able to provide protection \nfor the people of your jurisdiction. We live under the tyranny \nof the Congressional Budget Office where we work, and \neverything is looked at as a cost. But as I listened to you \nprovide your testimony, it also occurred to me that there was \nvalue brought back to your department, to Greenville, value \nback to the community, and sometimes it is very difficult to \ndissect out. When we look at something on a sheet of paper, on \na spreadsheet, it is just a cost, and we deal with this in \nhealth care all the time, and it drives me nuts. But there is \nreally no way to offset the cost with the value that you \nbrought back to your community.\n    Just as we conclude the hearing today, if there are \nthoughts that you have on that that you would like to share \nwith us about how to better tease out that value figure, \nwhether there is a fraction or a multiplier that could be \napplied. Perhaps in your experience you have encountered either \nsome examples or even a formulaic approach, this much was \ninvested in the activity that I undertook, but this much was \ndelivered back to the community.\n    Mr. Waddle. The one thing that I failed to mention in my \ntestimony was that not only do I cover Greenville, but I also \nassist the local agencies in Hunt County. Privately in our \noffice I did that, but also at the Electronic Crimes Task \nForce, we covered most of North Texas. So we assisted agencies \nfrom Denton, from Steubenville, from Tyler, Lindale, that area, \nall the way out to Texarkana. So the training that I received \nhas been able to help me help those people.\n    There is a cost, and I understand that. Again, I don't \nquestion that. We had the same problem in the city, the city \nmanager saying, well, you don't need to spend that. I \nunderstand that. But when we can benefit, and in my case, with \nthe experience that I have, when we can benefit our own \ncitizens and those around us, and they know that they have \nsomebody that they can contact to get answers, I think that the \nmoney spent is spent well because it benefits so many people in \ngetting answers to their questions and assistance in their \ninvestigations.\n    Mr. Burgess. Intangible, difficult to calculate for a \nreturn on investment, but it definitely exists, doesn't it?\n    Mr. Waddle. Exactly.\n    Mr. Burgess. Thank you, Mr. Chairman. I will yield back.\n    Mr. Ratcliffe. I thank the gentleman.\n    I thank all the witnesses that have been here today for \nyour valuable testimony.\n    Again, I thank Congressman Burgess for being here and \nbringing his insights into this important topic.\n    Other Members of this committee that aren't here today may \nhave some additional questions for our witnesses. So if that \nhappens, we will ask you to respond to those in writing.\n    Pursuant to Committee Rule 7(e), the hearing record from \ntoday will be held open for 10 days for Member statements and \nfor follow-up questions.\n    In closing, let me just again say thank you to everyone \nthat is here today, that has participated in putting this \ntogether, and thanks to everyone in Grayson County for letting \nme bring the Washington road show here to my home district.\n    With that, without objection, this subcommittee stands \nadjourned.\n    [Whereupon, at 12:22 p.m., the subcommittee was adjourned.]\n\n\n\n                            A P P E N D I X\n\n                              ----------                              \n\n       Questions From Chairman John Ratcliffe for Alphonse Davis\n    Question 1. Are State and local governments ever the target of \nnation states, hacktivists, or criminals and are they aware of and \ntaking advantage of the protections that DHS offers through its \nEnhanced Cybersecurity Services program?\n    Answer. State and local governments are targets currently under \nattack with unstructured, structured, and highly-structured attacks. \nThese attacks range from the unstructured ``script kiddies'' looking \nfor low-hanging fruit to the less-frequent, highly-structured attack \nfrom nation states looking to gather information. We are also aware of \nmotivated actors from foreign organized crime organizations utilizing \nransomware in our country, even at the local Government level--a trend \nthat seems to be growing.\n    Our experiences and relationships across the country indicate that \nthe DHS-supported NIST Cybersecurity Framework is gaining recognition \nand respect within local and State communities, as well as with small, \nmedium, and large businesses. However, widespread awareness and \nadoption of the DHS Enhanced Cybersecurity Services (ECS) is in the \nvery early stages. ECS needs more exposure in order to educate local \nand State governments on its availability and capabilities, with \nadditional information on how to request the services.\n    Question 2a. How does TEEX decide what cyber-related training \ncourses to offer? How are those courses evaluated?\n    Answer. For the development or continuation of any cyber-related \ntraining courses, we conduct a needs analysis to examine gaps in \noperational knowledge and capabilities, gathering data from National \nsurveys, utilizing publicly-available data on training needs (from \nreports such as the 2015 National Preparedness Report), and \ninterviewing State and local contacts regarding their needs. As part of \nthat needs analysis, we evaluate the scope and priority of the need, \nthe audience, the method of training delivery, and the availability of \nduplicate or similar training.\n    In some instances, the development of a new course is initiated by \nFederal partners. Most recently, the ``Physical and Cyber Security for \nCritical Infrastructure'' course was developed through a collaboration \nbetween DHS Cybersecurity and Communications and the DHS Office of \nInfrastructure Protection. They recognized the need for a better \nunderstanding of the interdependency between physical and cybersecurity \nat the local level as well as the need for communities to \ncollaboratively formulate enterprise risk management strategies, \nenhancing infrastructure security and resilience efforts. The DHS \ndepartments worked with TEEX to develop the course that meets that \nneed.\n    During the recent revision of a course on ``Community Preparedness \nfor Cyber Incidents,'' we examined the gap identified between Emergency \nManagement and Information Technology. We conducted interviews with \npeople in these disciplines to identify what they need to learn to be \nbetter-prepared for the ever-increasing and ever-evolving threat of a \nsignificant cyber incident. We are in constant communication with State \nand local governments, and they often describe what they are seeing in \ntheir communities and ask how we can assist.\n    Question 2b. Are they assessed or updated regularly, due to the \nchanging cyber landscape?\n    Answer. Our courses undergo a needs analysis and recertification \nevery 3 years in order to remain relevant and current. In addition, our \ncourses are continually evaluated through participant feedback to \nidentify improvements and updates prior to a schedule update.\n    Our program staff (instructors, curriculum developers, managers) \ndedicates a significant amount of time each week researching and \nlearning about the latest trends and threats in the cybersecurity \nlandscape. This information is used to update course content and for \nuse as updated examples in course deliveries. We also keep in close \ntouch with our DHS partners and add information to our courses about \nnew DHS resources and assistance available as we learn it.\n          Questions From Chairman John Ratcliffe for Sam Greif\n    Question 1a. How important is coordination across critical \ninfrastructure sectors for encouraging cyber resilience?\n    Question 1b. How do these efforts impact public safety \norganizations and State and local entities?\n    Answer. As you can imagine, it is vitally important that critical \ninfrastructure sectors share information about potential threats. Local \nfire and emergency medical service departments need to be warned of \npotential cyber threats, so that they can take the appropriate \nprotective action. For example, while there have been well-publicized \nstories in the media about hospitals having to deal with the effects of \nransomware incidents, local fire departments also have had to deal with \nthese problems. In January, the city of Snoqualmie, Washington, paid a \nransom of $750 to hackers that took control of a computer at the Duvall \nFire District.\n    I receive notices of possible threats from the local Plano police \ndepartment, the council of governments, and the Homeland Security \nInformation Network, among other resources. This information, and the \nlessons learned from cyber attacks, is key to preventing or mitigating \nthese threats. It is important to recognize that the ease of \nimplementing a cyber attack may encourage a lone-wolf terrorist or \ncriminal, who otherwise would not want to risk personal injury in a \nkinetic assault on a fire or police station. So we may see an increase \nin these threats in the future. Again, thank you for the opportunity to \nparticipate in the discussion on this important topic. The threat of \ncybersecurity only continues to increase. The Nation's fire and \nemergency service must be prepared for it.\n      Questions From Chairman John Ratcliffe for Richard F. Wilson\n    Question 1. Are State and local governments ever the target of \nnation states, hacktivists, or criminals and are they aware of and \ntaking advantage of the protections that DHS offers through its \nEnhanced Cybersecurity Services program?\n    Answer. The city of Dallas has in the past, and with daily \nincidents, been subjected to, and been the subject of adversarial \nattacks by foreign powers, foreign extra-territorial actors, National \nand local hacktivists, criminals and unclassifiable agents.\n    The city, in addition to local defensive capabilities, also \nutilizes the services and cyber-intelligence capabilities provided by \nDepartment of Homeland Security, DHS, and other National (private and \npublic) capabilities.\n    Question 2a. How important is coordination across critical \ninfrastructure sectors for encouraging cyber resilience?\n    Question 2b. How do these efforts impact public safety \norganizations and State and local entities?\n    Answer. It is extremely important and a necessity to have a \nstructured, systemic coordination, incident response collaboration, \nmonitoring, quality capabilities and management between the SLTT and \ncentral government.\n    The impacts these types of activities provide to public safety \norganizations, and State and local entities are more structured \nprotective strategies, more pro-active incident alerting, and responses \nthat leads to faster incident identification and management. This in \nturn ensures that outcomes of these incidents are managed effectively \nand timely, thereby ensuring that the adverse potential outcomes of \nthese incidents, do not overburden the local resources and \ncapabilities.\n         Questions From Chairman John Ratcliffe for Don Waddle\n    Question 1. How was your work with the Electronic Crimes Task Force \n(ECTF) valuable to your career as a detective?\n    Answer. In my police department, while working as a detective, I \nworked property crimes, which covers theft, criminal mischief, stolen \ncars, and fraud. Prior to being assigned to the North Texas Electronic \nCrimes Task Force, there was only a few ways for me to go at fraud. \nThis would be what I read in books or by getting guidance form our \nprosecutors. After getting on the task force I learned more by being \ninvolved in investigations with other agencies and with helping Federal \nauthorities with their investigations. I was able to share my knowledge \nwith other members of law enforcement and was also able to build up my \nknowledge in investigating fraud. I was also able, because fraud \noftentimes involves computers and cell phones, to learn about computer \nand cell phone forensics. By being assigned to the task force I learned \nmore about the crimes I was investigating, and was able to use that \nknowledge to prepare better cases for prosecution, and to bring answers \nto my victims of crime.\n    Question 2. How did your work with ECTF differ from or support your \nwork as a detective in Greenville?\n    Answer. I do not believe my work with the task force differed from \nmy work as a detective in Greenville. My job is to investigate crime \nand I did that in both places. I built a strong network of other \ninvestigators that could help me if I had a question, or I could help \nif they had a question. When I think of supporting my work as a \ndetective in Greenville, I would probably never have been able to \nconduct the investigations I conducted without the equipment and \ntraining I received as a task force member. One case in particular was \na defendant who stated he talked to another person very infrequently, \nbut when I examined both phones I was able to determine that they had \nnumerous conversations all the time. This was done using equipment and \ntraining I received while assigned to the task force. I also had \nFederal partners that could come in and help me with my investigations, \nand if need be, could assist me in preparing for a Federal prosecution \nof the case.\n    I hope that my answers to your questions provide enough information \nfor you to make important decisions related to Cybersecurity, \nInfrastructure Protection, and Security Technologies.\n    I want to stress that I am extremely grateful for having been on \nthe North Texas Electronic Crimes Task Force and the training and \nequipment that I received. The city of Greenville and all of Hunt \nCounty, Texas, benefitted from my association with the Electronic \nCrimes Task Force.\n\n                                 [all]\n</pre></body></html>\n"