[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]





                               BEFORE THE

                            SUBCOMMITTEE ON

                                 OF THE

                              COMMITTEE ON
                        HOUSE OF REPRESENTATIVES


                             SECOND SESSION


                             APRIL 14, 2016


                       Printed for the use of the
             Committee on Transportation and Infrastructure


         Available online at: http://www.gpo.gov/fdsys/browse/

                         U.S. GOVERNMENT PUBLISHING OFFICE 

99-931 PDF                     WASHINGTON : 2016 
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001       

                  BILL SHUSTER, Pennsylvania, Chairman
DON YOUNG, Alaska                    PETER A. DeFAZIO, Oregon
JOHN J. DUNCAN, Jr., Tennessee,      ELEANOR HOLMES NORTON, District of 
  Vice Chair                             Columbia
JOHN L. MICA, Florida                JERROLD NADLER, New York
FRANK A. LoBIONDO, New Jersey        CORRINE BROWN, Florida
SAM GRAVES, Missouri                 EDDIE BERNICE JOHNSON, Texas
CANDICE S. MILLER, Michigan          ELIJAH E. CUMMINGS, Maryland
DUNCAN HUNTER, California            RICK LARSEN, Washington
ERIC A. ``RICK'' CRAWFORD, Arkansas  MICHAEL E. CAPUANO, Massachusetts
LOU BARLETTA, Pennsylvania           GRACE F. NAPOLITANO, California
BLAKE FARENTHOLD, Texas              DANIEL LIPINSKI, Illinois
BOB GIBBS, Ohio                      STEVE COHEN, Tennessee
RICHARD L. HANNA, New York           ALBIO SIRES, New Jersey
DANIEL WEBSTER, Florida              DONNA F. EDWARDS, Maryland
JEFF DENHAM, California              JOHN GARAMENDI, California
REID J. RIBBLE, Wisconsin            ANDRE CARSON, Indiana
THOMAS MASSIE, Kentucky              JANICE HAHN, California
MARK MEADOWS, North Carolina         RICHARD M. NOLAN, Minnesota
SCOTT PERRY, Pennsylvania            ANN KIRKPATRICK, Arizona
RODNEY DAVIS, Illinois               DINA TITUS, Nevada
MARK SANFORD, South Carolina         SEAN PATRICK MALONEY, New York
ROB WOODALL, Georgia                 ELIZABETH H. ESTY, Connecticut
TODD ROKITA, Indiana                 LOIS FRANKEL, Florida
JOHN KATKO, New York                 CHERI BUSTOS, Illinois
BRIAN BABIN, Texas                   JARED HUFFMAN, California
CRESENT HARDY, Nevada                JULIA BROWNLEY, California
RYAN A. COSTELLO, Pennsylvania
MIMI WALTERS, California
DAVID ROUZER, North Carolina
MIKE BOST, Illinois

 Subcommittee on Economic Development, Public Buildings, and Emergency 

                  LOU BARLETTA, Pennsylvania, Chairman
THOMAS MASSIE, Kentucky              ELEANOR HOLMES NORTON, District of 
MARK MEADOWS, North Carolina             Columbia
SCOTT PERRY, Pennsylvania            ALBIO SIRES, New Jersey
RYAN A. COSTELLO, Pennsylvania       DONNA F. EDWARDS, Maryland
BARBARA COMSTOCK, Virginia           DINA TITUS, Nevada
CARLOS CURBELO, Florida              PETER A. DeFAZIO, Oregon (Ex 
DAVID ROUZER, North Carolina             Officio)
BILL SHUSTER, Pennsylvania (Ex       VACANCY


Summary of Subject Matter........................................    iv

                                Panel 1

Hon. W. Craig Fugate, Administrator, Federal Emergency Management 
  Agency.........................................................     4
Patricia A. Hoffman, Assistant Secretary, Office of Electricity 
  Delivery and Energy Reliability, Department of Energy..........     4
Caitlin A. Durkovich, Assistant Secretary for Infrastructure 
  Protection, National Protection and Programs Directorate, 
  Department of Homeland Security................................     4
Richard Campbell, Specialist in Energy Policy, Congressional 
  Research Service...............................................     4

                                Panel 2

Gerry W. Cauley, President and Chief Executive Officer, North 
  American Electric Reliability Corporation......................    28
William H. Spence, Chairman, President and Chief Executive 
  Officer, PPL Corporation.......................................    28
Bobbi J. Kilmer, President and Chief Executive Officer, Claverack 
  Rural Electric Cooperative.....................................    28


Hon. Andre Carson of Indiana.....................................    40


Hon. W. Craig Fugate.............................................    43
Patricia A. Hoffman..............................................    49
Caitlin A. Durkovich.............................................    57
Richard Campbell.................................................    65
Gerry W. Cauley..................................................    72
William H. Spence................................................    80
Bobbi J. Kilmer..................................................    90



                        THURSDAY, APRIL 14, 2016

                  House of Representatives,
              Subcommittee on Economic Development,
        Public Buildings, and Emergency Management,
            Committee on Transportation and Infrastructure,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:05 a.m. in 
room 2167, Rayburn House Office Building, Hon. Lou Barletta 
(Chairman of the subcommittee) presiding.
    Mr. Barletta. The committee will come to order. Today we 
are holding a hearing to explore a critical and timely topic. 
There have been numerous congressional hearings on 
cybersecurity and how to stop the bad guys. What has not been 
discussed in great detail is what the consequence will be from 
a massive cyberattack that brings down, for example, a large 
portion of the electrical grid for an extended period of time.
    The purpose of today's hearing is to answer an important 
question: With respect to cyberthreats to the electrical power 
system, what consequences should the Federal Government tell 
States and local governments to prepare for? In other words, 
for how many people and for how long should States plan on 
being without power?
    The Federal Government does this now for almost every 
significant hazard that we face. Whether it is a category 5 
hurricane hitting Miami or an 8.0 earthquake in Los Angeles, 
the Federal Government has realistic estimates or scenarios for 
States and cities to plan. The Federal Government does not have 
this basic planning scenario for a cyberthreat to the power 
system, and there is a huge disparity in what different groups 
think is a potential scenario for which States and local 
governments should prepare.
    And the difference would be significant for local 
governments. If the power is out for a few days, it can be an 
inconvenience, but if it is out for several weeks, or a month 
or more, the local government has to potentially plan for 
increased public safety, water treatment, sheltering, or 
evacuation, fuel delivery for generators, and many other 
    What should we plan for? Ted Koppel, in his book, says that 
we should plan on 6 to 18 months of uninterrupted blackouts. 
The industry seems to say a cyberattack could, at most, cause 
an interruption in terms of days, not weeks. And today we are 
going to hear testimony from the Federal Emergency Management 
Agency, the Department of Energy, the Department of Homeland 
Security's National Protection and Programs Directorate, the 
Congressional Research Service, the North American Electric 
Reliability Corporation, and representatives from the 
electrical industry. I hope to get an answer to this question 
for State and local governments who are on the ground and will 
be first charged with protection of people and property.
    Imagine what we would do without electricity for a day, a 
week, a month, a year. Virtually all critical infrastructure is 
dependent on the electrical grid, particularly the lifeline 
sectors: telecommunications, transportation, water, and 
financial services. And if the goal of the bad guys is to 
collapse the United States economic system, they are going to 
try to cut off the power.
    There have been reports of hacking attempts on electrical 
facilities by foreign and domestic parties. Our national 
security, public safety, economic competitiveness, and personal 
privacy is at risk. According to the Department of Homeland 
Security, the energy sector was the target of more than 40 
percent of all reported cyberattacks.
    And even more disconcerting was the December 2015 
cyberattack on Ukraine's electric grid, which affected four 
dozen substations and left one-quarter of a million people 
without power. At the same time as the attack on the grid 
itself, call centers were hit with a telephony denial-of-
service attack as customers were trying to report the outages. 
If anyone thought this was a glitch, think again.
    The electrical grid is not only under attack from 
cyberspace, the electric power sector is all too familiar with 
the devastation storms like Hurricane Sandy can leave behind, 
or physical attacks like the 2013 incident at the Metcalf 
substation in California. Thankfully, in the cases of storms 
and physical attacks, the power sector has strong plans in 
place and redundant systems to restore power quickly and to 
avoid the loss of life and property.
    But I am concerned about a cyberattack. Are there similar 
plans in place for industry and for State and local government? 
Will those redundancies provide the same types of protections?
    Most recently, I have been discussing this topic with 
constituents in my district, asking what they will do in their 
communities if the power is out for a prolonged period of time. 
Honestly, most of them don't know because we don't know what to 
plan for. We have brought together the right people here to 
tell us today.
    We are also going to discuss what preparedness looks like, 
best practices, and how we can achieve a greater level of 
readiness, all the way down to the local mayors and township 
supervisors. I am encouraged to hear all the industry talk 
about an all-hazards approach and focusing on mitigating the 
greatest risks, but I think there are some unique 
characteristics of the cyberthreat that require specific 
planning guidelines.
    I know we cannot goldplate the system, but given the 
interdependency of electricity with our daily lives, it is 
crucial that we understand the risks and be prepared for the 
likely consequences possible from the failure of that system.
    I look forward to this conversation today, starting with 
our witnesses, and I thank you all for being here.
    I now call on Ranking Member DeFazio for his comments.
    Mr. DeFazio. Thank you, Mr. Chairman. Mr. Chairman, you 
certainly laid out well the potential threats of a cyberattack 
against our critical electrical grid. We know there is constant 
probing, some of it being done by nation-states, not just 
terrorist groups, nation-states hostile to the U.S. And we need 
to be certain that we are as prepared, well prepared, as we can 
be. The Ukraine attack was perhaps a harbinger of things to 
    The--I do believe, though, that the all-hazards approach 
can also cover the cyberattack area. The issue of probably most 
immediate concern to those of us who live in the Northwestern 
United States is the threat of Cascadia subduction zone quake 
in the magnitude of 9 or 9-plus, which will inevitably knock 
out our grid. So, you know, there are going to be exercises 
conducted, two exercises this year, with the cooperation of the 
Department of Homeland Security and all the local and State 
authorities in the region to simulate what would be possible in 
the face of that sort of a disaster.
    Many of the problems that could occur will be the same. You 
know, the loss of transformers is particularly of concern, and 
I am going to be probing that issue with some of the witnesses 
today. There is a question whether the Federal Government 
should be perhaps stockpiling these transformers, since now 
they are basically custom orders. They take 6 to 18 months.
    What if we lose a dozen large critical transformers because 
of an earthquake, tsunami, or a cyberattack? You know, it seems 
to me kind of a no-brainer that we should, either through 
Government sources or through cooperation with the industry, be 
creating a critical infrastructure component stockpile here in 
the United States to deal with any and all of these sorts of 
potential attacks. And a coordinated, physical attack and 
cyberattack could, of course, be the most devastating, outside 
of a massive earthquake/tsunami. And again, many of the same 
issues arise.
    And then one that doesn't get talked about very much any 
more but we held a series of hearings on it years ago in the 
Committee on Natural Resources--then called the Committee on 
Interior and Insular Affairs--when we had jurisdiction over 
nuclear power is the potential for a bomb in place. That is, a 
nuclear plant. If you destroy the backup system--take over the 
plant, destroy the backup system and the incoming power, you 
can create a meltdown. And how good is the security at our 
nuclear plants these days? I know this hearing isn't going to 
get to that topic, I am not certain it is even within our 
jurisdiction, but it is of concern to me, and I just wanted to 
raise that issue, too.
    So, like aviation, you know, electricity, the grid, the--
and nuclear plants are of interest to terrorist groups and 
hostile nation-states, so we have got to be prepared. So I am 
pleased you are holding this hearing today.
    Mr. Barletta. Thank you. We will have two panels of 
witnesses today. And on our first panel we will have 
Administrator Fugate, the current Administrator of the Federal 
Emergency Management Agency, the Federal coordinator for 
consequence management; Assistant Secretary Hoffman from the 
Department of Energy's Office of Electricity Delivery and 
Energy Reliability--this is the office charged with 
coordinating the Federal efforts to facilitate the recovery 
from disruptions in the emergency and the energy supply; 
Assistant Secretary Durkovich, the Assistant Secretary for 
Infrastructure Protection from the Department of Homeland 
Security; and Mr. Richard Campbell, an expert at the 
Congressional Research Service in the electric power sector.
    On our second panel we will be joined by Mr. Gerry Cauley, 
the president and CEO of the North American Electric 
Reliability Corporation, the international regulatory authority 
whose mission is to assure the reliability of the bulk power 
system in North America; Mr. William Spence, CEO of the PPL 
Corporation, one of the largest investor-owned utility 
companies in the United States; and Ms. Bobbi Kilmer, president 
and CEO of the Claverack Rural Electric Cooperative, a 
nonprofit electric utility serving 2,250 square miles in 
northeastern Pennsylvania.
    I ask unanimous consent that the witnesses' full statement 
be included in the record.
    [No response.]
    Mr. Barletta. Without objection, so ordered. Since your 
written testimony has been made a part of the record, the 
subcommittee would request that you limit your oral testimony 
to 5 minutes.
    Let's start with our first panel. Administrator Fugate, you 
may proceed.


    Mr. Fugate. Thank you, Mr. Chairman, Ranking Members, 
Members. I want to address your questions. What does a local 
official need? What do they need to plan for? And I think, 
based upon our experiences dealing with other hazards that have 
caused disruptions, planning needs to be measured in weeks, 
particularly if there is damage to infrastructure. And again, 
with cyber, we have seen restoration potentially very quickly 
if there is not physical damage. But if you do have damage to 
things like very large transformers or generator capacity, that 
will extend it.
    We do know that it is important that in an initial 
response, that you provide for safety and security. When lights 
are out, power is out--we have had major metropolitan areas go 
through this--you have a flurry of activity with people trapped 
in elevators, traffic control, and the fact that initial 
response may mean going out on patrol and looking for problems, 
rather than waiting for the traditional call to 911, which may 
or may not be impacted, as you have pointed out before, with 
denial-of-service attacks.
    Your next steps are pretty much, again, as the ranking 
member points out, all hazards. You have to then provide for 
the most immediate needs. Hopefully, your critical 
infrastructure has power and emergency power, you have the fuel 
supply you need. We have found in many cases communities 
haven't planned for that. Either they don't have critical 
equipment on backup power or they don't have adequate fuel 
supplies--usually only enough fuel to run their weekly or 
monthly test, but not to operate in a crisis.
    Generators are very expensive. And so, in many cases, there 
are other options, such as putting in transfer switches. The 
idea is what are the things that are required to keep the 
community up and running until power can be restored that are 
lifelines? Water systems, wastewater treatment, communications, 
your hospitals, and your 911 and other dispatch facilities. 
Generally, these have emergency power, but it has to be planned 
for real, not that it just works during the monthly test.
    And then, as you have pointed out, Mr. Chairman, the 
duration now starts driving additional issues. As we saw in New 
Jersey and New York, the longer you have power disruptions, the 
more you have cascading effects, from everything to not being 
able to get to retail stores, grocery stores, others, gasoline 
distribution. And again, as a community starts to try to 
recover and get back to normal, these all become challenges.
    So, the planning really is based upon safety, keeping your 
primary life support systems up, focusing on the restoration of 
the grid, and the reality that your residential areas will 
probably be last to get power because you are going to try to 
get your retail sectors and major core centers up first.
    The industry has shown a lot of resiliency capabilities of 
doing those things in physical destructions. And we think that 
the lessons we have learned there would apply, again, to cyber. 
But cyber has a lot of unknowns. And I will defer to my experts 
to my left on what those impacts are, the potential threats, 
and how likely these are.
    But you said how big is big. We actually looked at a 
natural phenomenon that is actually big, and that would be 
geomagnetic storms. Because of the way our grid is built, and 
the vulnerabilities to very large transformers, this 
administration has already developed a working plan of what we 
would do in the event of major geomagnetic storms, its impacts 
on satellites and terrestrial systems.
    We are working currently now on the lessons from the 
previous power outages on the annex to add to the National 
Response Framework to look at the power outages because of a 
lot of the unique capabilities the Federal Government brings, 
but also this has got to be a true working relationship with 
the utilities. We cannot do this separate. It is a partnership. 
It has got to involve all levels, because the primary place we 
regulate power is at the States, through the, you know, utility 
regulatory operations the--State managed.
    That framework this summer will be going to our senior 
leadership in the agencies to begin that process of concurrence 
and updating it, but it serves as a framework if something was 
to happen now, based upon our lessons from Sandy, and going all 
the way back to previous hurricanes and other disruptions.
    But the challenge is, I think, for people to look at 
planning not for what they do every day, but what would happen 
if power was out for not just hours but days or weeks. Do they 
really understand what their capabilities are, and the things 
they need to do to ensure that their critical lifelines have 
enough power?
    And trust me, sir, I have been through enough hurricanes to 
find out too many facilities only had enough emergency power to 
pass whatever requirements were there, but under full load in a 
crisis they failed. They didn't operate them under loads, they 
didn't maintain enough fuel in the systems for that. They did 
not have contracts for firm deliveries when the crisis 
occurred. So you really need to get people to focus on this, 
that if you are going to provide emergency power it has got to 
be for real, and it has got to be able to operate for long 
periods of time.
    And you need to really plan for this from the standpoint of 
a phased approach, because oftentimes when this starts we don't 
know how long it is going to be out. So we have immediate 
response steps, but you also need to start asking the question 
if power isn't on in 72 hours, what are the next things we have 
to focus on? If we are out for a week, what are the next things 
we have to focus on?
    But I think the story from industry is also good. We have 
learned a lot about how to get systems back up. We have learned 
how to bypass fail systems. And, in many cases, the automation 
has replaced the man in the middle. And sometimes we have to 
put people back in and run less efficient systems, but we can 
get power back.
    So I think there is both a good news story, but there is 
still a lot that we don't know. So against that we are not 
going to be able to write a plan for everything that can 
happen. We need to write plans based upon consequences. And 
again, as we have a better understanding of the duration of 
impacts, that will help us shape that guidance to State and 
local officials for dealing with extensive power outages, 
pretty much irregardless of the cause of it, but really looking 
at it over the time phase of what would be happening and what 
the next steps are.
    But again, a lot of the lessons have been learned from 
natural hazards. The question in cyber is how widespread and 
how many jurisdictions simultaneously will be impacted. That is 
probably the one difference that a physical specific such as a 
hurricane or earthquake--we know the geographical area, which 
cyber--it won't be defined by political or physical boundaries, 
it would be systemwide. And that is another area that we ask 
questions about.
    But not much dissimilar to the threat from geomagnetic 
storms. That is a hemispheric risk, and that is probably--when 
you--outside of a A&P detonation in space, it is probably the 
largest potential impact to the utilities, and again, a lot of 
work has been done to minimize those impacts.
    So, Mr. Chairman, I stand ready for questions, but I wanted 
to try to answer your questions in my opening statements.
    Mr. Barletta. Thank you for your testimony. Before we move 
on I want to recognize the ranking member of the subcommittee, 
Mr. Carson, for his opening statement.
    Mr. Carson. Well, Chairman Barletta, thank--we had a 
hearing with the CIA [Central Intelligence Agency] Director and 
I didn't have access to my phone. And then, when I finally 
escaped I saw the messages. But my apologies. But I want to 
thank you guys.
    Chairman, I think--for the sake of time, I think we should 
still continue, because I was the one who was late, so thank 
    Mr. Barletta. Thank you. We will now move on to Assistant 
Secretary Hoffman. You may proceed.
    Ms. Hoffman. Chairman Barletta, Ranking Member Carson, 
members of the subcommittee, thank you very much for focusing 
attention on the importance of being prepared for an outage, 
and for the opportunity to discuss the Department of Energy's 
role in helping ensure resilient, reliable, and flexible 
electricity systems in an increasingly challenging environment.
    Our economy, national security, even the health and safety 
of citizens depend on reliable delivery of electricity. The 
mission of the Office of Electricity Delivery and Energy 
Reliability is to strengthen, transform, and improve our energy 
infrastructure to ensure access to reliable, secure, and clean 
sources of energy. We are committed to working with our public 
and private sector partners to protect the Nation's critical 
energy infrastructure, including the electric power grid, from 
disruptions, whether it be caused by natural or manmade events, 
including severe weather, physical attacks, and cyberattacks.
    A crucial factor in meeting these challenges is to be 
proactive, and cultivate what I call an ecosystem of 
resilience, a network of owners and operators, regulators, 
vendors, Federal partners, and consumers acting together to 
strengthen our ability to prepare, respond, and recover. Our 
organization works on indepth strategies, products, and tools 
to inform and educate State and local officials in their energy 
emergency preparedness activity. This is done through forums, 
trainings, and tabletop exercises that include Federal, State, 
and local energy officials.
    In the area of cybersecurity, as part of the 
administration's effort to improve electricity subsector 
cybersecurity capabilities, the Department of Energy and 
industry partners have developed the Electricity Subsector 
Cybersecurity Capability Maturity Model. This is an evaluation 
tool that helps organizations prioritize and develop 
cybersecurity capabilities.
    In April, DOE [Department of Energy] will lead Clear Path 
IV in Portland, Oregon, and Washington, DC. Clear Path is an 
interagency exercise focused on testing and evaluating the 
energy sector roles and responsibilities and response plans 
utilized for a Cascadia subduction zone 9.0 earthquake and 
tsunami. When a response is required and needed, the Department 
of Energy serves as lead agency for this response under the 
National Response Framework and under FEMA's [Federal Emergency 
Management Agency's] leadership.
    The Department of Energy works with industry and Federal 
partners to assess the impacts of disaster on local and 
regional energy infrastructure, coordinate delivery of assets, 
monitor and report on restoration efforts, and provide regular 
situational awareness to key decisionmakers in the States, the 
White House, and our interagency partners.
    DOE also provides strategic leadership by requesting and 
facilitating the development of an energy Information Sharing 
and Analysis Center, as well as the development of an 
Electricity Subsector Coordinating Council. This council is a 
group of leaders from across the electric sector that meet 
regularly with Government to coordinate and share information. 
When power goes out, the local utility is the first responder. 
Should any threat or emergency exceed the capability of any 
local or private-sector resources, the Federal Government and 
the electric sector, through the council, will engage in 
coordinating a response to this type of a crisis.
    Congress enacted several important new security measures in 
the FAST Act [Fixing America's Surface Transportation Act]. 
This act affirms DOE's responsibility in cybersecurity 
coordination, oil and gas information sharing, and the 
development of a transformer reserve plan. In addition, the 
FAST Act provides the Secretary of Energy with a new authority: 
Upon declaration of a grid security emergency by the President, 
the Secretary can issue orders to protect and restore critical 
electric infrastructure, or defense critical electric 
infrastructure. This authority allows DOE to respond as needed 
to cyberthreats or physical threats to the grid. The Department 
is actively engaging in the process and procedure for 
implementing this new authority.
    The keys to strengthening resilience are not only 
understanding threat insight and response, but it is also 
through innovation. Advanced technology and innovation in 
cybersecurity storage microgrids will also help the industry 
get ahead of these risks.
    In conclusion, the threats will continue to evolve. DOE is 
working diligently to stay ahead of the curve. To accomplish 
this we must invest in resilience, encourage innovation, and 
use the best practices to help raise the sector's cyber and 
physical security maturity, as well as strengthen local 
incident response and recovery capabilities.
    Thank you for your time. And this concludes my remarks. I 
look forward to any questions you have.
    Mr. Barletta. Thank you for your testimony, Assistant 
Secretary Hoffman.
    Assistant Secretary Durkovich, you may proceed.
    Ms. Durkovich. Good morning, Chairman Barletta, Ranking 
Member Carson, and members of the subcommittee. My name is 
Caitlin Durkovich, and I am the Assistant Secretary for 
Infrastructure Protection within the National Protection and 
Programs Directorate at the Department of Homeland Security. 
Thank you for the opportunity to discuss how NPPD, which leads 
the national effort to secure and enhance the resilience of our 
Nation's infrastructure, fulfils its responsibility to support 
the Federal Government's preparedness for, response to, and 
recovery from all-hazard events, including the physical impacts 
of cyber incidents.
    I want to begin by acknowledging that protecting the 
electric grid is a top priority of this administration and of 
the Department of Homeland Security. It is also worth 
underscoring, as you will hear from our industry partners 
later, that the grid, by its very design, is resilient. It is a 
complex network of electric infrastructure assets that has 
built-in redundancies and can adapt to rapidly changing demand, 
load, climate, and a host of other factors.
    In short, the electric grid has been engineered with one 
principle in mind: reliability. Thousands of companies work 
together with the Government to run the most reliable grid in 
the world. And while over 85 percent of the Nation's 
electricity infrastructure is in private hands, the Federal 
Government recognizes we must work in partnership with industry 
to protect our grid because of its importance to national 
security, economic prosperity, and community resilience.
    I have the privilege of working with industries that span 
the 16 critical infrastructure sectors, and can say with 
confidence that the electric industry takes a multilayered 
approach to risk management, and is committed to continuous 
adaptation, based on lessons learned from real-world events and 
exercises, and an understanding of the dynamic risk 
environment. Industry and Government acknowledge, however, we 
cannot stop every threat and natural hazard, and that we must 
be prepared to respond to a range of events and their 
    The Federal Government's voluntary partnership with the 
electric sector, which is defined under the National 
Infrastructure Protection Plan, reached new levels in 2012 
following two important events. The first was a report 
published by the Presidential advisory committee, the National 
Infrastructure Advisory Council, in 2011 on the resilience of 
the electric and nuclear sectors, and called for the most 
senior executives from industry and Government to convene on a 
regular basis to craft a risk management agenda that was 
reflective of the increasingly chaotic threat environment.
    Nearly a year later our country awoke to the scenes of an 
earthquake, tsunami, and subsequent failure at the Fukushima 
Nuclear Power Plant in Japan that put new emphasis on the need 
for the public and private sector and the United States to come 
together to plan for a catastrophic national incident.
    For nearly 4 years now, 30 CEOs representing the breadth of 
the electric power industry have comprised the Electricity 
Subsector Coordinating Council, and meet regularly with their 
counterparts at DHS [Department of Homeland Security], DOE, and 
other members of the interagency to address the growing number 
of sophisticated factors that put our grid at risk. This risk 
management approach is focused on ensuring that the 
consequences of the most catastrophic events are minimized, and 
that the value of our relationship is strengthened by 
identifying joint priorities enabled by robust information 
sharing, continuous planning, and regular testing and exercise 
of these plans.
    Projects conducted through this partnership include action-
oriented information sharing around physical and cyber events, 
including black energy: a 2013-2014 security outreach campaign 
around threats to substations recommended security best 
practices and the importance of reporting suspicious activity; 
an Electricity Subsector Coordinating Council playbook, which 
is a crisis management framework to enable senior executives 
from industry and Government to coordinate effectively on 
response and recovery issues; as well as work by DHS and DOE 
with the Electricity Subsector Coordinating Council on efforts 
to institutionalize coordination with other lifeline functions.
    In addition to our ESCC [Electricity Subsector Coordinating 
Council] work, DHS works directly with owners and operators to 
help enhance their security and resilience posture, understand 
dependencies and interdependencies, and exercise with their 
State, local, tribal, and territorial partners for a range of 
possible scenarios. This engagement would not be possible 
without a cadre of security specialists around the country who 
engage with asset owners on a regular basis to help them 
understand the risk posed by cyber and physical threats, 
perform assessments, share information, and ensure they are 
connected to the broader homeland security community to include 
State and local officials.
    NPPD also works with partners across the Government in the 
event of a needed response to a major disaster or attack 
resulting in a failure of the electric grid. NPPD supports FEMA 
during response operation, and helps provide an understanding 
of the infrastructure of concern in an impacted area, and 
decision support in prioritizing restoration and recovery, as 
well as ensuring the resilience of our communications 
    During a cyber or communication incident, NPPD's National 
Cybersecurity and Communications Integration Center is able to 
coordinate with State, local, and private-sector partners, 
including law enforcement and intelligence communities, so that 
the full capabilities of the Federal Government can be brought 
to bear in a coordinated manner.
    The Industrial Control Systems Cyber Emergency Response 
Team is the response component of the NCCIC [National 
Cybersecurity and Communications Integration Center] and 
provides on-site support to private-sector industrial control 
system owners and operators.
    In conclusion, Government and industry have engaged in an 
unprecedented effort to assess and mitigate the risks from 
cyberattacks, physical sabotage, and natural disasters, all of 
which can result in disruptions to the electric grid. In a 
major step toward this unified approach, the Department 
proposed to transition NPPD to an operational component, the 
Cyber and Infrastructure Protection Agency. This transition 
would elevate cyber operations and provide more comprehensive, 
coordinated risk management support to our stakeholders that 
reflect the growing convergence of cyber and physical threats.
    Chairman Barletta, Ranking Member Carson, and members of 
the subcommittee, thank you again for the opportunity to appear 
before you today and to discuss NPPD's efforts in managing the 
physical consequences of cyberthreats.
    I look forward to your questions.
    Mr. Barletta. Thank you for your testimony, Ms. Durkovich.
    Mr. Campbell, you may proceed.
    Mr. Campbell. Good morning, Chairman, Ranking Member, and 
members of the subcommittee. My name is Richard Campbell. I am 
a specialist in energy policy for the Congressional Research 
Service, CRS. On behalf of CRS I would like to thank the 
committee for inviting me here to testify today.
    My testimony will provide background on the possible 
consequences of a failure of the electric grid, the roles with 
respect to parties, and some of the objective challenges in the 
recovery efforts. I should note that CRS does not advocate 
policy or take a position on specific legislation.
    Electric power generation is vital to the commerce and 
daily functioning of the United States. While the electric grid 
has operated historically with a high level of reliability, 
various parts of the electric power system are vulnerable to 
failure due to natural, operational, or manmade events. Natural 
events include severe weather and even solar storms. 
Operational events can result from failures of grid components 
or systems. And manmade events would include actual attacks on 
the grid. The extent to which these events could damage the 
grid would depend upon the severity of the incident.
    Much of the infrastructure which serves the U.S. power grid 
is aging. As the grid is modernized, new technologies utilizing 
two-way communications and other digital capabilities are being 
incorporated with Internet connectivity. While these advances 
can improve the efficiency and performance of the grid----
    Mr. Barletta. Mr. Campbell, excuse me. Can you pull the 
microphone just a little closer? Thank you.
    Mr. Campbell. While these advances can improve the 
efficiency and performance of the grid, they may also increase 
its vulnerability to cyberattacks launched from the Internet.
    In 2014 the National Security Agency reported that it had 
seen intrusions into industrial control systems with the 
apparent technical capability to take down the controls to 
operate U.S. power grids, water systems, and other critical 
infrastructure. Although there has not been a cybersecurity 
event resulting in a power outage in the United States, the 
potential still exists for such attacks to cause a wide-scale, 
long-lasting outage.
    The first blackouts attributed to a cyberattack happened in 
Ukraine in December 2015. The attack targeted industrial 
control and operating systems in multiple regional utilities. 
Other critical infrastructure was also targeted, apparently in 
an attempt to impair recovery efforts. A report released by the 
National Research Council in 2012 concluded that well-informed 
terrorists could black out a large region of the country for 
weeks or even months. It said that if such an attack occurred 
during times of extreme weather, hundreds or thousands of 
deaths could occur from heat stress or extended exposure to the 
cold. A systematic attack of this sort could cost the U.S. 
economy hundreds of billions of dollars.
    Recovery from a well-planned cyber and physical attack on 
the grid could be complicated by the cost and vulnerability of 
critical components. For example, the strategic destruction of 
a number of critical, high-voltage transformers could use up 
the limited inventory of spare units, and it may take months or 
even years to build new units.
    The electric utility industry generally prepares for 
outages from weather-related events, and views the potential 
for a major cybersecurity attack or similar event as a low-
probability risk. If an event is severe enough to be a 
federally declared disaster, then FEMA, the Federal Energy 
Management Agency, can provide financial assistance to eligible 
utilities for the recovery effort.
    And in 2015 Congress gave the Department of Energy new 
authority to order electric utilities and the North American 
Electric Reliability Corporation, NERC, to implement emergency 
security measures in the Fixing America's Surface 
Transportation Act.
    However, given the potential for damage to the Nation's 
economy from a major attack on the grid, some might suggest 
that the greater focus on recovery is needed, and should become 
as much a part of the grid security strategy as the efforts to 
secure the grid. A focus on recovery should consider the mutual 
dependence and implications to other critical infrastructure of 
an electric grid failure, and how quickly such impacts could 
proliferate, if not planned for in advance.
    Congress may also want to consider how the grid of the 
future will address cyber and physical security concerns. 
Incorporating elements to increase system resiliency as it 
develops will aid in reducing the vulnerability of the system.
    Finally, NERC has stated that after a major grid 
disruption, restarting generation and energizing transmission 
and distribution systems will be a first priority. Restoring 
service to communications systems, fuel, water supply and 
treatment and hospital customers will be a secondary priority. 
Congress may want to consider how planning for the subsequent 
restoration of services would proceed to ensure that all 
civilian communities are kept informed, and they are treated as 
equitably as possible in disaster recovery efforts.
    This concludes my brief remarks. I look forward to your 
    Mr. Barletta. Thank you for your testimony, Mr. Campbell. I 
will now begin the first round of questions, limited to 5 
minutes for each Member. If there are additional questions 
following the first round, we will have additional rounds of 
questions as needed. And I will start with Administrator 
    Could you please walk the committee through a timeline of 
consequences that we could expect to experience in the event of 
a large-scale and a prolonged power outage which is the result 
of a combined cyber and physical attack?
    Let's assume over 10 million people are out of power in the 
Northeast and it lasts for over a month.
    Mr. Fugate. The first thing----
    Mr. Barletta. I am not talking about how to turn the power 
back on. But what consequences will State and local governments 
and residents have to deal with because the power is out? And 
this is my concern. I am going to put my mayor's hat back on. 
And, you know, I have been listening to a lot of how prepared 
we are, what we can--what is typical, what is unlikely, and 
what we are going to do. But I am not convinced that we have 
connected the dots all the way down to the local government.
    I haven't talked to a mayor or a township supervisor yet. 
When I ask them the question, ``In the event of an unusual and 
an unlikely event that power is out in a cyberattack, how long 
are you prepared to provide services?'' nobody can give me that 
answer. You know, I know it is an unlikely event. So was the 
chance of two planes running into the twin towers in New York, 
very unlikely.
    So, that is what I am hoping to get at today is, for 
example, in the first few days--because these are the people--I 
was a mayor. When something like this happens there is going to 
be panic, and people are going to want to know how long can we 
expect--and I don't know if anybody has yet given me a clear 
    In the event of both a physical attack and cyberattack, the 
worst-case scenario--very unlikely, very unusual, but still, as 
a mayor and a supervisor, I want to be prepared for that worst-
case circumstance. So, for example, in the first few days there 
will be thousands of people stuck in elevators. After 3 or 4 
days, hospitals and other critical infrastructure will need 
fuel for generators. After a week, clean water and waste 
disposal may be--may have serious problems. And at some point 
people may start to self-evacuate in large numbers.
    Please walk us through that timeline of increasing 
consequences, as the duration of this scenario increases.
    Mr. Fugate. Mr. Chairman, first challenge, having actually 
had this happen during accidents where human error causes power 
outages, we don't know at first how long it is going to be out. 
And oftentimes you only know that you are having power outages; 
you are not aware of what is happening outside. Situation 
awareness will be key, because your initial response will not 
be any different.
    We have had numerous communities go through power outages 
very substantial that resulted in having to do mass rescues and 
elevator operations, deal with the traffic control issues, 
hitting at commuter times with commuter rail being knocked off 
with electricity. We have seen those. I think most communities 
that are doing effective planning, those are things that they 
will be doing almost from the beginning. What is critical--and 
this goes back to what my partners to the left will be focused 
on--is this a short-term duration or is it longer.
    We faced this in Florida, actually, when I was still in the 
State. We had power knocked out that was not occurring in any 
set pattern. It was occurring all over the State 
simultaneously. We didn't know what was going on. By the time 
we had situational awareness, the next question was, ``Will 
this go into the night hours?'' Because if so, the Governor 
will call out the National Guard to provide additional law 
enforcement support.
    And so, again, you start focusing on those immediate things 
of life safety. Also safety in your communities, because when 
you lose power and you start seeing those disruptions, you have 
to provide a much more visible form of policing and give people 
a sense of safety in their communities. That is going to 
require more manpower, more people on the streets. You start 
looking at my generators are now running, what systems will 
need refueling next? Is it going to be the next 72 hours?
    And this is something I think is important. I learned this 
the hard way. A lot of communities do not plan for refueling in 
a crisis. And there are certain contractual things you have to 
have to make sure you get deliveries, and those deliveries to 
suppliers may not be local. Again, if you are talking 10 
million people, we were shipping fuel as far away as 
Philadelphia back into New Jersey and New York to provide gas. 
We found all kinds of regulatory challenges.
    But again, you start going, ``OK, my first step is pretty 
much my emergency response. My next step is the next 72 hours. 
Which of my critical facilities will start running out of fuel 
or are having generator problems?'' This is--by this time we 
would hopefully have assessed this is a much larger event than 
local. We start looking at mobilizing resources from the 
outside, generators, fuel, other things to keep those on.
    It is key to keep the water systems and wastewater running. 
Electricity has got a lot of problems, but water and wastewater 
are almost impossible to make up the differences in dense 
populations. There is not really a good way to manage that if 
those systems go offline for extensive periods of time. And so 
you continue to escalate.
    Once you get to past my 72 hours--and I am starting to talk 
my first week--now you start really looking at what does the 
retail sector supply chain look like. Florida learned this hard 
lesson, that many of our gas stations, grocery stores, and even 
pharmacies now have emergency power, they have transfer 
switches because, as we were dealing with power outages 
measured in weeks, literally, from hurricanes--and some of our 
duration of outages actually went to almost a month--we found 
that retail was doing a lot of things that we had to start 
supporting because they were bringing in generators, they were 
getting themselves back open.
    But we weren't doing it as a partnership, we actually found 
ourselves competing with them. So you really want to plan this. 
And I think most communities, that initial response, if they 
have got good plans, they have done this, or they are prepared 
to do it. It is once you get past 72 hours that I think that 
they really need to start thinking through their plans. Where 
are they going to get fuel? What kind of things do they have to 
keep up? And then where will be the next points?
    As we saw with New Jersey and New York, initially it was 
the rescues and the trapped people and stuff like that. A lot 
of people evacuated. But then it became the fuel, it became 
pharmacies, grocery stores. And so you started seeing cascading 
effects. And again, those are the things I think that, once you 
are past 72 hours, you need to start planning out, OK, I am out 
for 1 week, I am out for 2 weeks, I am out for 3 weeks. How 
much of my core am I bringing up?
    Again, the utilities aren't waiting. They are not going to 
be nothing happening for a month. But you are not going to get 
power back to everybody, and you are not going to get power 
back particularly to a lot of your residential areas. So can 
you get enough life support back up and running where people 
that still don't have power can get the essentials? It won't be 
easy, it will be difficult.
    But the thing here now is to continue to trade off. Where 
can I make activities to buy more time to keep my population 
stable? Evacuations, maybe self-evacuating. Where people have 
that option, they will. But you won't see large numbers, 
because it is unlikely in widespread outages there is going to 
be places to go to.
    So again, it becomes this time of stabilization, continue 
to look at the down-range impacts, what we are able to bring 
up, where we prioritize that. But the reality is that almost 
all these scenarios, including the cyber as well as the 
physical, residential areas are probably going to be the last 
ones to get that power. So can you get enough life support and 
infrastructure going to keep the major supply lines up? And you 
are not going to have everything. You are not going to have 
what the normal consumption rates are. You may have to do what 
Governor Christie did and go with rationing of gasoline to 
start normalizing what is available versus demand signals.
    But this means you have to plan out not just the power went 
out, but now what are the impacts of that as you go through--
and then, hopefully, this is what our partners are working on, 
is to give you better information about how much time are we 
talking about before key systems come up. When will we get the 
final power turned back on? Because in the absence of 
information, I think that generates its own problems. If we 
know that it is going to be out for 3 weeks, we can plan. 
People are more resilient than we give them credit for. But the 
lack of information, that in itself becomes a challenge.
    So I ran over my time, Mr. Chairman, but I was trying to--
    Mr. Barletta. That is OK, because it is important, because 
that is what I am trying to get at, is are these 
conversations--and who is responsible for these conversations 
with people at the local level, because this is an unknown. If 
there is a storm coming, a hurricane, an ice storm, a--we are 
prepared for that. We can expect--we know what is coming. An 
earthquake, not so. You don't know it is coming, but still we 
have experience with that. But a widespread cyberattack with a 
physical attack attached to it is unknown. And who is having 
that conversation with people at the local level that--we don't 
know. It could be out a week, it could be out longer than a 
week. You need to be prepared.
    And are those conversations actually happening? I don't--I 
am not convinced that they are. And that is where the life will 
be lost. And I think we need to begin to find out how do we 
connect the dots. Who is responsible for having those 
conversations down at the lowest level of the people who will 
be first charged with trying to protect lives.
    I am going to turn to Ranking Member Carson for his 
    Mr. Carson. Thank you very much, Chairman Barletta. Madam 
Hoffman, your testimony notes that the Department's research 
and development activities with respect to developing spare 
transformer components, what is the cost to manufacturers when 
we are making these alternative components? And has a domestic 
manufacturer been identified so that we can ensure that there 
is no disruption to its prior usage?
    Ms. Hoffman. So thank you very much for the question. 
Transformers are a very critical component to the electric 
sector as was stated in the testimonies and some of the 
conversations earlier.
    With respect to transformers, the price of a transformer 
ranges anywhere between $5 million and $10 million. And so 
these are significant components. So what is our research 
program, or what are the activities looking for, dealing with 
the transformer issues? It is, first of all, looking at the 
spare components that--and the spare transformers that industry 
has, and then industry is looking at having spare capacity on 
their system.
    We are also looking at how do we develop the next 
generation transformer, which might be a transformer that you 
have the ability to produce more quickly, and also have more 
standardization and flexibility. So that includes, in our 
research component, the development of power electronics and 
hybrid transformers.
    Our 2017 budget request has a very strong program looking 
at transformers, which is about $10 million, in which we are 
going to look at developing the next generation transformers, 
as well as doing testing of transformers to make sure we 
understand any vulnerabilities that may exist.
    Mr. Carson. Thank you. Administrator Fugate, in the event 
of a widespread outage, what are FEMA's plans for communicating 
with citizens on response and recovery efforts when there is 
essentially zero electricity?
    Mr. Fugate. Not much different than what we have faced in 
other significant outages. We have a variety of tools.
    First of all, within the emergency alert system, the radio 
stations, TV stations, many of the--that have emergency power, 
TV stations partner with radio stations. We can get signals. 
And in addition, if we lose a--and this will be something that 
we will be looking at in Oregon during the Cascadia--it is not 
uncommon that you are going to lose radio and TV stations in 
the area of impact.
    But we work with the FCC [Federal Communications 
Commission] for the nonimpacted stations to increase power to 
get signal back in. That is why we continue to encourage 
people, have that battery-operated radio. That is why we 
encourage the idea of FM chips in cell phones, because we can 
get signals in from the outside, but people need to receive it 
to get the information.
    But part of this is going to be where the information is 
coming from. We are going to be working through the Governor's 
office because Governors and their teams are going to be the 
best information at the local level. Our job, really, on the 
Federal side is to provide the backup and tools required. And 
we are prepared to work with the FCC and broadcasters to get 
signal from the outside. In addition, we have gone as far--and 
we did this in the Sandy response--bring in satellite 
communications and set up WiFi in some of the areas that have 
lost some of the cellular communications.
    But we have another backup, and, self-disclosure, I am an 
amateur radio operator. But I think sometimes the more we look 
at the complexity of our risk, we forget that we have some very 
resilient systems that aren't part of Government, but they 
oftentimes are the last thing running when everything else has 
failed. So we look from everything from our systems and 
satellite technology, working with nonimpacted stations how to 
broadcast in, amateur radios are all part of that.
    But it is important that people take the steps to be able 
to get the information when we can get the signal in, and that 
is why it may seem very passe in an area of streaming 
everything that a battery-powered radio may be that lifeline of 
communication link to get information, because we have seen, 
even in large-scale--like Katrina--stations outside the area 
get broadcast in, but you had to have a way to receive the 
    Mr. Carson. And lastly, Madam Durkovich, have our most 
critical transformers and substations within the bulk power 
system been identified so that we have a clear comprehension of 
system dependencies? And even cascading impacts from a 
widespread power outage, regardless of the cost?
    Ms. Durkovich. Thank you very much for that question, 
Ranking Member Carson.
    We work very closely with the utility owners, with our 
partners at DOE, as well as NERC and FERC [Federal Energy 
Regulatory Commission], to understand the most critical aspects 
of the electric grid. We have a number of programs that we 
leverage to help assess the vulnerabilities of these particular 
assets, and to work with owners and operators to help enhance 
the security and resilience to provide recommendations. But 
equally important, as you will hear later from Gerry Cauley, 
who is the president and CEO of NERC, we have a series of 
standards that are intended to guide the security of some of 
these most critical assets.
    Increasingly within my office we are working to better 
understand the dependencies and interdependencies on some of 
these critical energy assets to be able to visualize what an 
outage is--the impacts it is going to have to other key 
lifeline sectors, and to be able to provide that information as 
leaders to include Administrator Fugate and those of the 
utilities working to get power restored. Thank you.
    Mr. Carson. Thank you, ma'am.
    Chairman, I yield back.
    Mr. Barletta. Thank you. The Chair recognizes Mr. Meadows 
for 5 minutes.
    Mr. Meadows. Thank you, Mr. Chairman, for this important 
topic. I think this is one of the interesting aspects that I 
get asked about more than anything else.
    Let me tell you why I am a little bit troubled here today 
is that I hear a lot of rhetoric that acts like we have our act 
together from a Federal standpoint, when really the vast 
majority of the job that gets done is really with the 
stakeholders, with those public utilities that, for years, have 
been prepared for mass outages, but perhaps the scope of the 
threat, the cyberthreat--and when we are talking about mass 
outages, you know, we can talk about Hurricane Sandy, we can 
talk about, you know, other storms. They are used to that.
    I am just telling you, they have got--I used to work for an 
electric utility many years ago. I was around--I have got 
enough gray hair, I was around when the DOE was actually 
formed. And so when we look at this, to suggest that the 
Federal Government is here to help, I want to make sure that 
you are helping.
    And the chairman talked about the real communication that 
is being done. The real communication that is being done is 
really being done by the public utilities at the local level. 
If any is getting done. You know, it is crickets when it comes 
to the other Federal agencies as it relates to this. Now, I say 
that as a criticism, only because we have to figure out that we 
are sick before we start to figure out the diagnosis and how to 
fix it.
    So let me ask Assistant Secretary Hoffman for your help on 
one particular area. In your testimony you were talking about 
national security and how you can reprioritize and make sure 
that those national security interests are supplied by public 
utilities or governmental agencies.
    Here is my concern. Many of our national security interests 
actually have their own generating and own distribution 
capacity. And yet I find them woefully underprepared for 
cyberattacks. You know, some of them are primary metered at the 
point of entrance, so you may have a public utility providing 
the generating capacity. They do the distribution. So as we 
look at this, what kind of turf war do we get in between DOD 
[Department of Defense] and DOE with regards to being ready for 
a cyberattack that would have national security implications?
    Ms. Hoffman. Thank you, Congressman, for that question. 
When we deal with any sort of event, we are going to act as a 
whole of Government. So, whether it is a cyber event----
    Mr. Meadows. But who is in charge? Here is the problem, 
is--and I have dealt with a number of agencies. So we get FEMA 
that comes in, and we get local emergency management responses. 
And what you have is you have different people saying different 
    So with regards to national security, who is in charge of 
the power grid? Is it DOE or is it DOD?
    Ms. Hoffman. The owners and operators are ultimately in 
charge of the power grid. The support to the power grid is 
going to come both from DOE with respect to working with the 
owners and operators to restore power and DOD has a 
responsibility with respect to national security and 
protection. So, from a physical security perspective, we may 
look at law enforcement to help the utilities protect 
substations. It depends on the event, but the response will be 
    Mr. Meadows. All right. So you have a plan, a coordinated 
plan that I could look at today on how that would happen.
    Ms. Hoffman. So for----
    Mr. Meadows. That you can give to this committee in terms 
of the--because here is what happens, is most of the time an 
event happens and then you go out and you figure out the 
problems. You know, Mr. Fugate was talking about the fact that 
we learn lessons from each event that we have.
    But the problem is, with a cyber event as we are looking at 
in the Ukraine, you know, here we have an outage to over 
200,000 people, where it was cut off. But the real problem 
was--is they were in the system for almost 6 months and we 
didn't know about it.
    So I guess the question is how many times are we getting 
attacked? And are they in our systems without our knowledge?
    Ms. Hoffman. Well, you bring up a good point, Congressman, 
thank you. But the issue is every event and every incident, as 
Administrator Fugate brought up, is going to be different, and 
we are going to have to think about the capabilities. When 
somebody can take someone's access credentials, we have to 
think about that and look at that as an industry. So we are 
taking the lessons learned----
    Mr. Meadows. But that is more of a physical threat. I want 
to go back to the cyber aspect, because what we are doing is--
and I heard Ms. Durkovich talk about this--is that we are 
looking at risk management. And really, what we need to start 
to focus on is a real comprehensive plan on how we are going to 
partner with the private sector or public utilities on doing 
this, because what happens is we get a little check box and we 
say, ``well, we have gone and we have talked to XYZ and we have 
asked them to make sure that they are vigilant about 
cybersecurity,'' which most of them are.
    But yet, what happens is we don't have a comprehensive plan 
at a Federal level to look at how we can support them in the 
event of a national attack that would come in the way of cyber. 
So I am not talking about storms, and I am not talking about 
stealing a credential. I am talking about the real attacks that 
we get hit with every single day.
    Do we know--have we done a risk assessment where we have 
intelligence? And have we shared that with the public 
utilities? Because a lot of times we have this national 
security concern that we don't want to share that with an 
outside, you know, group because of national security concerns.
    Ms. Hoffman. So thank you. You bring up very good points in 
your discussion.
    First of all, we follow the National Response Framework. As 
Administrator Fugate talked about, regardless of whether it is 
a physical or cyber or weather-related event, we are going to 
act as a whole of Government in responding to that.
    With respect to your question on intelligence, we are 
sharing information with the private sector. DHS and DOE 
regularly host classified briefings with the private sector to 
share actionable information. And that is the information that 
the utilities are able to take back and really do response 
    With respect to specific events such as the Ukraine 
incident, ICS [industrial control system] alert has provided 
very specific actionable information. DOE, working with the 
Electricity Information Sharing and Analysis Center, has 
provided actionable information to the industry to learn from 
these events and prepare. And that is what is important. Each 
event is going to be different. We have to take those events 
and learn from them.
    Mr. Meadows. I have run out of time. I will yield back, Mr. 
Chairman. Thank you for your patience.
    Mr. Barletta. Thank you. The Chair recognizes Mr. DeFazio 
for 5 minutes.
    Mr. DeFazio. Thank you, Mr. Chairman. I regret I had to 
step out to go to a hearing upstairs. We should--the committee 
should look at not scheduling hearings in different 
subcommittees at the same time.
    Administrator Fugate, I think you made a number of 
excellent points. And when you talked about being a ham radio 
operator, obviously that is a potential backup. But I was 
recently in Japan and one of their greatest regrets is that 
they didn't have enough deep ocean sensors, and they 
underestimated the size of the tsunami. And they did manage to 
get out a warning with that original estimate before the 
electrical grid went down in those areas, and they had no 
further capability of broadcasting and warning people. And 
therefore, many people sheltered in places that actually were 
below the crest of the tsunami and died.
    So they have now moved to a cell phone-based system, and 
required resilient cell towers to be built. Are we looking at 
anything like that here, in the U.S.?
    Mr. Fugate. Yes, sir. Part of the charge you gave us and 
the FCC was to develop wireless emergency alerts, which, 
working with the carriers, we actually implemented faster than 
we thought. So right now, every cell phone being manufactured 
today is required to be able to transmit a wireless emergency 
alert, part of the emergency alert system. Tsunami warnings are 
built into those.
    So, if there is a triggering event, the originator for that 
will be the National Weather Service tsunami warning centers. 
In the case of Oregon it is going to be the Alaska Warning 
Center. It would go out. It is geocoded to the areas of impact, 
so those counties and communities at risk would get those 
notifications over your cell phones. You cannot--you don't have 
to opt in, you don't have to sign up. The only thing you can do 
with a cell phone is turn it off and not get the alerts. So, 
unless you have done that, a tsunami warning would be issued, 
it would be transmitted upon that point and go out.
    I think you do point out, though, one of the challenges, 
which is why we work very closely at the local levels. It is 
hard to get the magnitude of the tsunami, so the evacuation 
zones pretty much have to be what is the maximum risk, we got 
to move now. A phased approach, we generally don't have time, 
particularly with Cascadia. It is too close to the coast. And 
that is why we tell people, ``even before you get the warning, 
if you feel shaking you got to move to higher ground,'' because 
even with a warning you only have minutes to move.
    But the cell phone system now, as soon as the Weather 
Service issues the warning, it will get transmitted to those 
areas. We have actually seen this occur already. But it has 
answered this question of what will wake people up in the 
middle of the night. And your cell phone buzzing and humming 
and making strange noises was the whole purpose of the wireless 
emergency alert system.
    Mr. DeFazio. And when--phones manufactured after what date 
were required to have that, do you know?
    Mr. Fugate. It started--I believe it is--I would have to 
look at the exact date, but it has been about the last--2010, 
    Mr. DeFazio. OK.
    Mr. Fugate. That all new handsets--Apple, the iOS, was the 
last of the handsets to incorporate this in. And so pretty much 
all the new handsets now have this. And, as we see the 
replacement cycle of cell phones, we have actually now--third, 
fourth, fifth replacement cycles. So we are getting good 
penetration now with those systems.
    Mr. DeFazio. That is great. Yes, I have actually been on an 
airplane here where we were held on the ground because of 
thunderstorms, and everybody's cell phone started buzzing as 
they had, like, a tornado alert or something. I can't remember 
what it was.
    Mr. Fugate. Yes, sir.
    Mr. DeFazio. So that is great progress. To the Honorable 
Ms. Hoffman, just on the issue I raised earlier, you know, the 
transformer issue, it does seem really critical and they are 
very expensive, they are cumbersome, hard to move. But, I mean, 
where are you at in evaluating the potential or possibility of 
having some, you know, backup or replacement transformers in a 
strategic reserve?
    Is it--you are analyzing that, or where are you at in that 
    Ms. Hoffman. Thank you very much, Congressman, for the 
question. The transformer reserve plan that was required as 
part of the FAST Act is in progress. We have contracted with 
Oak Ridge National Laboratory to do an assessment with respect 
to transformers, the transportation issues, any sort of where 
they would be placed, the volumes and size. As you are well 
aware, the transformers in the United States are quite unique, 
and we have to also look at a parallel process for how do we 
look at standardization, look at next generation transformer 
for additional manufacturing.
    We are also in the process of assessing transformer 
manufacturing in the U.S. DOE has had several reports out with 
respect to transformer manufacturing. There are several 
manufacturing entities in the U.S., including EFACEC, Georgia 
Transformer, ABB, Waukesha, Prolec GE and Hyundai. Those are 
the transformer manufacturers in the U.S. Is that enough for 
the capacity we need? I would say we need more capacity with 
respect to transformers. So it is important that we continue to 
look at a transformer sharing program.
    So we are in progress and on target to meeting that 
deliverable for the committee.
    Mr. DeFazio. So what was the timeline that was established 
for the----
    Ms. Hoffman. The timeline that was established in the FAST 
Act was 1 year from enactment. So it would be due in December.
    Mr. DeFazio. OK, great. Are you aware whether or not the 
regional power administration, the Bonneville Power 
Administration, is, you know--I mean are you working with them? 
Because they obviously have most of the--are interlinked in 
some places with private, but for the most part provide for 
the, you know power transmission and--high-voltage power 
transmission. And half of that--well, part of it is DC. So we 
actually have two different sets of transformers.
    Ms. Hoffman. So thank you very much for highlighting that. 
Yes, we are working with the power marketing administrations, 
which includes WAPA and Bonneville. They are a core asset to 
the Department of Energy, as well as a core asset to the 
electric infrastructure writ large. So they are a very 
important part of the conversation.
    As required by the FAST Act, we will do consultation with 
industry and with experts in this area.
    Mr. DeFazio. OK, thank you.
    Thank you, Mr. Chairman.
    Mr. Barletta. The Chair recognizes Mr. Perry for 5 minutes.
    Mr. Perry. Thank you, Mr. Chairman.
    Secretary Hoffman, the FAST Act you were just discussing 
includes what you were just discussing, some additional roles 
and authorities. Can you talk a little further about the 
importance of the transformer reserve and what your thoughts on 
that are, particularly?
    Ms. Hoffman. Thank you very much for the question. The 
transformers in the United States are a very critical component 
of the system. The FAST Act recognizes the criticality of these 
transformers, as well as the need to assess where are we at 
with respect to any sort of need to develop a plan for 
transformer spare capacity.
    So what this means is really evaluating the spare capacity 
in the United States and the ability to transport transformers. 
So where should a transformer stockpile, if necessary, be 
located because of the different sizes and dimensions of the 
    So part of the plan of what we are looking at with Oak 
Ridge National Laboratory, our other national laboratories and 
industry--is assessing the number of transformers, the size of 
transformers, meaning the different voltage classes, and then 
where those transformers could potentially be needed to be 
located because of transportation issues.
    The industry has had discussions with the Class A railroads 
and looking at the transportation of transformers. You may not 
be aware, but a lot of substations are in very remote 
locations. So really, the criticality and some of the time is 
not only manufacturing the transformers, but it is actually the 
transportation of those transformers to a location.
    Mr. Perry. Will you be considering the timeline for 
manufacture of transformers, as well, in that study, and when 
is the--when can we expect the results?
    Ms. Hoffman. Yes, the--we have started looking and have had 
several reports out with respect to transformer manufacturing. 
And those are on DOE's Web site. But the results of that will 
be included in the report in December.
    Mr. Perry. Do you discuss cost or reimbursement at all in 
your report?
    Ms. Hoffman. So part of the request is to look at policy 
implications and the cost and financing of that. We are going 
to work within the Department of Energy with our energy policy 
and systems analysis group and assess what are some of the 
financial implications to setting up and developing a 
transformer reserve.
    Mr. Perry. All right, thank you. In my opinion, the EPA 
[Environmental Protection Agency] continues to over-regulate 
the energy industry. And with that, I don't think they have the 
ability to determine or examine the requirements.
    Mr. Fugate, do you--I mean I am sure you are aware, based 
on what I have here, as of December of 2015 we are retiring--
due to EPA policy, retiring or converting 81,423 megawatts, or 
499 units, based on regulation. Has FEMA done an examination of 
how the EPA regulations affect the grid and the capacity? Are 
you interested in doing that? Do you know what the capacity is, 
and do you know the ramification of the loss of the 499 units 
and the 81,000-plus megawatts?
    Mr. Fugate. To be honest, Congressman, we really depend 
upon our partners and DHS that do that. We are not the subject 
matter experts. We determine for our infrastructure protection 
what that means and what those impacts are.
    Having come from the State of Florida, I will tell you 
that, as we have seen these types of changes, we have seen 
dependency move from coal fire to natural gas to peaker units. 
So we had to start planning for what happens there. I actually 
was in probably a unique experience of having a natural gas 
pipeline sever due to lightning strike. Knocked out all the 
natural gas to the southern and middle parts of the State. And 
we suddenly realized that we had a tremendous dependency on 
natural gas peaker units, and we were fortunate that we had 
mild weather. Otherwise, we would have had generator capacity 
shortfalls that would not be made up. So we----
    Mr. Perry. So if I could just----
    Mr. Fugate [continuing]. Partners for the information----
    Mr. Perry. I got a limited amount of time here. So if FEMA 
is not doing it particularly, who are you getting the--which 
partner are you getting that information from? Who is assessing 
the effect of the regulation, the loss of capacity and the 
timing of that loss? Who is doing that, of your partners?
    Mr. Fugate. I would depend upon my partners to the left. We 
look at energy as a function of Government, because, as you 
point out, there are numerous parts of the regulatory and 
response structure. So we concentrate onto function----
    Mr. Perry. So, with all due respect, may I ask your partner 
to the left? Do you have that information? Are you tracking 
    Ms. Hoffman. So thank you very much for the question. The 
Department does look at reliability implications with respect 
to any sort of change in generation mix in the United States.
    With respect to the Clean Power Plan, it is really going to 
be as the States develop their implementation plans the 
assessment will occur with the regional reliability entities 
and the independent system operators, where they will 
coordinate and understand the reliability impacts.
    Mr. Perry. So you don't know what it is upfront, or you 
don't assess it as it occurs? You don't know that, you know, so 
many plants and so much capacity is leaving in Ohio or 
Pennsylvania or Alabama, you don't know that in advance and 
make an assessment of the potential risk that is involved?
    Ms. Hoffman. So--thank you. From a widespread reliability 
point of view, DOE believes that the Clean Power Plan and the 
regulations will not have any widespread reliability impacts. 
But the specific----
    Mr. Perry. Well, hold on a second. Hold on. With the 
chairman's indulgence--you believe that, but do you believe 
that because you have empirical data to support that belief, or 
you believe that because somebody is telling you that, or you 
believe that because you don't have any reason to disbelieve 
    Ms. Hoffman. Right now the utilities will work very hard to 
ensure reliability of the system. And our past experience is, 
as any sort of any reliability concerns come up, there is 
strong coordination within the industry to address any sort of 
reliability impacts. So----
    Mr. Perry. So does that mean, if you thought that there was 
going to be a reliability impact based on the regulation and 
the capacity reduction that you would essentially exonerate or 
waive the requirements for a period of time to make sure that 
the capacity remains? Do you have a policy to do that, or is 
there a thought to that? Or what is your plan, if you come up 
against something that doesn't comport with what you think it 
needs to be, from a capacity standpoint?
    Ms. Hoffman. Within the Clean Power Plan the States, as 
they develop their Clean Power Plan, their State plans, they 
will be coordinating with the reliability entities, the ISOs 
[independent system operators] and the RTOs [regional 
transmission organizations], looking at any potential 
reliability implications, and----
    Mr. Perry. But how does that work since, for instance, I 
live in the PJM, which is a multistate organization? It is not 
State by State, it is multistates that all feed into the same 
grid. So how does one State's plan affect another, and how--who 
coordinates reliability or capacity issues in that regard?
    Ms. Hoffman. So the States are required, as part of the 
Clean Power Plan, to coordinate with PJM, and PJM has and will 
continue to do reliability analysis for that region.
    Mr. Perry. Thank you, Mr. Chairman. I appreciate your 
    Mr. Barletta. Thank you. The Chair recognizes Mr. Sires.
    Mr. Sires. Thank you, Chairman and Ranking Member, for 
holding this hearing. It is very important.
    I represent the Eighth District of New Jersey, which has 
Hoboken and some other areas--Jersey City--which got hit very 
hard by Sandy. And if I learned anything about our 
infrastructure, it is how unprepared we were for a storm or 
anything else. And there is plenty of blame to go around. 
Everybody always points to the Federal Government, but in 
reality the States could do a lot of things and the locals 
could do a lot of things and the power companies could do a lot 
of things.
    I always think of the example--and I gave this once before 
to the chairman as an example--there was a generator in the 
flood zone. And the power company was protecting it with a 
chain link fence. So when it flooded, obviously, the chain link 
fence did not hold the water back. So what I am trying to get 
at is these are the kind of simple things that we can do to 
protect, you know, this particular transformer.
    The other thing was in terms of the gas station. You were 
talking about--I mean we have plenty of gas, quite frankly, but 
they couldn't pump it. So a simple thing like a small generator 
to just move the pump and move the gas from the--you know, from 
the containers to the people, I mean, would it suffice? So when 
I say to you that everybody has shares of blame in this, I just 
hope that we have come from Sandy far enough to learn some of 
these mistakes and we are correcting them.
    So, Honorable Fugate, would you please tell me that we have 
come a long way from where we were?
    Mr. Fugate. We have come a long ways, we haven't gone far 
enough. And I think, Congressman, you point out what I see is 
the real challenge, and which cyber highlights. The tendency is 
to plan for what we are used to dealing with, not for what 
could happen.
    And so, again, as you point out, we put a fence around a 
generator in a flood zone. Well, the reason you have a 
generator is the power goes out, one of the likely causes for 
power outages would be a coastal storm. But you hadn't had one 
in a long time, so you were more concerned about somebody 
breaking in and damaging the transformer. And that is the trap 
we fall into.
    And I think this is what the chairman is raising. Cyber is 
new. A lot of things we are going to do won't be new in 
response to the consequences, but if we don't know what we are 
planning against, we may run the risk of only planning for what 
we have been used to having, maybe short-term power outages, 
maybe disruptions that are strictly local, and not plan for 
what could happen and plan against it.
    And unfortunately, as you point out, we try to promote 
these lessons, but it seems to, again, be one of our 
challenges. How do you get people to change? Let's talk about 
gas stations. That is a private entity. Putting in a generator 
is a cost. Most people say, ``well, you could just ship a 
generator there.'' Doesn't work that well, because most of 
those utilities were underground and it was hard to get a 
generator hooked up to it.
    So in some States that have dealt with this they have put 
in incentives that gas stations would be required through 
regulation to put in a transfer switch. It was a good 
compromise. That way, if they did lose power for long periods 
of time, we could get generators in there, hook it up, and pump 
    But this is where we got to be very careful. It is easy to 
say, ``this is the fix'' until you ask who is paying for it. 
And I think this is the tradeoff of what would make sense, 
either through incentives, tax credits, regulatory oversight, 
to get these changes, because I can't ask a business to lose 
money if their other partners or competitors aren't doing the 
same thing.
    And at the same time, you know, the response was, ``you got 
to put a generator in every gas station.'' That is also not 
necessarily a great idea, either. But putting in a transfer 
switch was a good compromise.
    So again, I think, as we learn these lessons we go back to 
this trap of we plan for what we have experienced in the past, 
and that does not always scale up for the future impacts. We 
have got the lessons learned, we are putting the information 
out there. But the receptiveness of that audience is oftentimes 
based upon do they perceive this threat as applying to them.
    And, as you know for your community, we talk about 
hurricanes and hurricane evacuations, and most people said, 
``we don't have hurricanes, we have northeasters.'' So it is 
getting people planning. In many cases we know what these 
impacts are, but it is really the challenge of getting people 
to plan for what can happen, not what they are prepared to do 
based upon only their past experiences.
    As the chairman points out, we have not had a lot of 
experience with cyber. So part of this, again, is getting--what 
are we planning against, and then what will we do differently. 
And if that requires resources, where are those resources 
coming from?
    Mr. Sires. I also think that we have to be prepared post-
Sandy or post--because one of the issues--we still have 
problems in New Jersey where people are still out of their 
homes years later. And to me that is really unacceptable, 2 or 
3 years later, that we have these issues where people with the 
insurance or with the valuation of the property--I mean somehow 
we have to be prepared for some of these things because it 
impacts real people.
    Mr. Fugate. It does. And our experience is, coming out of 
Hurricane Katrina, 5 years after that we still had over 5,000 
families living in travel trailers because we didn't have the 
right answers.
    So, rebuilding after disaster is, again, very time 
consuming. There's a lot of hurdles to go through. And I agree, 
it is ideal to get people back in their homes as quickly as 
possible. But that requires a lot of things that go beyond even 
some of my programs. It is really, as you point out, State and 
locals and----
    Mr. Sires. I am not just putting the blame on you, I am 
also putting the blame on, you know, the locals and the State, 
that we should be prepared for any of these storms or whatever 
we have.
    Thank you, Mr. Chairman.
    Mr. Barletta. Thank you. The Chair recognizes Mr. Massie.
    Mr. Massie. Thank you, Mr. Chairman. I am going to yield as 
much of my time as he might consume to the gentleman from North 
    Mr. Meadows. I thank the gentleman from Kentucky for 
yielding. And, Ms. Hoffman, I want to follow up on one thing. 
Because, as you talked about the transformers and the--having 
these backup transformers as a redundancy, one of my major 
concerns is that decisions that get made by DOE or DHS or 
FEMA--all the sudden what we do is we transfer that liability 
to others that are providing service.
    So what we--you know, right now all utilities have backup 
transformers, primarily for distribution purposes, but even for 
larger, you know, transmission-related transformers and 
switches. However, if you are going to make a decision, it 
directly impacts rateholders for two reasons. I mean if they 
are--happen to have $10 million transformers sitting there, I 
don't know that they can get a return on that investment, 
    And so, if you start to extrapolate that out, if it is not 
in service, you know, it just kind of like--generated capacity, 
there is a certain length of time that they have in order to 
bring that online so that they can get a return. But 
ultimately, it affects the ratepayer, anything that you do.
    And so, I guess when we start to look at the security 
implications, what I would encourage both of you to do is look 
at it as we would from FEMA--is that it is a Federal redundancy 
that is required, not a redundancy that needs to be done by 
utility to utility to utility. Do I have that commitment from 
both of you, that you would look at it as a Federal obligation, 
versus a private obligation?
    Ms. Hoffman. Yes, Congressman. Thank you.
    Mr. Meadows. All right. OK. I see you nodding your----
    Ms. Durkovich. Yes, sir.
    Mr. Meadows. For the record----
    Ms. Durkovich. Yes, sir.
    Mr. Meadows [continuing]. Both of them said yes. And so let 
me finish with one other, I guess, concern. When we are talking 
about sharing in a classified setting with the stakeholders, 
have all of the utilities participated in that secured setting, 
where you have let them know of both the threats--potential and 
real threats that we already have experienced?
    So, you know, you were saying that we have done that in a 
classified setting, and I just find that interesting. I am not 
challenging, but I want to drill down on that because I don't 
know of too many--you know, maybe the big utilities but there 
are, you know, hundreds of utilities. And so they come in to a 
classified setting and say, ``this is your risk, this is where 
it is.'' That is your testimony here today.
    Ms. Hoffman. So thank you for that question. Information 
sharing occurs at multiple levels. We do have classified 
information with the Electricity Subsector Coordinating 
Council, which is 30 CEOs from across the whole sector, so 
there are investor-owned utilities, there are municipals, there 
are co-op utilities that participate in that information 
sharing, that classified information.
    In addition we have had 1-day read-ins where we have 
brought a larger section of utilities in to do classified 
information sharing. We have done that. DHS has done regional 
information sharing meetings, where they have had opportunities 
to bring folks in and do information--so it occurs on multiple 
levels. Have we hit every single of those----
    Mr. Meadows. Yes, and I am not saying--I want it to be 
systemic, and I guess I will yield back to my good friend from 
Kentucky here in just a couple of seconds, but I want to make 
sure that I am clear. As we get to stakeholders what I want it 
to be is more than just a box that we are checking off. I want 
EEI [Edison Electric Institute], I want all of the groups that 
are there to buy in and say, ``we have a plan.'' We do it for 
mass outages like Sandy and other hurricanes. We haven't done 
that, I believe, adequately as it relates to cyber. And do I 
have both of your commitments that you will redouble your 
efforts to include them as stakeholders?
    Ms. Hoffman. Yes, yes, we will redouble our efforts. And 
the one thing that I would say codifies how we are redoubling 
our efforts is the exercise that happens between industry and 
utilities where we are actively exercising this.
    Mr. Meadows. I will yield back to my good friend.
    Mr. Massie. Thank you. I just have a brief question that 
occurs to me during Mr. Meadows' question which is, of this 
classified information, if we sought to get a brief on that 
would you make yourself available in a classified setting for 
us, as we contemplate what sort of legislation might be 
    Ms. Hoffman. Yes, Congressman. We would be glad to have a 
briefing with you.
    Mr. Massie. Is that the case for everybody?
    Ms. Durkovich. Yes, sir. Of course.
    Mr. Massie. Mr. Fugate?
    Mr. Fugate. I wouldn't originate most of the data, but I 
would be there. Most of the origination of the classified 
information would actually come from my partners to the left.
    Mr. Massie. Understood. Thank you very much. And I yield 
    Mr. Barletta. Thank you. With respect to time for our 
second panel, we are going to move on. And I think, if I can 
summarize--and I thank you all for participating today--I think 
if I could summarize, Administrator Fugate, that planning for 
local and State governments should be--needs to be in terms of 
weeks, not days. And that is important because that is the 
first time I have actually heard what we need to begin to look 
at in the event of an attack.
    So again, I want to thank you all for your testimony. Your 
comments have been very helpful in today's discussion. And we 
will now call on our second panel.
    Mr. Barletta. I remind you of the subcommittee's request to 
limit your oral testimony to 5 minutes.
    Mr. Cauley, you may proceed.


    Mr. Cauley. Good morning, Chairman Barletta, Ranking Member 
Carson, and members of the subcommittee. Very glad to be here 
today, testifying. My name is Gerry Cauley, I am the president 
and CEO of the North American Electric Reliability Corporation. 
NERC is a nonprofit international organization overseeing the 
reliability and security of the power grid in the United 
States, Canada, and a portion of Mexico. We have authority 
assigned by Congress to develop and enforce standards affecting 
reliability and security of the grid, and that authority is 
overseen by the Federal Energy Regulatory Commission.
    We can all agree that electricity is the most critical 
lifeline sector for national security, for other lifeline 
sectors like finance, water, and transportation, for the 
economy, and for public safety. Every day we are reminded of 
the seriousness of our job related to securing the grid. There 
have been terrorist attacks in France and Belgium and even 
here, domestically. There have been cyberattacks and data 
breaches across various industries and across Government.
    Of particular relevance to our grid, on December 23, 2015, 
there was a cyberattack in the Ukraine which was launched 
against three distribution companies and in which the 
perpetrators gained control of three distribution companies and 
were able to put out the lights for 225,000 customers for up to 
6 hours.
    A team from the U.S. went to investigate that incident in 
the Ukraine, including a member of the NERC staff. And what I 
can tell you is that the cyberthreats are real, but I think we 
have a very different situation in the Ukraine as compared to 
what we have in the United States and North America. Our 
security controls in North America are very different.
    We are the only industry with mandatory and enforceable 
reliability standards affecting physical and cybersecurity. We 
are currently in the fifth generation of our cybersecurity 
standards. They are risk-based standards based on NIST-type 
[National Institute of Standards and Technology-type] controls, 
so they are adaptable and can keep up with the current threats.
    We have a very robust compliance monitoring and enforcement 
program. System operators use modern controls to ensure the 
security of the system, including separation of corporate and 
business systems from control systems, physical access 
controls, patch management, aggressive threat hunting and 
mitigation, and employee and contractor training, and many 
other measures that they take.
    We have established the Electricity Subsector Coordinating 
Council, as we heard previously, at the highest levels of 
industry and Government, including CEOs and top officials from 
Government. The CEOs and boards of power companies take 
security very seriously, and security is one of their highest 
priorities on a regular basis.
    Our Information Sharing and Analysis Center, which you have 
heard about, the ISAC, provides robust information sharing 
regarding cyber and physical threats. With the engagement of 
industry leaders we have recently gone through a review and 
upgrade of the capabilities of the ISAC, and the ISAC, I 
believe, is closely integrated with the security operations and 
information sharing at individual companies, as well as the 
State fusion centers and other sectors.
    We also operate a tool called CRISP [Cybersecurity Risk 
Information Sharing Program], which is a way to monitor the 
electronic Internet traffic to key sites around the industry, 
and compare the traffic to threats and vulnerabilities that we 
are aware of worldwide, and warn the utilities about issues 
that they may be experiencing in real time.
    In the unlikely event of a successful cyber or physical 
attack, I believe that we are well prepared. FERC and NERC 
recently completed a study of the restoration and recovery 
capability plans and drills and exercises of nine major 
companies in the industry, and that report is available 
publicly, and it is posted on the NERC Web site. But I think it 
demonstrated that the preparation is there, and that the plans 
have been exercised.
    As you have heard before, on November of this past year 
NERC led what I believe is the largest grid security exercise 
in the world called GridEx III. Over 400 entities in North 
America participated. We had over 4,400 registered users and, 
in my estimation, there were probably closer to 10,000 actual 
participants. The distributed--this is where we are in a 
central, controlled place, and we inject the attacks outward, 
and so the power companies are actually engaged in the exercise 
locally in their own control centers, in their own substations 
and power plants. They are receiving the information from us.
    That portion of the exercise--I apologize for my voice; I 
am just getting over a cold--that portion of the exercise 
lasted 2 days and on the second day there was an executive 
tabletop which brought it all together for senior executives 
from industry and Government. The scenario included 
cyberattacks, physical attacks, including active shooters, 
truck-mounted and explosive devices, and unmanned surveillance 
drones. This hypothetical event was extreme, and it was 
intentionally extreme to really go beyond our capability and to 
test the system. And really, the point was to find out what can 
we learn and what do we need to do to improve.
    During the distributed play exercise we caused outages in a 
simulated fashion--no one was actually controlled or affected, 
but we simulated 5 million customers who were out. And in--
during the executive session, to invoke all the policy 
questions at the national level that we were looking to pull 
out we actually had 15 million customers out and those outages 
were projected to be extended for weeks and even into months to 
really push the questions that the chairman is trying to raise 
    Participating entities worked through their emergency 
procedures. They had very extensive contacts with local law 
enforcement and first responders. And actually, those local 
government officials and first responders did participate in 
the exercise. We had--in the exercise we had the White House, 
DHS, DOE, Department of Defense, Cyber Command, NSA [National 
Security Agency], NORTHCOM [U.S. Northern Command], FBI 
[Federal Bureau of Investigation], FEMA, and the Illinois and 
Wisconsin National Guards are some of the players who 
participated directly in the executive exercise.
    A number of key takeaways were to make sure that we are 
able to better coordinate between industry and Government in 
terms of the situation assessment, and what do we communicate 
to the public. It will be a constant race with regard to 
information to the public. We all know social media and the 
news are very quick, and we want to make sure that we are 
getting reliable information out to the public.
    We are focused on ensuring unity of effort and unity of 
scale, and that we can resolve all of our resources from both 
industry and Government together.
    Looking forward, I would say in this exercise we will 
continue to expand the role of State and local governments and 
participants in the exercise to make sure we can exercise some 
of the things that the chairman is looking to get here, which 
is how do we engage, how do we inform, and how do we set 
    And I look forward to your questions, thank you.
    Mr. Barletta. Thank you for your testimony, Mr. Cauley.
    Mr. Spence, you may proceed.
    Mr. Spence. Good morning, Chairman Barletta, Ranking Member 
Carson, and members of the committee. My name is Bill Spence. I 
am president, chairman, and CEO of PPL Corporation. We deliver 
electricity to more than 10 million customers in the U.S. and 
the U.K. Beyond my role overseeing PPL's operations, I am also 
on the EEI Policy Committee on Reliability and Business 
Continuity. I also am a member of the Electricity Subsector 
Coordinating Council that you heard about earlier today. The 
ESCC serves as a principal liaison between the Federal 
Government and the electric power sector to protect against 
cyberthreats to the Nation's power grid.
    Protecting the Nation's power grid, as you heard earlier, 
is not only a top priority of the Federal Government, it is 
also a top priority for the industry. We have a very strong 
record of working together closely in all kinds of disasters 
and storms. Along with our Government partners, we identify, 
assess, and respond to all threats.
    The electric sector takes a defense and indepth approach to 
protecting grid assets. This approach really includes three key 
elements. The first is rigorous mandatory enforceable and 
regularly audited reliability standards. Gerry talked about 
that in his testimony. Also close coordination among industry 
and with Government partners at all levels. And thirdly, 
efforts to prepare, respond, and recover, should power grid 
operations be affected.
    Our industry already maintains hundreds of spare 
transformers. I don't believe that came up earlier, but you 
should be aware of that. In addition, we just recently 
launched, as an industry, a new project called Grid Assurance. 
Under Grid Assurance, many of the major utilities in this 
sector are coming together to establish regional centers where 
we will not only store spare transformers, but other critical 
equipment necessary to quickly recover the power system in any 
type of an event.
    Among all the critical infrastructure sectors, you should 
know that the electric sector invests more annually than any 
other critical infrastructure sector. Last year alone we 
invested more than $100 billion.
    Regarding security standards and regulations, as you heard 
we are subject to NERC's reliability standards. Entities found 
violating these standards face penalties of up to $1 million 
per violation per day. In fact, our industry is the only 
industry subject to mandatory, federally enforceable cyber and 
physical standards.
    The industry is also implementing requirements for physical 
security as part of a broader suite of NERC standards, and 
using voluntary standards, as well, to drive improvement. 
Secondly, we are coordinating closely with the Federal 
Government, sharing threat information between the Government 
and industry to protect the grid.
    According to the National Infrastructure Advisory Council, 
the electric power sector is viewed as a model for how other 
critical infrastructure sectors can more effectively partner 
with the Government. Our intent is to keep it that way. The 
Electricity Subsector Coordinating Council brings senior 
Government and industry executives like myself together with 
agency officials to improve sectorwide resilience against all 
hazards and potential threats.
    The ESCC and our Electricity Information Sharing and 
Analysis Center offer programs like the Cybersecurity Risk 
Information Sharing Program, as Gerry also mentioned, through 
which we share information on potential threats. This is an 
area where I think the Federal Government has been very helpful 
to the industry, by allowing us to utilize proprietary hardware 
and software that was developed at the national labs and is now 
helping to protect the grid.
    Over 75 percent of the U.S. customer base is covered by 
industry participation in this critical program. The ESCC has 
also focused on several other key areas, including planning and 
exercising responses to major disruptions. Our last exercise 
was a combined cyber and physical threat scenario.
    In addition, we are focused on rapid threat communication 
amongst share owners and stakeholders. We are also developing 
Government-held technologies on electric power systems that 
improve situational awareness and cross-sector coordination.
    Last but not least we are focused on incident response and 
recovery efforts. Electric power companies continuously plan 
and exercise for a broad range of potential threats. We share 
crews and equipment in times of trouble, and we regularly drill 
for potential emergencies. For our part, PPL is actively 
engaged in the industry efforts I have highlighted, and pursing 
an aggressive defense-in-depth approach to protecting the power 
    Thank you, and I look forward to your questions.
    Mr. Barletta. Thank you for your testimony, Mr. Spence.
    Ms. Kilmer, you may proceed.
    Ms. Kilmer. Chairman Barletta, Ranking Member Carson, and 
all members of the committee, thank you for inviting me to 
testify today on how electric cooperatives manage the 
consequences of a power outage.
    Regardless of the cause, getting power restored quickly and 
safely requires advance thinking and planning. My name is Bobbi 
Kilmer, and I am testifying today on behalf of Claverack Rural 
Electric Cooperative and the National Rural Electric 
Cooperative Association.
    Claverack delivers electricity to member owners at over 
18,000 locations in rural northeastern Pennsylvania. We have 
low consumer density, averaging less than six consumers per 
mile of line, and we serve primarily residential accounts. We 
are 1 of Pennsylvania's 13 electric cooperatives, and our 
electric distribution system is not directly connected to the 
bulk power system.
    The National Rural Electric Cooperative Association, NRECA, 
is the service organization dedicated to representing the 
national interests of electric cooperatives and their 
consumers. NRECA represents more than 900 not-for-profit, 
consumer-owned rural electric utilities that provide 
electricity to over 42 million people in 47 States.
    Electric co-ops are accountable to their consumer members. 
Those same members own and govern the co-op through a locally 
elected board of directors. Electric co-ops reflect the values 
of their membership and are uniquely focused on providing 
reliable energy at the lowest reasonable cost.
    Responding to power outages is a major part of our 
business. Assessing the situation, knowing who to call, and 
determining how to proceed is imperative, and it requires 
coordinated efforts in the public and private sectors during 
major events. One of the seven principles of the cooperative 
business model is cooperation among cooperatives. This 
cooperation is integral to our emergency planning and response.
    In Pennsylvania, as in many States, the electric 
cooperative statewide association plays an important role in 
emergency coordination. Electric co-ops have mutual assistance 
agreements between one another so that during a major event the 
process of securing additional crews and resources is 
simplified. There is also a national cooperative database which 
facilitates cross-state mutual assistance. As I noted in my 
written testimony, this network helped our statewide 
association secure crews from Florida to assist us in our 
restoration following Hurricane Sandy.
    Also important are the relationships that we have with 
State and local government agencies. During major events our 
statewide association is in regular contact with the 
Pennsylvania Public Utility Commission and the Pennsylvania 
Emergency Management Agency. The statewide association 
communicates outage information as well as requests for 
assistance from other governmental divisions on our behalf. 
Locally, we are in touch with our county emergency management 
agencies. We advise them of outages in their counties and 
expected restoration times. This allows them to coordinate with 
other organizations like the Red Cross to set up services such 
as warming shelters.
    We also have close relationships with our local police and 
fire departments, and along with other agencies and utilities 
we too participate in tabletop exercises which simulate 
emergency scenarios and strengthen our community networks.
    Communication with our members is important, too. We always 
provide the option to speak with a live customer service 
representative. We use outgoing telephone messages, 
informational postings on our Web site and social media, and 
use radio and television broadcasts, which could be used, even 
in the event the Internet is down, to keep members and the 
public informed about outages.
    We test our business continuity and disaster recovery plans 
annually, and we have plans in place so that we could operate 
from a remote location, if necessary.
    Cybersecurity and awareness is a critical part of our 
operational preparedness. Though we are a small utility, we 
strive to follow industry best practices, such as the use of 
network scanning and intrusion detection programs in protecting 
our operational data, as well as our business and member 
information. We also participate in the Pennsylvania Department 
of Homeland Security's Task Force on Cybersecurity.
    Our preparedness in the field is tested throughout the year 
during localized outages caused by weather events and other 
conditions. Lessons learned through experience, along with the 
coordination with our national, statewide, and local networks 
would form the basis of our response to a national or cyber 
    Again, thank you for the opportunity to testify today on 
our emergency preparations and recovery efforts.
    Mr. Barletta. Thank you for your testimony, Ms. Kilmer. I 
will now begin our first round of questioning. And this 
question is to all.
    I am going to ask you the same question I asked our first 
panel. What is the planning scenario that State and local 
governments should be using for a cyberattack on the electric 
grid? Will the power be out for days or weeks or months, 
considering both a cyberattack and a physical attack? The 
worst-case scenario, how widespread could the outage be?
    Mr. Cauley, NERC runs an exercise on the failure of the 
grid. What scenario do you use? And I will let you begin.
    Mr. Cauley. Thank you, Mr. Chairman, for the question. As I 
mentioned in my presentation, we do probably pose a scenario 
that is 10 times beyond any sort of realistic expectation, in 
terms of the magnitude. That is really to test and sort of 
shake this out and see what we can do.
    I think the difficulty in understanding the question is 
that there is many kinds of hazards that can cause outages. And 
in fact, if we look at--we do a lot of data and analysis about 
what causes blackouts. That is one of our jobs. And since 
2011--so 4 years running--in our data weather has been in the 
top 10 causes of all major outages in North America. So we have 
that sort of baseline.
    So the question for me, I phrase it as what kinds of things 
can cause outages from a few hours up to 2 to 3 days? And there 
are a lot of things that can contribute toward that and what 
kind of response capability we could have. So it could be 
storms, it could be equipment failure, it could be a number of 
    And then I think, as we get to the kinds of things we are 
talking about here, in terms of cyber and physical attacks, I 
think it is reasonable to ask--and severe storms, ice storms, 
hurricanes--it is reasonable to ask the question, ``How are we 
taking care of people in a 1- to 2-week outage?'' It may not be 
everywhere, but it might be in some local areas, it might be 
some cities that could reasonably be facing a 1- to 2-week 
    But I would hate for us to say, ``it is a cyber event,'' 
or, ``it is a storm,'' because, really, the public safety issue 
is very similar. The major difference would be--to me, the 
major difference would be we know there is some kind of 
security concerns, law enforcement would be involved. But it is 
still the same fundamental--without electricity, you need to 
take care of people, you need to get them fuel and food and 
water, those kinds of things.
    The one scenario I think that is the exception--and I think 
it was appropriate that the committee participated in the 
legislation around spare equipment--the one scenario I think 
realistically concerns me longer than the 1- to 2-week 
timeframe is damage to spare equipment, particularly the 
transformers. That could happen from a bomb blast, shootings, 
other--GMD [geomagnetic disturbance] storms. The question is 
not what caused it, but the question is what are you going to 
do if you lose transformers. And they are not going to be 
replaceable for an extended period of time.
    Mr. Barletta. I guess what I am getting at, what--I want to 
get this down--to connect the dots down to the local and State. 
And you know, I feel pretty confident that getting to that 
point we have got all the ducks in order. I am just concerned 
that there is a missing link to what should the States and 
local governments be preparing for or planning for in length of 
time, because they need to do the same thing that you are 
doing. They need to know the scenario of worst-case, what do we 
need to prepare for.
    Mr. Cauley. Right. And I have been doing reliability for 35 
years. I really think there are two levels. There is normal 
expected, you would see a number of times a year, is that 1 to 
3 days as a normal kind of scenario that everybody should be 
prepared for. I think a 1- to 2-week scenario is a scenario 
that, if you are prudent, I would be talking with the mayors 
and the city councils about what you can do to be ready for a 
1- to 2-week outage in the extreme case of hurricanes, 
earthquakes, and those kinds of things. My only exception is 
spare equipment damage may be more challenging.
    But I think it really is independent of the cost, whether 
it is cyberattack--I can't imagine a cyberattack that is going 
to damage equipment to have an outage more than hours or days.
    Mr. Spence. I would agree with Mr. Cauley. I think the 
prudent thing would be the same as what we are doing today for 
devastating storms, which is really a 1- to 2-week outage 
    I think there are a lot of resources that are currently 
available to local communities, both at the State and the local 
community level that are really great resources that, 
unfortunately, I don't think all the towns and communities take 
full advantage of. There are a lot of really good best 
practices that have been used by towns and cities that have 
been more experienced with devastating storms. For example, the 
State of Florida has a lot of experience, so there is a lot of 
lessons learned there that are available to towns and 
    I think the other thing--and I think this was mentioned by 
the representative of FEMA earlier today--it really boils down 
to, in many cases, the probability of the event happening, the 
risk of the event, and willingness to put in place and spend 
the money for backup generation or other backstops that would 
be necessary for a 1- to 2-week event. So I think that is where 
I would direct the towns and communities to be aware of what is 
available, utilize that fully, and then make the critical 
investments that they need to survive a 1- to 2-week period.
    Mr. Barletta. OK. I am going to connect the dots. So do you 
think it is the Federal Government's responsibility or the 
State government's responsibility to make sure that the local 
government is doing all that? Because I am just concerned that 
we are going to have everybody pointing fingers at each other, 
``well, I thought you had said,'' ``I thought you did,'' and 
nobody did.
    Whose responsibility should it be that we make sure that 
the local governments are prepared? Because today is really the 
first time that I am hearing a length of time.
    Mr. Spence. Right.
    Mr. Barletta. And you know, in my own mind--again, I am 
going to keep putting that mayor's hat back on--I am beginning 
to think, well, geez, if it is 1 week or 2 weeks, there's a lot 
of things I need to be prepared for here, and we are probably 
    Mr. Spence. Well----
    Mr. Barletta. Which means that most cities are probably not 
    Mr. Spence. Yes.
    Mr. Barletta [continuing]. And I think that is what this 
hearing is about----
    Mr. Spence. Right.
    Mr. Barletta [continuing]. Is really to raise a red flag 
here today that we are not prepared in the event of something 
drastic, major, unlikely, but could be----
    Mr. Spence. Well, a couple comments, Mr. Chairman. First I 
would say--and you probably would not want to hear this, 
necessarily, but I think it is a shared responsibility between 
local government and the Federal Government. And I really do 
believe that because you are just not going to be able to have 
Federal boots on the ground in all these local communities to 
get the communities back up and running.
    Secondly, I would say that, you know, there are things that 
the local utilities do have at their disposal to help local 
communities in terms of communication and even backup 
generators, portable generators, that we can deploy to high-
priority areas to make sure that when we need to restore the 
system and we can't do it in a timely fashion, then at least 
there is some basic level of service that we can provide.
    So I think in an extended period of outage, you are still 
going to have power to certain areas. You are going to have a 
backbone of power. It may not be this town or that town. But I 
think, collectively, there will be ways to get resources 
available to the local towns and communities.
    You know, to be quite frank, I was very skeptical when we 
started this Electricity Subsector Coordinating Council, on 
whether the Federal Government was really going to be able to 
help us, as an industry, to restore power quicker. But I have 
been pleasantly surprised at the level of cooperation and 
collaboration that has gone on in the last 3 to 4 years. And 
there are simple things like providing fuel that we desperately 
needed during Hurricane Sandy to restore towns and communities 
in New Jersey and Pennsylvania.
    And there are other things, like providing beds for crews 
that are coming from out of State. We were able to access 
barracks at the Department of Defense facilities. We were able 
to access portable generators. We were able to access experts 
in emergency response. So there are some things that the 
Federal Government can be very, very helpful for.
    And I think, now that we have a playbook that really 
dictates who does what when, which was always my concern in a 
major event--who do I call, and are they going to be ready for 
that call--I can say that, from what I have seen so far, I 
believe we are more ready than we have ever been in the past, 
and we have a very good system and a playbook that we can go 
right down the line and have access--in this case, when we are 
talking about this committee--to cyber resources at the highest 
levels of the Federal Government.
    Mr. Barletta. Thank you.
    Ms. Kilmer?
    Ms. Kilmer. I agree with my fellow panelists on the shared 
    I would also like to emphasize to the subcommittee the 
importance of communications during crisis periods. My 
experience has been that sometimes it is not the length of the 
outage, but simply knowing how long it is going to be, or what 
the expectation is. It can help both residential consumers, as 
well as townships and towns, understand how they need to plan.
    I would also like to add one thing that we have seen in our 
rural area, especially since Hurricane Sandy, and that is a 
focus on individual preparedness. I am seeing our local county 
emergency management agencies doing a great job in trying to 
educate the public on being prepared. We try to do the same 
thing. Of course, we are in a rural area, we are subject to 
many weather events. So I think that our consumers are 
relatively prepared. And again, I am not suggesting that we can 
rely on that, but I think that that is an element in all of 
this. Thank you.
    Mr. Barletta. The Chair recognizes Ranking Member Carson.
    Mr. Carson. Thank you, Chairman Barletta.
    Ms. Kilmer, you mentioned that Claverack Rural is not 
connected to the bulk power system, but you receive services 
from a subtransmission system. What does that mean for your 
cooperative in the event of a nationwide cyberattack on the 
    Ms. Kilmer. In the event there was a cyberattack that took 
down the grid, we would be affected by that. If Penelec's 
transmission system was affected and power was disrupted to our 
substations, we would also be out of power.
    Mr. Carson. Mr. Cauley, there was a newspaper article 
yesterday that indicated that the FBI and the Department of 
Homeland Security have been warning the power industry over the 
last month about a potential cyberattack. What role has the 
Electricity Information Sharing and Analysis Center--what role 
might they play in distributing this kind of information?
    Mr. Cauley. Thank you, Congressman. That is exactly really 
what the Information Sharing and Analysis Center does. We--in 
fact, I am not aware of that particular one, but we do dozens 
of these a day. We get information out, post it to industry. We 
have several thousand participants in industry who receive 
those notices every day.
    Mr. Carson. Yes, sir.
    I yield back, Mr. Chairman. Thank you.
    Mr. Barletta. The Chair recognizes Mr. Meadows.
    Mr. Meadows. Thank you, Mr. Chairman.
    Mr. Cauley, did I hear you correctly? You said that in the 
event of a cyberattack, the longest period of time that people 
would be without power--an hour? Is that what you said?
    Mr. Cauley. Thank you for allowing me to follow up on my--
whatever I said. My point----
    Mr. Meadows. Sometimes I don't hear correctly, but I just 
wanted to give you a chance----
    Mr. Cauley. The point I was trying to get to--but I 
rushed--was it is a very difficult form of attack to go from a 
cyberattack--it is easier to steal information or disrupt 
electronics. It is very technically challenging to go from an 
electronic cyberattack to causing physical damage to equipment.
    Even in the Ukraine attack there was no damage to the 
equipment. It was opened, the breakers were operated to 
basically shut down the feeders that were going to the 
customers, but there was no damage, so that once they realized 
what was happening they basically could defeat the computers 
and have people go to the station manually, flip the switch, 
which is a mechanical switch, and put the power back on.
    So, my point--and I would love to continue working on this 
and getting some actual data to support that--is it is very 
hard to transform from a cyberattack into long-term damage that 
would be measured in weeks or months----
    Mr. Meadows. All right.
    Mr. Cauley [continuing]. Because you have to hurt the 
equipment to do that.
    Mr. Meadows. OK. And that is really my focus, is not 
turning a switch off here or there or, you know, tripping a 
breaker or, you know, making a jack go out. That is minor.
    I guess the type of cyberattacks that we are seeing and 
hearing about in classified settings not directly related to 
the electric utility business are very sophisticated. And so, 
being able to come in and--so I assume, you know, going into a 
generated capacity--so let's say you got a generator and you--
you know, there is all kinds of controls and switches to make 
sure that you don't run into problems with the electrons, let's 
put it that way.
    And so, all the sudden, somebody coming in with nefarious--
not just turning a switch off, you know, can scramble it in 
such a way that it would create unbelievable damage, certainly 
from a standpoint of generated capacity, I mean--I don't want 
to talk about it in an open forum like this, but I guess my 
concern--are you not having those kinds of conversations which 
are more than just turning the power switch off, as happened in 
the Ukraine, but really causing long-term damage either to 
generation capacity or transmission capacity?
    Mr. Cauley. Yes, Congressman. I have the privilege of going 
to very similar highly classified briefings, as well. But I 
also have 35 years of experience working in substations with 
equipment. And I understand the threats of black energy or 
aurora, or those things. It is very difficult to transform an 
action--the predominant behavior we are seeing today is 
surveillance-type behavior. But to transform that into an 
action that destroys a piece of equipment is technically very--
    Mr. Meadows. Well, that is comforting to know. I mean----
    Mr. Cauley [continuing]. Very complex.
    Mr. Meadows. And so that is real comforting, because what I 
am going to do is I will follow up with both you and Mr. Spence 
as it relates to this because, you know, again, it is one of 
the number-one questions that I get, is just a real concern. 
You know, it is about hitting the grid. And most people don't 
understand the interconnectivity between utilities. And so a 
lot of that gets blown way out of proportion.
    Mr. Cauley. Right.
    Mr. Meadows. But yet, at the same time, your confidence 
level, if there were a cyberattack on an investor-owned 
utility, you know, somewhere in the Midwest, the damage they 
could cause, in your opinion, would be minimal.
    Mr. Cauley. The damage on the----
    Mr. Meadows. Physical damage.
    Mr. Cauley [continuing]. Business and information systems, 
that would be their business risk. But on the grid it is very 
difficult. It is very unlikely to put a grid out for 1 to 2 
weeks. I think----
    Mr. Meadows. So what you are saying is mass outages for 
multiple weeks or days, are--in your opinion, is going to be a 
weather-related event.
    Mr. Cauley. Or the other thing is a physical attack, which 
is shooting explosive devices at the substation are the two 
things I think can get into that 1 to 2 weeks and beyond----
    Mr. Meadows. But those are a lot easier to anticipate and 
plan for.
    Mr. Cauley. It is very complicated to do 20 sites at once 
with a physical attack with the current law enforcement we 
have. So I think that risk is mitigated as well. But it is the 
one I worry about the most, is a physical attack.
    Mr. Meadows. Well, that is very helpful. I will follow up 
with all of you. And from an REA [Rural Electrification 
Administration] standpoint I just want to say thank you, as a 
member of my local REA. I have a great affinity for my REAs.
    Ms. Kilmer. Thank you very much.
    Mr. Meadows. All right. I yield back.
    Mr. Barletta. Thank you. I just have one more question, Mr. 
Spence. My colleague--Mr. Spence, my colleague from 
Pennsylvania highlighted that too many coal power plants have 
closed. Are you concerned that having fewer generation 
facilities online makes the grid, as a whole, more vulnerable?
    Mr. Spence. I am not. In fact, Mr. Cauley and his team are 
also responsible, as part of their duties, to evaluate with 
very detailed modeling region by region, the impact of 
retirements of any sort on the grid of a major power station. 
So they have evaluated this multiple times, in fact, and have 
found that we continue to maintain an adequate reserve of 
capacity, should we see more retirements than actually 
    So, even with the forecasted retirements, which are many, 
particularly on the coal side, we still have adequate capacity 
to meet all of our projected needs for power.
    Mr. Barletta. Thank you. I look forward to working with 
each and every one of you, and welcome your input as we move 
forward on this initiative.
    I thank you all for your testimony. Your comments have been 
helpful to today's discussion.
    If there are no further questions, I would ask unanimous 
consent that the record of today's hearing remain open until 
such time as our witnesses have provided answers to any 
questions that may be submitted to them in writing, and 
unanimous consent that the record remain open for 15 days for 
any additional comments and information submitted by Members or 
witnesses to be included in a record of today's hearing.
    [No response.]
    Mr. Barletta. Without objection, so ordered.
    I would like to thank our witnesses again for their 
testimony. If there are no further questions to add, the 
subcommittee stands adjourned.
    [Whereupon, at 1 p.m., the subcommittee was adjourned.]