[Senate Hearing 114-505]
[From the U.S. Government Publishing Office]
S. Hrg. 114-505
S. 3018, THE SECURING ENERGY INFRASTRUCTURE ACT, AND TO EXAMINE
PROTECTIONS
DESIGNED TO GUARD AGAINST ENERGY DISRUPTIONS
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON PUBLIC LANDS, FORESTS, AND MINING
OF THE
COMMITTEE ON
ENERGY AND NATURAL RESOURCES
UNITED STATES SENATE
ONE HUNDRED FOURTEENTH CONGRESS
SECOND SESSION
__________
JULY 12, 2016
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Printed for the use of the
Committee on Energy and Natural Resources
Available via the World Wide Web: http://fdsys.gov
_________
U.S. GOVERNMENT PUBLISHING OFFICE
21-995 WASHINGTON : 2017
____________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001
COMMITTEE ON ENERGY AND NATURAL RESOURCES
LISA MURKOWSKI, Alaska, Chairman
JOHN BARRASSO, Wyoming MARIA CANTWELL, Washington
JAMES E. RISCH, Idaho RON WYDEN, Oregon
MIKE LEE, Utah BERNARD SANDERS, Vermont
JEFF FLAKE, Arizona DEBBIE STABENOW, Michigan
STEVE DAINES, Montana AL FRANKEN, Minnesota
BILL CASSIDY, Louisiana JOE MANCHIN III, West Virginia
CORY GARDNER, Colorado MARTIN HEINRICH, New Mexico
ROB PORTMAN, Ohio MAZIE K. HIRONO, Hawaii
JOHN HOEVEN, North Dakota ANGUS S. KING, JR., Maine
LAMAR ALEXANDER, Tennessee ELIZABETH WARREN, Massachusetts
SHELLEY MOORE CAPITO, West Virginia
Subcommittee on Energy
JAMES E. RISCH, Chairman
JEFF FLAKE JOE MANCHIN III
STEVE DAINES BERNARD SANDERS
BILL CASSIDY DEBBIE STABENOW
CORY GARDNER AL FRANKEN
JOHN HOEVEN MARTIN HEINRICH
LAMAR ALEXANDER MAZIE K. HIRONO
ROB PORTMAN ANGUS S. KING, JR.
SHELLEY MOORE CAPITO ELIZABETH WARREN
Colin Hayes, Staff Director
Patrick J. McCormick III, Chief Counsel
Brianne Miller, Professional Staff Member
Angela Becker-Dippman, Democratic Staff Director
Sam E. Fowler, Democratic Chief Counsel
David Gillers, Democratic Senior Counsel
C O N T E N T S
----------
OPENING STATEMENTS
Page
Risch, Hon. James E., Subcommittee Chairman and a U.S. Senator
from Idaho..................................................... 1
Manchin III, Hon. Joe, Subcommittee Ranking Member and a U.S.
Senator from West Virginia..................................... 2
King, Jr., Hon. Angus S., a U.S. Senator from Maine.............. 4
Heinrich, Hon. Martin, a U.S. Senator from New Mexico............ 5
WITNESS
Hoffman, Patricia, Assistant Secretary, Office of Electricity
Delivery and Energy Reliability, U.S. Department of Energy..... 6
Highley, Duane, President and CEO, Arkansas Electric Cooperative
Corporation (AECC)............................................. 14
Manning, Robin, Vice President, Transmission, Electric Power
Research Institute (EPRI)...................................... 24
Stacey, Brent, Associate Laboratory Director, National & Homeland
Security, Idaho National Laboratory............................ 37
ALPHABETICAL LISTING AND APPENDIX MATERIAL SUBMITTED
American Public Power Association:
Statement for the Record..................................... 85
Heinrich, Hon. Martin:
Opening Statement............................................ 5
Highley, Duane:
Statement for the Record..................................... 14
Written Statement............................................ 17
Response to Question for the Record.......................... 76
Hoffman, Patricia:
Statement for the Record..................................... 6
Written Statement............................................ 8
Responses to Questions for the Record........................ 67
King, Jr., Hon. Angus S.:
Opening Statement............................................ 4
Manchin III, Hon. Joe:
Opening Statement............................................ 2
Manning, Robin:
Opening Statement............................................ 24
Written Testimony............................................ 26
Protect Our Power:
Statement for the Record..................................... 89
Risch, Hon. James E.:
Opening Statement............................................ 1
S. 3018, the ``Securing Energy Infrastructure Act''.............. 60
Stacey, Brent:
Opening Statement............................................ 37
Written Statement............................................ 39
Responses to Questions for the Record........................ 77
S. 3018, THE SECURING ENERGY INFRASTRUCTURE ACT, AND TO EXAMINE
PROTECTIONS DESIGNED TO GUARD AGAINST ENERGY DISRUPTIONS
----------
TUESDAY, JULY 12, 2016
U.S. Senate,
Subcommittee on Energy,
Committee on Energy and Natural Resources,
Washington, DC.
The Subcommittee met, pursuant to notice, at 2:30 p.m. in
Room SD-366, Dirksen Senate Office Building, Hon. James E.
Risch, Chairman of the Subcommittee, presiding.
OPENING STATEMENT OF HON. JAMES E. RISCH, U.S. SENATOR FROM
IDAHO
Senator Risch. We are going to bring this meeting to order,
a couple of minutes early, as a matter of fact.
We do have a vote at 3:30 and, having looked at the agenda,
the witnesses and the participants, I have every confidence
that we can get done what we necessarily have to get done in
order to finish by 3:30.
With that, the purpose of today's hearing is to receive
testimony on Senate bill 3018, the Securing Energy
Infrastructure Act, and to examine protections designed to
guard against grid disruptions.
This is a result of, I think, what everybody acknowledges
and what everybody knows and that is that the electric grid
that we have in America is really, incredibly, dependable. That
is true particularly if you have traveled in other parts of the
world, you know how dependable our grid is.
Unfortunately, because of the development of the worldwide
web and those new ways of handling operations of controls, it
also now has vulnerabilities. These vulnerabilities, obviously,
are targets by people who wish to do us harm. As a result of
that, those of us who deal with this every day believe we
should take a look at doing this better, perhaps even doing
this differently.
One of the things that brought this to light, and only one
of the things, was an event that happened on December 23rd,
2015 in the Ukraine where an attack shut down their electric
grid system and caused immeasurable damage and difficulty for
the people of the Ukraine.
The attack could have been substantially worse. And it was
not because they operate differently than we do in that a lot
of their actions and operation of the grid is done with manual
procedures as opposed to automated systems.
We, here in America and other first world countries, have
really gone to automated systems for a lot of different
reasons, not the least of which was/is convenience and
reliability, but also those kinds of things do open us up to
additional vulnerabilities.
This bill was originally introduced by Senator King and me,
and our co-sponsors are Senators Collins and Heinrich. It is
not by coincidence that all four of us are on the Intelligence
Committee and we hear stories, not only stories, but expert
opinions on what can happen not only to our grid but to other
grids around the world, a good share of which we cannot share
with you. But suffice it to say that the facts are sufficiently
concerning that this is a subject that needs the attention of
the U.S. Congress. So here we are today with this bill.
As everyone knows this is a two-year pilot project. It
certainly isn't designed to be an absolute solution, but it is
designed to explore possibilities of how the United States can
handle one of these.
Speaking for myself, not the other co-sponsors but speaking
for myself, I truly believe that the next significant event,
and when I talk about a significant event, I mean a really
significant event, will not be a kinetic event, but will indeed
be an event that takes place in the cyber world that causes
considerable grief and harm to Americans. As we all know, we
face significant challenges in that arena.
We have asked four people to be with us today to testify.
We are going to start today with Ms. Pat Hoffman, who is
Assistant Secretary in the Office of Electricity Delivery and
Energy Reliability with the Department of Energy. She will
start us off with an overview of the Department of Energy's
work protecting our grid from energy disruptions.
We also have Mr. Duane Highley, President and CEO of the
Arkansas Electric Cooperative Corporation. He is also co-chair
of the Electric Subsector of the Coordinating Council.
We also have Mr. Rob Manning, Vice President of
Transmission for the Electric Power Research Institute.
Finally, last but certainly not least from the great State
of Idaho, we have Mr. Brent Stacey, who is Associate Lab
Director at the Idaho National Laboratory. Right now, Idaho's
National Laboratory is the world leader in critical
infrastructure and control systems research, primarily because
of the expenditures that we have made developing the systems
and the facilities to do that research. I am sure Mr. Stacey
will describe that for us.
With that, I certainly welcome everyone here today. I think
this is a good opportunity. This is not a complicated bill. It
is a bill that is intended to move us forward in a cautious way
but a way that will help underscore some of the vulnerabilities
that those of us on the Intelligence Committee have heard about
over time.
Senator Manchin.
STATEMENT OF HON. JOE MANCHIN III, U.S. SENATOR FROM WEST
VIRGINIA
Senator Manchin. Mr. Chairman, thank you, and thank all of
you for being here today. I want to thank you for scheduling
this hearing, Mr. Chairman, and for your work on this important
bill that we are working on. I also want to thank Senators King
and Heinrich for their leadership on this issue. I appreciate
our witnesses joining us today for this very special
discussion.
The electric grid is essential to our lives and is also the
lifeblood of the economy. The grid moves power hundreds, if not
thousands, of miles to our houses, office buildings and
factories every day. People and business in the Northeast and
the Mid-Atlantic states are heavily dependent on a well-
functioning grid to access power generated in my home State of
West Virginia.
The Energy Information Administration, EIA, reports that in
2014 West Virginia produced approximately over 80,000 kilowatt
hours of electricity. The EIA consistently reports that West
Virginia typically exports more electricity than it consumes,
so we are a net exporter of electricity.
West Virginia's neighbors, Maryland, Virginia, Washington,
DC and others, depend on us for reliable electric generation,
not to mention coal and natural gas production. Whether because
of a cyber or physical attack or some other energy disruption,
imagine what it would be like if West Virginia stopped
producing and delivering energy. Incidents like the polar
vortex quickly become even more dangerous and likely tragic.
The secure and reliable transportation of energy is vitally
important to our state's economy and to the safety and health
of our citizens and those in neighboring states, so I believe
today's hearing is an important start to a longer conversation
about the security of our grid.
As the electric industry has increased its reliance on
digital technologies to better serve consumers, the grid has
grown more vulnerable to cyber-attack. Just last December the
first successful cyber-attack took place against part of
Ukraine's electric grid demonstrating that shutting down the
grid is a real possibility.
Many cyber experts have come to the conclusion that it is
not a question of ``if'', but a question of ``when'' a massive
attack on our grid will occur. We must do everything we can to
protect and prepare, including hardening our networks to
protect the grid and ensure the continued reliable delivery of
electricity. But we also need to focus on emergency
preparedness and incident response to minimize the effects of a
potential attack. That is why the King/Risch/Collins/Heinrich
bill is a step in the right direction.
Senate bill 3018 would establish a two-year pilot program
within the national labs to research and test technology that
could be used to isolate and protect the most critical systems
of the electric grid. It would also establish a working group
to evaluate the proposals of the pilot program and develop a
national cyber informed engineering strategy.
Mr. Chairman, the 2013 attack on the Pacific Gas and
Electric substation in Metcalf, California reminds us that the
threats to our grid are not limited to cyberspace. According to
press reports, the Federal Energy Regulatory Commission has
identified a smaller number of critical grid-related facilities
that, if physically attacked, could significantly impair the
ability of utilities to keep the lights on.
Keeping America's energy network secure from cyber and
physical intrusions is critical as new technologies and threats
continue to emerge from transnational organized crime,
terrorists' groups and hostile foreign governments. The
argument goes that the smarter and more connected the power
grid becomes, the more vulnerable it becomes. I am sure you are
familiar with the scale we are talking about.
The Department of Homeland Security reported that 56
percent of cyber incidents against critical infrastructure in
2013 were directed at energy infrastructure, mostly in the
electric grid. While the number has shrunk to 16 percent in
2015, there is much more to be done. That is why I support the
Energy Policy Modernization Act of 2016 that Chairman Murkowski
and Ranking Member Cantwell worked so hard to get passed out of
Committee and finally out of the Senate by a vote of 85 to 12.
Believe me, that does not happen here that often.
The bill includes a cyber energy section that includes the
research and development program to develop advanced cyber
security technologies, doubles the Department's current
investment in cyber-related research and development, supply
chain security and public/private partnerships.
It encourages the Department of Energy to work hand in hand
with the private sector. This recognizes the importance of
aligning government capabilities with the needs of industry
actors that are dealing with potential threats to our grid
every day.
The ability to deliver energy quickly, securely and without
interruption is something that West Virginia prides itself on.
So that is also why I am particularly appreciative of Senator
King's passion for this issue, and I commend him and all of the
co-sponsors of this bill.
Chairman Risch and Senator Heinrich's ongoing efforts for
this bill is muchly appreciated.
I want to thank the Chair for holding this hearing, and I
look forward to the testimony of our witnesses. At this time, I
would like to turn it over to Senator King.
Senator Risch. Senator King.
STATEMENT OF HON. ANGUS S. KING, JR., U.S. SENATOR FROM MAINE
Senator King. Thank you.
I first want to commend the Chair. This is first in my
experience of a hearing that actually started early rather than
late. That bodes well.
Senator Risch. If it ends or that could be it.
Senator King. That is another challenge.
When I used to appear before the main legislature, the
first question always asked was, why are you here? I think the
answer in this case is pretty clear.
As Senator Risch mentioned he and I serve together on the
Intelligence Committee. I am also on the Armed Services
Committee. I would say in virtually every hearing that we have
had over the past four years that I have been to, somehow the
cyber vulnerability comes into the conversation.
In fact we had a classified Armed Services Committee
hearing just this morning on this very issue, and I
characterize this as the longest windup for a punch in the
history of the world.
We know that it is coming, and we know that there are
people who are actively working to do us harm right now. And we
have had warning shots--OPM, SONY, and others.
As Senator Manchin mentioned, we are asymmetrically wired,
so we are asymmetrically vulnerable. This is a very
straightforward bill, and it does grow out, to some extent, of
the experience in the Ukraine where when they found that they
had analog and human intervention at certain key points. We are
not talking about rewriting all the software or dumbing down
the grid. We are talking about inserting some elements of
analog and human intervention at certain critical points in
order to protect us.
Interestingly enough, just this year, just in the last few
weeks, there has been an analogous policy recognition in the
United States Navy. For the first time in 20 years Annapolis is
now going back to the teaching of celestial navigation, and the
reason is that you can't hack a sextant.
This is a recognition that with all of our sophistication
comes additional vulnerability and that what we are attempting
to do today is to talk about and work on, on a pilot basis, and
on a voluntary basis for the utilities, some unconventional
solutions to this vulnerability challenge. I do not want to go
home to Maine after a disastrous attack somewhere in the United
States on our critical infrastructure and explain that we did
not try some various options.
That is the reason I brought forth the bill. It grew out of
conversations with Senator Risch and the work that we have done
in the Intelligence Committee, and I am delighted that we are
here today.
I appreciate the opportunity to present this bill.
Thank you.
Senator Risch. Thank you, Senator.
Do you have an opening statement you want to make, Senator
Heinrich?
STATEMENT OF HON. MARTIN HEINRICH, U.S. SENATOR FROM NEW MEXICO
Senator Heinrich. I do, Mr. Chairman, and I will make it
very quick.
I want to thank you for your work and Senator King as well.
I think this is a very important piece of legislation, and I am
pleased to be an original co-sponsor.
I want to reiterate Senator King and I both had a closed-
door hearing in Armed Services this morning that really drives
home what a real issue this is and how we need to take it very
seriously.
I do think it is important to make the point that this is
not about dumbing down the grid. I think Senator King, myself,
and others on this Committee have been very staunch advocates
of smart grid technology, of microgrids, and of all of the
developments that are making our grid much more responsive
today. But it is about having those backups in place and those
fail safes in place.
I think it is important to state that our bill is not
prescriptive in that the working group has the flexibility to
consider a full range of options.
So, once again, I want to thank Chairman Risch and I want
to thank Senator Manchin for holding this hearing today, and I
very much look forward to the testimony from our witnesses who
are here.
Senator Risch. We will now turn to our witnesses. Ms.
Hoffman, would you care to start us off, please?
STATEMENT OF PATRICIA HOFFMAN, ASSISTANT SECRETARY, OFFICE OF
ELECTRICITY DELIVERY AND ENERGY RELIABILITY, U.S. DEPARTMENT OF
ENERGY
Ms. Hoffman. Thank you, Chairman Risch, Ranking Member
Manchin and members of the Subcommittee. Thank you for
continuing to highlight the importance of a resilient electric
grid.
The Department also appreciates the opportunity to provide
initial views on Senate bill 3018, the Securing Energy
Infrastructure Act.
The Department supports the goals of Senate bill 3018 which
are consistent with the Department's ongoing role to helping
ensure resilient, reliable and flexible electricity system in
an increasingly challenging environment.
The Department would like to work with the sponsor and this
Committee to offer continued additional input on the bill, and
I will discuss this later on in my testimony.
Our economy, national security and even health and safety
of citizens depend on a reliable delivery of electricity. The
mission of the Office of Electricity Delivery and Energy
Reliability is to strengthen, transform and improve the energy
infrastructure to ensure access to reliable, secure and clean
sources of energy. We are committed to working with our public
and private sector partners to protect that the nation's
critical energy infrastructure, including the electric power
grid, from disruptions caused by natural and manmade events,
physical security events and cyber security events.
A crucial factor in meeting these challenges will be to be
proactive and cultivate, what I call an ecosystem of
resilience, a network of owners and operators, regulators,
vendors, Federal partners and consumers, working together to
strengthen our ability to prepare, respond and recover.
Our organization works on in-depth strategies, products and
tools which inform and educate industry as well as state and
local officials in their energy emergency preparedness
activities. As part of the Administration's effort to improve
the electric sector, cyber security capabilities, the
Department and industry partners are developing and have
developed a maturity model. This evaluation tool helps an
organization prioritize and advance its security posture in the
areas such as information sharing, supply chain management and
access control, just to name a few.
The Department of Energy has provided strategic leadership
by requesting and facilitating the development of an
electricity information sharing and analysis center and the
development of the Electric Sector Coordinating Council. The
Electric Sector Coordinating Council is a group of leaders from
the electric sector that meet regularly with government to
coordinate and share information.
When the power goes out the local utility is a first
responder. Should any threat or emergency exceed local or
private resources or require a full blown response, the
Electric Sector Coordinating Council will engage with the
Federal Government for a coordinated response to a crisis
activity.
The keys to strengthening resilience are not only from
better threat insight and response but also through innovation.
Advanced technology and innovation in cyber security, storage,
and microgrids will help the industry get ahead of these risks.
All of the Department's cyber security research initiatives are
based on industry involvement, joint funding with matching
funds and the development of an end goal to get industry
deployment.
There are several examples of DOE, our organization's,
activities that support cyber security technologies developed
for the power grid and use physics and the capabilities of the
electric grid to its advantage. One example is an industry-led
research project that helps the protection and control
equipment check the commands it receives to ensure these
commands support this ability of grid operations. Another
example is a national laboratory-led research that is designing
cyber security awareness and to power system applications
themselves so that malicious actors should not be able to
manipulate power system devices.
Thank you for the opportunity to provide technical
assistance on Senate bill 3018. We agree with the goals of the
bill to strengthen the cyber security posture by allowing the
DOE national laboratories to study the systems most critical to
national security.
With respect to assessments, many electric sector entities
already conduct vulnerability assessments of part of the
standards set by the North American Electric Reliability
Corporation. Yet, there still may be a gap where the DOE
national laboratories should partner with industry.
But even assessments aren't enough. Research is required to
conduct cyber engineering to mitigate these risks.
In conclusion, threats will continue to evolve. The
Department is working diligently to stay ahead of the curve. To
accomplish this, we must invest in resilience, encourage
innovation and use the best practices to raise the energy
sector's cyber security, physical security maturity level as
well as strengthen incident response and recovery capabilities.
Thank you. This concludes my remarks, and I look forward to
any questions that you may have.
[The prepared statement of Ms. Hoffman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Risch. Thank you, Ms. Hoffman.
You mentioned that, I thought I picked up in there, you had
some suggestions for the bill. Do you have any specifics at
this point?
Ms. Hoffman. With respect to specific suggestions, one
suggestion that we have is to make sure to coordinate with the
Electric Sector Coordinating Council, which Duane is a co-chair
of the Council, as part of the working group.
We would like to make sure that we have leverage the
continued capabilities within----
Senator Risch. I hope you will put some language together
for us, and we will be happy to have a look at that. As I think
everybody has picked up here, this is not a partisan issue, by
any stretch of the imagination. We are all pulling the wagon
together here, and I think that the Administration's view on
this, particularly DOE's, will be very helpful for us as we go
forward.
If you will get that for us, we would sure appreciate it.
Thank you.
Ms. Hoffman. Thank you.
Senator Risch. Thank you.
Mr. Highley.
STATEMENT OF DUANE HIGHLEY, PRESIDENT AND CEO, ARKANSAS
ELECTRIC COOPERATIVE CORPORATION (AECC)
Mr. Highley. Yes, sir.
Chairman Risch, Ranking Member Manchin and all members of
the Committee, thank you for the invitation to testify today.
It's an honor to sit on this panel with these colleagues that I
respect so much.
I serve as President and CEO of the Arkansas Electric
Cooperative Corporation. We serve a million Arkansans with
reliable and affordable, non-profit electricity.
Electric co-ops in the United States serve--900 coops serve
42 million people in 47 states covering 75 percent of the
nation's land mass. That's 2,500 of the 3,100 counties in this
country. You can imagine the challenge protecting that much
infrastructure from intentional attack, let alone just normal
weather events. But the challenge of protecting that is
actually impossible, but we're working on it all the time.
I serve as co-chair of the Electric Subsector Coordinating
Council which is a public/private partnership of critical
infrastructure operators which coordinate with our government
counterparts on a regular basis on policy-level security
issues. So this council is comprised of 30 utility and trade
association CEOs. We represent all segments of the electric
industry. We work regularly with the White House, Department of
Energy, DHS, Federal Energy Regulatory Commission (FERC), the
FBI, National Security, all those agencies, to make sure that
electric policy is complementary to reliability for our
members.
Now through the ESCC, the Electric Subsector Coordinating
Council, we have this thing called the Information Sharing and
Analysis Center that provides real time information on threats
to utilities.
It's working well, but it could work even better. We would
like to see stronger communications and more timely information
flowing from government. We understand there's confidentiality
that has to be preserved, and yet when we get that information
we can send it on to our utility partners, who can take action.
So in the instance of the Ukraine event, the sooner we know
about what's going on there, the quicker we can develop a way
to respond.
Now as we develop standards for reliability on the grid, we
don't do that haphazardly. The grid has developed over 100
plus, and we have to be very deliberate about the way we make
changes to the grid. The way we do that is through a standard
setting process through NERC.
So if FERC passes a regulation, they pass it off to NERC,
the North American Reliability Corporation. Subject matter
experts vet that. The NERC Board approves it. FERC then
approves that, and those standards then become mandatory and
enforceable on this industry. We can face fines of up to $1
million a day for violations of cyber security regulations or
physical security regulations, and NERC has established
standards for physical security and GMD.
Now the standards are based on criticalities. So the most
critical assets get the largest amount of standards. Less
critical don't have as much. Just for example in our little co-
op we have 90 million log entries a day that we have to
preserve of what computer talked to what computer so we can
ensure that that is not, nothing bad is happening.
Now our main answer to all threats is defense in depth. We
didn't design the grid to protect against intentional acts of
war, but when we designed it with the redundancy to cover
weather events and equipment failure we end up having high
reliability. And if you imagine the very worst threats
possible, a bad event like a tornado or an earthquake, we've
seen the grid out for, maybe, days. A really terrible event
like a hurricane or a massive regional ice storm, you might see
it out for a week or two.
But the reason those events don't cause greater outages is
because of the reliability that's already built into the grid,
and that's also going to protect us from intentional attack.
And we talk about EMP (electromagnetic pulse), which is a
doomsday scenario and would constitute an act of war against
the United States. It would impact more than just the electric
sector. If we fried all the microprocessors, obviously, it
would affect gas pumps, ATMs, cash registers, automobile
engines. We're concerned about the impact of EMP but we want to
act based on facts, not speculation, which is why we want to
hear from EPRI about the good work they're doing on a voluntary
basis to try and figure out the threat, characterize it, so we
can design appropriate mitigation.
We have to remember that we could gold plate every
substation, but there's transmission lines coming in and out so
we have to balance the amount of effort we put on protecting.
We can't overprotect one area and leave the rest vulnerable.
How can Congress help? We thank you for the FAST Act and
for the Consolidation Appropriation Act which is already
helping us improve government and industry coordination.
The insider threat is one of the largest factors we face
now. We'd like to see you consider legislation giving the FBI
authority to assist the industry with fingerprint-based,
criminal and terrorist background checks so the people that
operate our control systems we know don't have a bad
background.
And we find Senate 3018, Securing Energy Infrastructure
Act, to be very complementary to the industry efforts.
Please avoid a one-size-fits-all legislation. The grid has
been custom-designed based on geography and the characteristics
of the grid. And if we can work that through the NERC standard
setting process, I think we'll end up with the best result.
Thank you.
[The prepared statement of Mr. Highley follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Risch. Thank you very much.
Mr. Manning.
STATEMENT OF ROBIN MANNING, VICE PRESIDENT, TRANSMISSION,
ELECTRIC POWER RESEARCH INSTITUTE (EPRI)
Mr. Manning. Thank you, Mr. Chairman. Thank you, Senators
and staff.
I appreciate the opportunity this afternoon to talk about
the electric grid. It is a passion of mine, and anytime I talk
about the grid I get excited. So I'm excited to talk about that
this afternoon.
I've spent 38 years of my life dedicated to grid operations
in one way or another. I've taken apart an analog relay and
reassembled the analog relay. I've taken apart a digital relay.
Well, I'll stop there. Perhaps I didn't reassemble that one.
But I will say that it's always exciting to talk about the
electric grid. And I have watched, over the last 38 years, the
transformation of our nation's electric grid from what it was
to a true technological marvel that we see in operations today.
After all, it's a tremendously integrated system. It's a
tremendously complex engine, in fact. And in short, we deal
with a unique commodity.
Electricity is a unique commodity. We make it, we move it
at the speed of light, and we use it all at exactly the same
time. And there's no doubt that there's such a complex system
out there to manage that. And to operate that grid requires
huge volumes of information. It requires constant attention. It
requires constant tremendous diligence by operators like Mr.
Highley here.
This is particularly true as we begin to see greater
concentrations of intermittent resources such as renewable
energy resources as they enter the equation. These are
important resources. They are clean resources. They are a part
of our future, but integrating those resources creates a
greater reliability on technology.
The U.S. grid is a collaborative engine. Utilities across
our country work carefully together, day in, day out, to ensure
a safe, reliable supply of electricity flows from home to home.
Even so, from time to time, we face threats that challenge the
reliability that for which we become known. And many of these
threats are predictable and become very manageable, like
evening thunderstorms.
Yet, we're also seeing an emerging class of threats which
we have dubbed high impact, low frequency events that are less
predictable. They're more problematic when it comes to
preparation and recovery. And certainly much of the discussion
this afternoon centers around cyber security threat, but
utilities are evaluating risk and threats from many potential
hazards and each of these potential hazards have to be
evaluated and understood so that determination can be made
regarding strategies to address the entire array of potential
threats.
And we can learn from the threat analysis that is taking
place and from the approach taken with other high impact, low
frequency events, such as the threat, for example, of
electromagnetic pulse, or EMP, on the grid. EPRI is
initializing a broad collaborative effort with the assistance
of the Department of Energy and the ESCC, as Mr. Highley spoke.
And in doing so, we are adopting a consistent methodology used
to develop a deeper understanding of threats and mitigation
options.
This mitigation, this methodology, highlights a scientific
approach to adopting change within the complex U.S. grid. The
methodology is a tried and true method of threat mitigation. It
requires systematic research and development, and it provides a
scientific basis underpinning to any significant change
initiative.
Essentially, the methodology requires a clear
characterization of the threat and identification of potential
vulnerabilities, evaluation of the impacts and risk and
identification of mitigation, hardening and recovery practices
and tools and a well-defined decisionmaking process that
considers the balance of risk and reward.
Finally, we need to ensure that there are trials, that
there are pilots, so that we understand the true implications
of applying changes to a very complex system. We believe
following an approach such as this one ensures there are no
unanticipated impacts any time you introduce change into a
complex system like the U.S. grid, even a change that is
designed to simplify.
The MP initiative provides a solid technical approach that
it considers all impacts, mitigation, recoveries, even the cost
to implement, allowing utilities to take these considerations
and balance them against effective risk making decisions.
So, we at EPRI, we were created to serve the public good.
We do that by providing a scientific basis for safe, reliable,
affordable and environmentally responsible energy. And it is
this consistent supply of energy that fuels our nation. But it
is the well-rounded, thoroughly understood science that is the
underpinning of this energy supply and its carefully
constructed research and development that is the pathway to
lighting our future and negotiating all manner of threats, even
ones so ominous as cyber security.
I couldn't help but be struck, Mr. Chairman, by your
comment. It is science that answers the question, can we do it
better? Should we do it differently?
Thank you very much. I look forward to your questions.
[The prepared statement of Mr. Manning follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Risch. Thank you.
Mr. Stacey.
STATEMENT OF BRENT STACEY, ASSOCIATE LABORATORY DIRECTOR,
NATIONAL & HOMELAND SECURITY, IDAHO NATIONAL LABORATORY
Mr. Stacey. Chairman Risch, Ranking Member Manchin and
distinguished members of the Subcommittee, I want to thank you
for holding this hearing and inviting testimony from Idaho
National Laboratory, also known as INL.
As a fellow citizen of Chairman Risch's home State of Idaho
and the Associate Laboratory Director of INL's National and
Homeland Security directorate, I'm honored to participate and
request that my written testimony be made a part of the record.
INL extends its gratitude to Senators King, Risch, Collins,
Heinrich, Crapo, and Murkowski for the leadership and
dedication demonstrated in sponsoring Senate bill 3018 with the
goal of establishing a pilot program to develop a cyber
informed, engineering strategy that defends our energy
infrastructure from the most serious security threats.
INL views this bill as an opportunity to perform the
research and development and testing that are necessary to
explore, innovate and validate with science-based data the
ground truth on credible, high consequence, vulnerabilities and
their mitigation.
We understand that the solutions will include advanced
technologies and engineering alternatives that can be proven
and practically implemented.
We believe that our understanding is consistent with the
intentions and perspectives of many peers in government and in
industry. My colleague, Mike Assante, the SANS Lead for
Industrial Control System and Supervisory Control and Data
Acquisition Securities, said it this way, and I quote, ``Beyond
enhancing our cyber defenses our goal is to unlock the greatest
benefits that technology offers but not go so far as to ignore
the select need to establish responsible limits and
alternatives.'' This is a role appropriate for national labs.
INL, as well as other laboratories, partner today on a
breadth of solutions. This research is sponsored by and
coordinated with Assistant Secretary Hoffman, leading DOE's
Office of Electricity Delivery and Energy Reliability, DOE's
Office of Nuclear Energy, the National Nuclear Security
Agency's Office of Defense Nuclear Non-Proliferation and DOE's
Office of Intelligence and Counter Intelligence.
Our utilities have been efficient and effective in
positioning the electric sector's infrastructure for
functionality, reliability and safety and in raising their
cyber security awareness and posture. Yet, with the advent of
sophisticated and adaptive cyber adversaries, we are now faced
with the need to enhance our infrastructure security that it
can better detect, resist, absorb and respond to the most
sophisticated cyber attackers.
INL's vision for control system cyber security research is
grounded on the following principles and trends. First, the
speed of technological innovation is outpacing traditional
approaches. Second, determine sophisticated and patient
adversaries will be successful in penetrating an
infrastructure's digital systems. Third, a disciplined
adversary likely will know the dynamics of digital technology
better than the asset owner and the asset owner will know their
engineering and processes better than the adversary. We need to
leverage our knowledge advantage and strengths. And fourth,
technology for automation and digital control are inherently
embedded into our infrastructure. It's simply not feasible to
go back and implement large scale manual control.
At INL, we believe that unexplored options exist for taking
consequences off the table. To this end, INL is piloting a
transformative approach. We call it consequence driven, cyber
informed, engineering, or CCE for short.
CCE reprioritizes the way we look at high consequence risk
within control system environment. This process starts with
identifying the highest impact, most severe consequence and
then discovers the best process design and protection
approaches for engineering out the cyber risk. Further reducing
risk will require government research and industry toward a
common goal complemented by investment in over the horizon
research and development addressing these holistic solutions.
An example of a significant step forward in partnering
within national laboratories to address this national
challenge, INL, Pacific Northwest National Laboratory and
Sandia National Laboratories are teaming to lead a research
initiative that holistically addresses control system, cyber
security across multiple sectors of the infrastructure and
government.
I thank the Committee's members and fellow panelists for
their dedication to this complex challenge. Protection of the
energy sector deserves our full commitment to assure economic
prosperity and energy security, and INL welcomes its role in
serving the nation.
Your commitment to this hearing, the high quality of peers
as my fellow witnesses, your proposed legislative actions and
appropriations for research demonstrate that the nation is
actively engaged in addressing this challenge.
Thank you for inviting me today to testify, and I look
forward to your questions.
[The prepared statement of Mr. Stacey follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Senator Risch. Thank you, Mr. Stacey.
Thank all of you for your well advised thoughts and we
really appreciate that. Hopefully we will all be able to move
this forward together.
We are going to go to a round of five minute questions.
Since we do have the vote at 3:30, I would urge everybody to be
as succinct as they can in their questions and answers. I want
to have everybody have an opportunity, so I will pass. I will
waive, at least at the outset, and proceed to Senator Manchin.
Senator Manchin. Thank you. Thank you, Mr. Chairman.
My one concern is the reliability of the grid and if you
are concerned about that base load fuel being in jeopardy of
giving you the necessary reliability. Do any of you have
concerns about that with so much of our base load being
diminished?
Very quickly, anybody? Do you want to start, Mr. Manning?
Mr. Manning. So it does change. It changes the equation. So
we have designed----
Senator Manchin. We are talking base load, mostly, the
fossils have come offline. Okay, we understand that and we know
there is a transition going on.
But are we in jeopardy of the system basically not being
able to provide reliability?
Mr. Manning. No, I don't believe we're in jeopardy.
Senator Manchin. Okay.
Mr. Manning. But I do think we have to operate the system
differently tomorrow than we operated the system.
We spent 80 to 100 years operating it a certain way. And
the generation of today is very different from the traditional
generation and is creating new operational protocols, is
demanding new technologies and we're implementing those as we
go. But I believe with Pat's help, with the help from FERC and
from NERC, we're managing that effectively.
Senator Manchin. My main concern on that was with the polar
vortex. PJM has about 61 million customers, and that is in all
of our area. They came within a razor's thin of collapsing.
Have you all been able to shore that up so that won't
happen again? Mr. Highley.
Mr. Highley. When we plan the grid we're always planning 10
to 15 years out. And so, we're definitely looking at the loss
of those coal and fossil assets and making the mitigation plans
now where transmission lines might be needed or gas pipeline
infrastructure might have to be enhanced.
Senator Manchin. Were you all aware of how critically close
that become?
Mr. Highley. Absolutely. It was also close in Arkansas that
same winter.
Senator Manchin. Okay.
Now I will go to the shrinkage. We call it shrinkage or
loss. Six percent of electricity is lost when it is transported
from generation facilities across transmission with the current
technology that we have and the current products we are using.
That is enough I understand to power two million homes for one
month. We are losing that much on the grid system.
Are there any changes, technology wise, that would give us
more efficiency so we don't have that much loss?
Ms. Hoffman, do you know of any?
Ms. Hoffman. So yes there is technology opportunities to
improve efficiency on the system.
With respect to the distribution system and some of the
Recovery Act activities, we did look at conservation voltage
reductions, really looked at better optimization and
utilization of the distribution system.
But there's also composite conductors, more efficient
conductors out there that can support capacity on the
transmission system as well as information technology such as
the dynamic line rating. But really to be able to maximize the
use of the transmission system, those are all some of those
technologies.
Senator Manchin. Are we changing the quality of products
that we are using or the composition of the products such as
ceramics? Are we using ceramics that I understand are much more
efficient?
Mr. Highley. I just might add on the transformers we're
buying power transformers.
We price in what the lifetime losses would be on that. So
it's a cost benefit analysis. The losses that we incur are
losses that are incurred because it's not cost effective to
make them lower, and when we buy that transformer we price that
in.
The ceramic technology comes at a price. There's limited
applications where that works, but most of the time you can't
afford it because the energy you're saving isn't worth it.
Senator Manchin. A final question, very quickly, to either
Mr. Stacey or Mr. Manning.
Which country do you think poses the greatest threat for
cyber security as far as the grid to the United States of
America? What organization or country?
Mr. Stacey. I would offer the industrialized countries have
the capability in many cases.
Senator Manchin. Which one has the desire and the interest?
Mr. Stacey. Well, there are probably a couple.
Senator Manchin. Do you want to name any names or do you
just want me to name them for you?
Mr. Stacey. I'd prefer not, but I would say the industrial
countries.
Senator Manchin. Mr. Manning?
Mr. Manning. That was a fantastic answer. I should say----
Senator Manchin. Are we talking China or Russia or Russia
and China?
Mr. Manning. Yes, you are.
Senator Manchin. Which one first?
Mr. Manning. So I'm not sure it matters which is first. I
think we were vulnerable to all. My answer was going to be
foreign countries.
Senator Manchin. Foreign. [Laughter.]
Mr. Manning. But I thought that was a very good answer.
Industrialized is a greater threat.
Senator Manchin. I got you. It was very nice.
Thank you very much. Thank you all.
Senator Risch. Senator Cassidy.
Senator Cassidy. Some folks from Bossier City, Louisiana,
the site of our Innovation Center, had a conversation with a
colleague of yours, Mr. Bachman. He differentiated between,
let's see if I have this correct, traditional IT systems
security personnel and the industrial control systems,
supervisory control and data acquisition systems security
personnel. I am learning that distinction, but is that a fair
distinction? I see everybody nodding their head yes.
The reason I bring that up is that he made the point that
whereas we have the number of ICS security professionals is
really limited, maybe 500 to 1,000 worldwide and we need tens
of thousands. Would you all agree with that statement?
Mr. Manning. Yes.
Senator Cassidy. Now I guess that begs the question of what
we are doing to address a shortage which is almost exponential.
Ms. Hoffman, I hate to put the--but you are the guy, you
are the gal from the government, if you will. To what extent
are we planning for that in attempting to address that critical
shortfall?
Ms. Hoffman. So what we're trying to do is we're working
with two universities to look at control system engineering. We
have the University of Illinois and the University of Arkansas
where we're trying to develop the next generation engineers
that have both a cyber security background and a power
engineering background.
But likewise not only are we trying to develop through the
research program engineers in this area, but we are also trying
to help the industry as their key need is to develop cyber
mutual assistance capabilities so if an event occurs they're
able to respond, the industry has the capacity to respond. And
so that's also a critical need that needs to be addressed.
Senator Cassidy. Now it seems though as if you are doing
not that much on man power or woman power training. I say that
because if you have two universities with an engineering
program, even if they are big engineering programs, they are
still relatively small. Again, if I am told we have 500 to
1,000 but we need tens of thousands, it seems, just if you are,
I mean, does anyone else see a problem with manpower there, so
to speak?
Mr. Highley.
Mr. Highley. Certainly the demand for technically-skilled
folks, a lot of times we have to go out of the country to get
those people. So it's just we don't produce enough in house to
make it happen.
Senator Cassidy. To what degree would you characterize the
shortage? Severe or OMG. [Laughter.]
Mr. Highley. If severe is the less strident of those
statements, I'll go with severe. I think it's something we want
to watch. We don't believe it's insurmountable.
And again, the Cyber Mutual Assistance that Pat mentioned
allows us to rely on our neighbors to help us in the event of
some kind of disaster.
Senator Cassidy. Gotcha.
Well, I will put a plug in for our Bossier City Cyber
Innovation Center which I think is trying to meet this need.
Let me ask as well. I was speaking to someone recently
about the attack at San Jose. I had read about that but I don't
know the whole thing about that. But obviously in one sense
very low tech. They just shot out a cooling system for a
transformer and almost brought it down.
At the time I read that this may have just been people
hoping to rip off copper but then subsequently I was told that
no, it was actually more sophisticated and folks had attempted
to infiltrate a communications system and cut lines. They did
not succeed. That is the only reason it was detected. Again, I
see people nodding in agreement with this assessment. So it
appeared a more coordinated thing. That is low tech.
I am also told that if you hit key, maybe as few as nine,
sub centers in the nation you could bring everything crashing
down. What are we doing to protect ourselves against the low
tech, if you will, not the EMP, but the guy with the rifle?
Mr. Highley. The first protection is that redundancy in
defense and depth so that we have lots of duplicate facilities.
The grid is planned so that any critical facility can be out of
the time of the greatest peak demand and yet the grid can
change to deliver power.
That's why in the Metcalf incident that you mentioned,
there was no loss of service to any customers, even though nine
transformers were destroyed. So that the grid continued to
deliver and that's our first base line is to design for that
and cover that.
So beyond that the most critical facilities have been
identified. They're not for public knowledge, but those
critical facilities are being hardened from that kind of
attack.
Senator Cassidy. Gotcha.
I am out of time. I appreciate it.
Thank you.
Senator Risch. Thank you.
Senator King.
Senator King. One of the genesis, what is the plural of
genesis, I wonder? Genoese, of this I knew my college Latin
would come in handy.
Of this legislation was an important paper written by Andy
Bachman and others, and the point they made was that the very
complexity of the grid adds vulnerability. Could you elaborate
on that, Mr. Stacey, that I think the term was the new layers
are petri dishes for the growth of new attack surfaces and new
interdependencies?
Mr. Stacey. I believe that as we ask the grid to do things
it wasn't necessarily originally designed to do, integrating
distributed resources and others, that takes computer
technology, software and other intelligent devices to be able
to manage that.
And when you do, there's an inherent side effect of
complexity associated with that kind of automation to manage
the efficiency and effectiveness and reliability of the grid.
That complexity, or the addition of automation, does include
some additional complexities and vulnerabilities.
Senator King. So what we are talking about is, I think,
there is a term I had never heard, attack surface interruption
zone, and that is really what we are talking about is a place
where an attack would be particularly devastating. It is not
the whole grid. We are not talking about re-engineering the
whole grid, but we are talking about picking out these
particular areas of vulnerability. Is that accurate?
Mr. Stacey. That's accurate.
These attack surface interruption zones are intended to
impact the sequence that a cyber attacker goes through to have
a well-planned and predictable event. And so these disruption
zones are intended to cause the attacker to have physical
access and not be able to access remotely.
Senator King. And that is the key term is physical access.
The Ukraine hack was done remotely, and the problem is once
they get through whatever the defenses are, if the whole system
can be run from the computer, then we are sunk.
Mr. Stacey. That's correct.
One of the biggest lessons learned, I believe, from the
Ukraine incident is being able to protect that remote access
both from others having access and also so that we can, the
asset owner, can have secure remote access.
Senator King. Well as I understand the history of the
Ukraine hack, one of the first things they did was change all
the passwords so the operators couldn't get back into their own
systems, and then they put malware in. I think it showed that
they had a sense of humor because the last thing they did was
turn out the lights in the control room. [Laughter.]
Well, I hope this legislation will be helpful to you in
focusing on this particular aspect. This is not intended to be
the be all and end all for cyber security. Clearly, that is a
massive issue.
We are trying to focus on this one area that the Ukraine
hack and the aftermath suggested, like the important one
possibility is simply air gapping some of these data systems.
But I understand there are vulnerabilities and limits to that.
This is another option.
Mr. Manning, your thoughts?
Mr. Manning. Well I could not help but think about your
reference to air gap.
During my time at TVA our system was air gapped. But you're
still vulnerable if there's physical access because you may not
be vulnerable as much to the intrusion from outside cyber, but
you're vulnerable from an inside actor who may give access to
someone, to an even an air gap system, via some other means.
Senator King. I was interested in your comments that we
need to also be talking about security of operators.
Mr. Manning. Exactly.
Senator King. Internal people rather than----
Mr. Manning. It's physical and cyber. And it strikes me
that all of these things, we have to understand and balance all
of these factors together because there are many threats and we
have to manage and balance all of those.
The complexity of the grid is by design. We added that
complexity intentionally because we were lacking in areas that
required that complexity. So the grid is inherently more
reliable now because of that complexity.
It is the technology that overlays it that has increased
that reliability. So it's becoming more and more reliable, but
the tradeoff is you have that greater threat factor out there
associated.
Senator King. You have more points of attack?
Mr. Manning. Yes.
Senator King. Not to depress us, but another whole area
that we have not discussed is risks in the supply chain.
I have a nightmare of all the bolts in all the
transmissions in all the vehicles dropping out on the same day
given that we are not sure where everything is coming from.
There may be vulnerabilities built into some of the physical
gaps or whatever it is that we are using. I presume that is
another, again, echoing the Senator from Louisiana. You all are
nodding. The record doesn't show nodding. [Laughter.]
So if you could say yes that would be helpful.
Thank you all very much for being here today and for your
good thinking on this very important issue, I appreciate it.
Senator Risch. Thank you, Senator King.
Senator Gardner.
Senator Gardner. Thank you, Mr. Chairman, and thank you to
the witnesses. This is an incredibly important topic and
something that is only going to grow as the latency of the
Internet evolves around us and becomes more and more prevalent
in everything we do, touch and work with.
Ms. Hoffman, I just want to start with you. In 2013 there
was a hack by Iranians of a New York hydropower facility. When
that occurred where do you fall? Where does Department of
Energy fall into the notification of that hack? Were you the
first to notify, the first to find out? How did that process
work?
Ms. Hoffman. So with respect to the Dam Sector, the Dam
Sector actually falls under the Department of Homeland
Security. So they would notify the entity would coordinate with
the local FBI as well as the Department of Homeland Security on
the notification of that.
That would go through the National Cyber Integration and
Communication Center. That information would then go out to all
the sectors with respect to it and be provided to the electric
sector information sharing organization which would provide it
to the entities involved.
Senator Gardner. Okay. So hydro power is not within the
Electricity Delivery and Energy Reliability Office?
Ms. Hoffman. No.
Senator Gardner. Okay.
Ms. Hoffman. It is not, sir.
Senator Gardner. And then so, at which point though--it is
important though that you know about this.
Ms. Hoffman. Yes.
Senator Gardner. When are you notified about it and how
does that notification occur?
Ms. Hoffman. So we get notified in a coordination call with
the Department of Homeland Security. We also participate on the
floor at the end kick. The Department of Energy is an active
participant there as well as the industry sector.
And so that ends up being the coordination point in which
notification comes out regardless of what sector would have an
incident or a breach.
We would also have, as part of the government, a unified
coordination group, a call across the Federal agencies, to make
sure everybody is on the same page.
The one thing that's really important with your question.
It's a valuable question because we want to make sure that we
have accurate information and get information out to the
industry as soon as possible so we may have a very early on
call, early on with respect to the knowledge and details of the
event to at least give some situational awareness but recognize
that more information will be coming out over time.
Like other events or unlike other events, physical events,
you can generally know that somebody shot a bullet at a
transformer. But with cyber security, the details tend to have
to--there has to be more investigation to get some of those
details.
Senator Gardner. Would an agency or a department like the
Department of State Cyber Bureau, would they reach out and
contact your agency or Department of Energy over a concern,
perhaps, that North Korea may be pursuing some kind of an
attack? How does that ever occur?
Ms. Hoffman. So with respect to any sort of outside
influences or interests, usually that comes from the
intelligence community into the Federal Government and then an
assessment is performed from that point of view. And so, that
would be the angle that we would get that information.
Senator Gardner. One of the things I am trying to
understand from the Department of Defense, to DHS, to
Department of State, Department of Energy, is how the
communication process works. I know you mentioned just one
that, you know, a dam's hydropower go through one system and
nuclear goes through another system and coal and nuclear go
through the same or electricity generation through fossil fuels
go through the same system, but not hydropower. That all goes
to grid reliability. Is that the best way to do it?
Ms. Hoffman. So we do have the existing sector specific
agencies where DHS is in charge of all the critical
coordination across all the critical infrastructures. The
Department of Energy is the sector specific agency for the
energy sector which includes electricity, oil and gas and those
are the sectors.
It's predefined how these sectors were developed under the
National Infrastructure Protection Plan, but the important
thing is that there is coordination and communication if there
is something that is going on in the electric sector.
For example, DHS co-chairs the Electric Sector Coordinating
Council meetings with the Department of Energy when we bring
the CEOs in and have these strategy discussions. So there is
very close coordination. And that is the only way, regardless
of the structure, the only way we're going to advance
information sharing communication and get ahead of the
discussions.
Senator Gardner. And if you were to have a cyber issue that
you wanted to address Congress with when it comes to a cyber
issue and electricity, who do you think the Committee
responsible for that jurisdiction is?
Ms. Hoffman. I would actually reach out to multiple
committees.
Senator Gardner. Any guess of how many? [Laughter.]
Ms. Hoffman. No guess, sorry, but thank you for the
question.
Senator Gardner. It is part of our problem and one of the
things I am very concerned about is what you just stated is you
would reach out to multiple committees because there seems to
be a lot of heads of cyber and no one responsible body,
something I am very concerned about.
Thanks.
Senator Risch. There's a lot of concern about that,
Senator. We appreciate that.
Let's see, Senator Heinrich.
Senator Heinrich. Thank you, Mr. Chairman.
Mr. Stacey, I want to go back to the partnership that INL
and some of our other labs, Sandia and Pacific Northwest have,
the work that has been done to look at this so far and ask you
specifically with regard to these data systems what that work
has generated in terms of generalized vulnerabilities and what
you are concerned about there and then what are some of the
standards or things we should be putting in place to mitigate
those vulnerabilities?
Mr. Stacey. Let me take the second part of the question
first.
I think a lot of the research and work that's been done,
not only with the national laboratories, but also with industry
and within the Department of Energy, has driven the NERC CIP
standards which has really driven more awareness and more
systematic discipline to overall protection of that process.
To answer the second question, I would share with you that
hygiene is an important element but it's not the only element.
And as we work at the advanced persistent threat and other
elements of the high consequence, low frequency event, there's
additional research. And that's where the national laboratories
come into play and working on things that others can't, won't
or shouldn't do. Can't because they don't have access to the
large infrastructure that Chairman Risch mentioned. They can't
because they don't have the subject matter experts. Or they
shouldn't for a variety of other reasons. So, we're focused on
that research.
And I would tell you that that research is having a
significant impact. We can't talk a lot about that here, but
associated with other elements of the government in DOD, that
research has significantly helped the U.S.'s national security
posture.
Senator Heinrich. Okay.
Mr. Manning, you talked a little bit about EMPs as one of
these high consequence but low frequency or low probability
events. Where would you put insider threats in that continuum
of risk?
Mr. Manning. That's a difficult question, I think, to
answer with a distinctive, specific answer. So I don't know how
to address it other than to say that I think Mr. Highley
requested some assistance in that regard regarding ensuring
that our employees are straightforward with us when we hire
them.
Senator Heinrich. Right.
Mr. Manning. I think we don't know how serious this issue
is because we haven't experienced a real serious issue yet in
that regard. So it's difficult to handicap it.
So I couldn't speak----
Senator Heinrich. It is one of the reasons why I asked the
question, actually, is because----
Mr. Manning. Yes, but I can't tell you what is the answer.
Senator Heinrich. As you pointed out, we have to divvy up
our resources and our efforts in this based on what we believe
the risk to be and there are some areas where it is very hard
to define what that risk is.
So, we need to figure out, at least, what low resource
things we can do to mitigate that risk, even if we don't know
what the gross risk is.
Mr. Highley, do you want to add anything to that?
Mr. Highley. It is important that we have access to this
Federal database, so right now when we run background checks on
potential employees we can only access the state level
database, so we can't get that information.
Senator Heinrich. Are you referring to, like, the tide
state or the terrorist screening database?
Mr. Highley. Correct.
Senator Heinrich. Those----
Mr. Highley. That the FBI would have access to, so we would
like to know before we put someone in our critical control
center.
Senator Heinrich. Yes.
Mr. Highley. If they have that kind of background.
Senator Heinrich. That is very helpful actually.
Mr. Highley. Yes.
Senator Heinrich. I want to ask on another, sort of, broad
scale issue, and it can be Ms. Hoffman or any of you who want
to jump in on this one.
One of the things we are seeing change dramatically from
when I was a kid and my dad was a lineman at the utility and we
had a centralized system and all the electronics load one way.
We are seeing generation and things like storage which, kind
of, act like a lubricant in the grid, migrate to the grid edge
and to individual customers, storage generation all moving to
places on the grid that they did not reside originally.
What does that mean for our resilience? How do we take
advantage of that when we can? And are we thinking through that
in addition to just trying to protect the overall architecture
of the utility and the transmission pieces of that grid?
Ms. Hoffman. So I'll start real quick, and then I'll pass
it to my colleagues.
Thank you for the question because it's important because
we are looking forward to opportunities where we can isolate
parts of the grid, looking at microgrids. We can look at
graceful degradation. We can look at additional support
capabilities to the grid via energy storage and distributed
generation, but also local generation.
Regardless of the type of generation, I think, having a
good proportional--proportion of generation in each of the
regions of the country is very valuable.
And so, from that perspective, those technologies can be
quite advantageous. But like anything else, those technologies
must be protected themselves with respect to cyber security
measures, control systems, even from the generation point of
view.
Mr. Manning. Yeah, I would say the same thing.
Secure technology enabled is the answer to your question.
Secure technology enables us to take advantage of that and turn
it from a challenge to a resiliency plus.
Senator Heinrich. Great. Thank you.
Senator Risch. Thank you, Senator.
Senator Hirono, you would be next but we usually go back
and forth. Do you object to Senator Capito?
Senator Capito. Thank you, Mr. Chairman, and thank all of
you who are here.
Mr. Stacey, I would like to ask the crux of this bill deals
with the research done by the National Energy Technology Labs.
As you know, there are many across the country, one in our
State of West Virginia in Morgantown. I am curious to know you
are already pursuing this in the Idaho lab.
What other kind of interplay do you have now with the other
national laboratories? Are they all involved? Is it just
centered around certain of those laboratories? And what would
you envision through this bill in terms of research capacity at
these different facilities?
Mr. Stacey. So all of the national labs are working in one
way or another on cyber security issues. The labs that I
pointed out earlier, Pacific Northwest National Laboratory and
Sandia National Laboratory, as well as Idaho National
Laboratory, we believe, have unique capabilities and skills to
bring to the industrial control system challenge that we're
facing.
But in fact, we shouldn't be restricted. We should have
access to any of the national laboratories or resources we need
to address this challenge, this complex challenge that the
nation----
Senator Capito. Do you have that now with the other
laboratories, that kind of collaborative approach?
Mr. Stacey. You know, I believe we do.
Senator Capito. You do.
Mr. Stacey. The national laboratories, early on, were more
and more competitive. As we get challenges and the budgets are
reduced you're seeing a renewed interest across all the
laboratories, more cooperation and collaboration and frankly,
the national challenge mandates that we take advantage of that.
So I'm pretty optimistic about the approach and the teaming
that we have right now across the national laboratory system.
Senator Capito. Well, good. Thank you.
Ms. Hoffman, well actually this is for Mr. Highley. My
question is she did a good recitation as to what would happen
and who she would, what other government agencies and
committees would be involved if a breach were to occur and how
quickly could be acted in a coordinated capacity. In your
sector, as the electricity provider, do you feel that you are
in the loop enough or as quick enough as you would want to be?
Is that something that you are working on? What is that
collaborative relationship like?
Mr. Highley. So under the Electric Subsector Coordinating
Council there's something called the Information Sharing and
Analysis Center (ISAC), and that's where we would go.
So we are a hydropower operator. We operate hydropower
plants on the Arkansas River. And frankly if we had a cyber
incident occur there we would immediately notify the ISAC. And
then they disseminate that to the other utilities across the
country, so that we know about that threat.
Senator Capito. And they then disseminate to the Department
of Energy and Homeland Security or is that how that works?
Mr. Highley. And coordinates with NCCIC and the other
counterparts.
Senator Capito. And all that, okay.
In the description of the bill I thought, well let me find
the description of the bill that I found interesting.
``Establishes a two-year pilot program with the national labs
to examine ways to replace automated systems with manual
procedures controlled by human operators to remove
vulnerabilities that allow cyber criminals to access the grid
through holes in digital software systems.''
I am thinking to myself, I think today I might have seen a
driverless car. I am thinking at the end of the day you can't
replace the eyes on, hands on, mental acuity of a person
actually driving a car which I immediately got on the sidewalk
on, or in terms of this.
So it is interesting to me just looking at it as we evolve
with all this technology where we, kind of, come back to in the
end, particularly in the terms of security.
So I imagine that with that comes a lot of technological
expertise, maybe some forensic ability to be able to pick this
up. Are there any institutions in the country that are
particularly looking at this as a job path, job creation? And
if they are, maybe you could highlight a few of those for us,
if anybody knows?
Mr. Highley. I just would echo the comments of Pat about
the University of Arkansas and that partnership. I'm very
familiar with that one to develop that capability.
Senator Capito. Anybody else, Ms. Hoffman, that you know
that is working in this direction?
Ms. Hoffman. Beyond the two universities I mentioned,
University of Illinois has a strong partnership with power
system engineers. I think what we're trying to do is really go
after what capabilities do we need to enable in industry?
Senator Capito. Right.
Ms. Hoffman. And build in the educational institution as
well as the emergency responders so that we actually can have
an effective restoration process, but get the right information
out in a timely manner.
Senator Capito. Right. It would have to come from a whole
spectrum of educational aspects to be able to really hit that.
Thank you all very much.
Senator Risch. Thank you, Senator Capito.
The vote has been called and Senator Hirono, you can wrap
it up for us.
Senator Hirono. I will be quick.
Ms. Hoffman, the covered entities as defined in S. 3018
comes from Executive Order 13636 which requires the Department
of Homeland Security Secretary to consult with sector specific
agencies which includes DOE in identifying critical
infrastructure, ``where a cyber security incident could
reasonably result in catastrophic regional or national effects
on public health or safety, economic security or national
security.'' The list of entities is then updated annually.
Are you confident in the process that the DOE uses to
identify critical infrastructure under this Executive Order?
And can you describe how the DOE engages with DHS in this
annual process? And I might add that the list of critical
infrastructure through this process is classified, isn't it?
Ms. Hoffman. The list, I think, as a complete set is
classified. Individuals, there can be conversations with
individuals on that list.
But first of all, thank you for the question.
Identification, prioritization of critical entities and
critical infrastructure gets to the crux of what we need to do
in making sure that we're focusing on the right points on the
system to advance technology but advance cyber security
measures.
With respect to the evaluation, we did a very transparent
collaborative process with industry and the Federal Government
looking at the criteria which was significant economic impact
as well as potential impact to health and safety, were some of
the criteria that was looked at in that evaluation. So with
respect to the electric sector it was companies that would have
a high economic impact in the United States and as well as
associated critical infrastructures with those companies.
Senator Hirono. So when you apply that kind of criteria
there would be states, possibly such as Alaska or Hawaii, where
we may not have what may be termed a national impact and
therefore, how can we be assured that the proper analysis is
done with regard to our grid to identify very specific,
specifically, where the areas of vulnerability are either to
physical attack or cyber-attack? Can we get help to--in this
kind of analysis of our grid?
Ms. Hoffman. Absolutely, Senator. I would love to sit down
and talk to you and understand more the critical assets and the
things that you're concerned about. And we can make sure that
we incorporate that in our discussions and our activities
moving forward.
Senator Hirono. That is always a concern of mine whenever
we have national legislation that kicks off with some kind of a
program or assistance and then there is a criteria that you
have to show a national impact. Obviously for noncontiguous
states that is a little hard to show, and I think it really
disadvantages Alaska and Hawaii. I just wanted to make that
point, Mr. Chairman.
Mr. Manning, the Department of Defense's recent Smart Power
Infrastructure Demonstration for Energy Reliability and
Security, better known as SPIDERS program, included projects to
boost energy security at Joint Base Pearl Harbor Hickam and
Camp Smith in Hawaii. I have worked to promote energy
resiliency at military installations in the DOD Energy Security
Act which I had introduced along with Senator Wyden.
Clearly this is a rhetorical question that if it is a good
thing that if our installations could get off the grid so that
they can be pretty much self-sufficient. My question is could
you talk a little bit about how a functioning military
installation could help recovery of the larger grid if
something happens to the larger grid?
Mr. Manning. So I think it's not just specific to military
installations but to a trend of microgrids in general. And the
ability of a microgrid to integrate in and out of the existing
grid, I think, is a function of technology in the ability to
synchronize those grids together and to operate them either
independently or dependently and to be free to move in and out
of that continuum.
I think with a number of the military bases we were very
focused on the ability to operate either separately isolated or
operate in conjunction with the grid. And ultimately I think
that provides you the best scenario going forward because you
may always decide I want to operate in this mode or the other
or you may change depending on current conditions.
Senator Hirono. Well that makes a lot of sense. So as more
and more, for example, military installations become energy
self-sufficient that that thought that the synchronization is
as something that gets built into the design of the----
Mr. Manning. Absolutely. And it's another example of where
technology is enabling greater resiliency and greater poise
going forward.
Senator Hirono. Thank you, Mr. Chairman.
Senator Risch. Thank you.
Those interesting sounds you have heard indicate that we
have got to get down to vote. So I never have figured out
exactly how that works, but I know you have got to run to the
floor when you hear the sound. So that is where we are.
With that, I am going to conclude the hearing.
I am going to leave the record open. Senator King and I, as
sponsors of this bill, and for that matter, everyone on the
Committee, sincerely appreciate all of you coming today to give
us your input. But we want to get this right. Obviously it is
not an area that is particularly controversial, but it is
highly technical and it is important that we do get it right.
If we have overlooked something, if there is something that
you want to get your two cents worth in on this, I would really
urge you to do that. I am going to keep the record open until
this week, Friday at five o'clock, so you can get anything in
that you want to.
Senator Risch. Senator King, anything else for the good of
the order?
Senator King. No, I think I was just going to tell Mr.
Stacey if we get this bill through I will personally deliver a
sextant to the Office of the Idaho National Lab. [Laughter.]
Senator Risch. Senator King, you have been threatening to
come the INL and have not made it yet.
Senator King. This is going to be the occasion.
Senator Risch. We are going to get you there someday.
Anyway, thank you so much, all of you. We will end the
hearing, declare the hearing closed.
[Whereupon, at 3:42 p.m. the hearing was adjourned.]
APPENDIX MATERIAL SUBMITTED
----------
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]