[Senate Hearing 114-505]
[From the U.S. Government Publishing Office]





                                                        S. Hrg. 114-505
 
    S. 3018, THE SECURING ENERGY INFRASTRUCTURE ACT, AND TO EXAMINE 
                              PROTECTIONS
              DESIGNED TO GUARD AGAINST ENERGY DISRUPTIONS

=======================================================================

                                HEARING

                               BEFORE THE

           SUBCOMMITTEE ON PUBLIC LANDS, FORESTS, AND MINING

                                 OF THE

                              COMMITTEE ON
                      ENERGY AND NATURAL RESOURCES
                          UNITED STATES SENATE

                    ONE HUNDRED FOURTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 12, 2016
                             
                             
                             
                             
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                            
                             


                       Printed for the use of the
               Committee on Energy and Natural Resources
               
               
               

           Available via the World Wide Web: http://fdsys.gov
           
           
           
                           _________ 

                U.S. GOVERNMENT PUBLISHING OFFICE
                   
 21-995                  WASHINGTON : 2017       
____________________________________________________________________
 For sale by the Superintendent of Documents, U.S. Government Publishing Office,
Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
  Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001     
           
           
           
           
           
           
               COMMITTEE ON ENERGY AND NATURAL RESOURCES

                    LISA MURKOWSKI, Alaska, Chairman
JOHN BARRASSO, Wyoming               MARIA CANTWELL, Washington
JAMES E. RISCH, Idaho                RON WYDEN, Oregon
MIKE LEE, Utah                       BERNARD SANDERS, Vermont
JEFF FLAKE, Arizona                  DEBBIE STABENOW, Michigan
STEVE DAINES, Montana                AL FRANKEN, Minnesota
BILL CASSIDY, Louisiana              JOE MANCHIN III, West Virginia
CORY GARDNER, Colorado               MARTIN HEINRICH, New Mexico
ROB PORTMAN, Ohio                    MAZIE K. HIRONO, Hawaii
JOHN HOEVEN, North Dakota            ANGUS S. KING, JR., Maine
LAMAR ALEXANDER, Tennessee           ELIZABETH WARREN, Massachusetts
SHELLEY MOORE CAPITO, West Virginia

                         Subcommittee on Energy

                        JAMES E. RISCH, Chairman
JEFF FLAKE                           JOE MANCHIN III
STEVE DAINES                         BERNARD SANDERS
BILL CASSIDY                         DEBBIE STABENOW
CORY GARDNER                         AL FRANKEN
JOHN HOEVEN                          MARTIN HEINRICH
LAMAR ALEXANDER                      MAZIE K. HIRONO
ROB PORTMAN                          ANGUS S. KING, JR.
SHELLEY MOORE CAPITO                 ELIZABETH WARREN

                      Colin Hayes, Staff Director
                Patrick J. McCormick III, Chief Counsel
               Brianne Miller, Professional Staff Member
            Angela Becker-Dippman, Democratic Staff Director
                Sam E. Fowler, Democratic Chief Counsel
                David Gillers, Democratic Senior Counsel
                
                            C O N T E N T S

                              ----------                              

                           OPENING STATEMENTS

                                                                   Page
Risch, Hon. James E., Subcommittee Chairman and a U.S. Senator 
  from Idaho.....................................................     1
Manchin III, Hon. Joe, Subcommittee Ranking Member and a U.S. 
  Senator from West Virginia.....................................     2
King, Jr., Hon. Angus S., a U.S. Senator from Maine..............     4
Heinrich, Hon. Martin, a U.S. Senator from New Mexico............     5

                                WITNESS

Hoffman, Patricia, Assistant Secretary, Office of Electricity 
  Delivery and Energy Reliability, U.S. Department of Energy.....     6
Highley, Duane, President and CEO, Arkansas Electric Cooperative 
  Corporation (AECC).............................................    14
Manning, Robin, Vice President, Transmission, Electric Power 
  Research Institute (EPRI)......................................    24
Stacey, Brent, Associate Laboratory Director, National & Homeland 
  Security, Idaho National Laboratory............................    37

          ALPHABETICAL LISTING AND APPENDIX MATERIAL SUBMITTED

American Public Power Association:
    Statement for the Record.....................................    85
Heinrich, Hon. Martin:
    Opening Statement............................................     5
Highley, Duane:
    Statement for the Record.....................................    14
    Written Statement............................................    17
    Response to Question for the Record..........................    76
Hoffman, Patricia:
    Statement for the Record.....................................     6
    Written Statement............................................     8
    Responses to Questions for the Record........................    67
King, Jr., Hon. Angus S.:
    Opening Statement............................................     4
Manchin III, Hon. Joe:
    Opening Statement............................................     2
Manning, Robin:
    Opening Statement............................................    24
    Written Testimony............................................    26
Protect Our Power:
    Statement for the Record.....................................    89
Risch, Hon. James E.:
    Opening Statement............................................     1
S. 3018, the ``Securing Energy Infrastructure Act''..............    60
Stacey, Brent:
    Opening Statement............................................    37
    Written Statement............................................    39
    Responses to Questions for the Record........................    77


    S. 3018, THE SECURING ENERGY INFRASTRUCTURE ACT, AND TO EXAMINE 
        PROTECTIONS DESIGNED TO GUARD AGAINST ENERGY DISRUPTIONS

                              ----------                              


                         TUESDAY, JULY 12, 2016

                                       U.S. Senate,
                                    Subcommittee on Energy,
                 Committee on Energy and Natural Resources,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:30 p.m. in 
Room SD-366, Dirksen Senate Office Building, Hon. James E. 
Risch, Chairman of the Subcommittee, presiding.

  OPENING STATEMENT OF HON. JAMES E. RISCH, U.S. SENATOR FROM 
                             IDAHO

    Senator Risch. We are going to bring this meeting to order, 
a couple of minutes early, as a matter of fact.
    We do have a vote at 3:30 and, having looked at the agenda, 
the witnesses and the participants, I have every confidence 
that we can get done what we necessarily have to get done in 
order to finish by 3:30.
    With that, the purpose of today's hearing is to receive 
testimony on Senate bill 3018, the Securing Energy 
Infrastructure Act, and to examine protections designed to 
guard against grid disruptions.
    This is a result of, I think, what everybody acknowledges 
and what everybody knows and that is that the electric grid 
that we have in America is really, incredibly, dependable. That 
is true particularly if you have traveled in other parts of the 
world, you know how dependable our grid is.
    Unfortunately, because of the development of the worldwide 
web and those new ways of handling operations of controls, it 
also now has vulnerabilities. These vulnerabilities, obviously, 
are targets by people who wish to do us harm. As a result of 
that, those of us who deal with this every day believe we 
should take a look at doing this better, perhaps even doing 
this differently.
    One of the things that brought this to light, and only one 
of the things, was an event that happened on December 23rd, 
2015 in the Ukraine where an attack shut down their electric 
grid system and caused immeasurable damage and difficulty for 
the people of the Ukraine.
    The attack could have been substantially worse. And it was 
not because they operate differently than we do in that a lot 
of their actions and operation of the grid is done with manual 
procedures as opposed to automated systems.
    We, here in America and other first world countries, have 
really gone to automated systems for a lot of different 
reasons, not the least of which was/is convenience and 
reliability, but also those kinds of things do open us up to 
additional vulnerabilities.
    This bill was originally introduced by Senator King and me, 
and our co-sponsors are Senators Collins and Heinrich. It is 
not by coincidence that all four of us are on the Intelligence 
Committee and we hear stories, not only stories, but expert 
opinions on what can happen not only to our grid but to other 
grids around the world, a good share of which we cannot share 
with you. But suffice it to say that the facts are sufficiently 
concerning that this is a subject that needs the attention of 
the U.S. Congress. So here we are today with this bill.
    As everyone knows this is a two-year pilot project. It 
certainly isn't designed to be an absolute solution, but it is 
designed to explore possibilities of how the United States can 
handle one of these.
    Speaking for myself, not the other co-sponsors but speaking 
for myself, I truly believe that the next significant event, 
and when I talk about a significant event, I mean a really 
significant event, will not be a kinetic event, but will indeed 
be an event that takes place in the cyber world that causes 
considerable grief and harm to Americans. As we all know, we 
face significant challenges in that arena.
    We have asked four people to be with us today to testify.
    We are going to start today with Ms. Pat Hoffman, who is 
Assistant Secretary in the Office of Electricity Delivery and 
Energy Reliability with the Department of Energy. She will 
start us off with an overview of the Department of Energy's 
work protecting our grid from energy disruptions.
    We also have Mr. Duane Highley, President and CEO of the 
Arkansas Electric Cooperative Corporation. He is also co-chair 
of the Electric Subsector of the Coordinating Council.
    We also have Mr. Rob Manning, Vice President of 
Transmission for the Electric Power Research Institute.
    Finally, last but certainly not least from the great State 
of Idaho, we have Mr. Brent Stacey, who is Associate Lab 
Director at the Idaho National Laboratory. Right now, Idaho's 
National Laboratory is the world leader in critical 
infrastructure and control systems research, primarily because 
of the expenditures that we have made developing the systems 
and the facilities to do that research. I am sure Mr. Stacey 
will describe that for us.
    With that, I certainly welcome everyone here today. I think 
this is a good opportunity. This is not a complicated bill. It 
is a bill that is intended to move us forward in a cautious way 
but a way that will help underscore some of the vulnerabilities 
that those of us on the Intelligence Committee have heard about 
over time.
    Senator Manchin.

   STATEMENT OF HON. JOE MANCHIN III, U.S. SENATOR FROM WEST 
                            VIRGINIA

    Senator Manchin. Mr. Chairman, thank you, and thank all of 
you for being here today. I want to thank you for scheduling 
this hearing, Mr. Chairman, and for your work on this important 
bill that we are working on. I also want to thank Senators King 
and Heinrich for their leadership on this issue. I appreciate 
our witnesses joining us today for this very special 
discussion.
    The electric grid is essential to our lives and is also the 
lifeblood of the economy. The grid moves power hundreds, if not 
thousands, of miles to our houses, office buildings and 
factories every day. People and business in the Northeast and 
the Mid-Atlantic states are heavily dependent on a well-
functioning grid to access power generated in my home State of 
West Virginia.
    The Energy Information Administration, EIA, reports that in 
2014 West Virginia produced approximately over 80,000 kilowatt 
hours of electricity. The EIA consistently reports that West 
Virginia typically exports more electricity than it consumes, 
so we are a net exporter of electricity.
    West Virginia's neighbors, Maryland, Virginia, Washington, 
DC and others, depend on us for reliable electric generation, 
not to mention coal and natural gas production. Whether because 
of a cyber or physical attack or some other energy disruption, 
imagine what it would be like if West Virginia stopped 
producing and delivering energy. Incidents like the polar 
vortex quickly become even more dangerous and likely tragic.
    The secure and reliable transportation of energy is vitally 
important to our state's economy and to the safety and health 
of our citizens and those in neighboring states, so I believe 
today's hearing is an important start to a longer conversation 
about the security of our grid.
    As the electric industry has increased its reliance on 
digital technologies to better serve consumers, the grid has 
grown more vulnerable to cyber-attack. Just last December the 
first successful cyber-attack took place against part of 
Ukraine's electric grid demonstrating that shutting down the 
grid is a real possibility.
    Many cyber experts have come to the conclusion that it is 
not a question of ``if'', but a question of ``when'' a massive 
attack on our grid will occur. We must do everything we can to 
protect and prepare, including hardening our networks to 
protect the grid and ensure the continued reliable delivery of 
electricity. But we also need to focus on emergency 
preparedness and incident response to minimize the effects of a 
potential attack. That is why the King/Risch/Collins/Heinrich 
bill is a step in the right direction.
    Senate bill 3018 would establish a two-year pilot program 
within the national labs to research and test technology that 
could be used to isolate and protect the most critical systems 
of the electric grid. It would also establish a working group 
to evaluate the proposals of the pilot program and develop a 
national cyber informed engineering strategy.
    Mr. Chairman, the 2013 attack on the Pacific Gas and 
Electric substation in Metcalf, California reminds us that the 
threats to our grid are not limited to cyberspace. According to 
press reports, the Federal Energy Regulatory Commission has 
identified a smaller number of critical grid-related facilities 
that, if physically attacked, could significantly impair the 
ability of utilities to keep the lights on.
    Keeping America's energy network secure from cyber and 
physical intrusions is critical as new technologies and threats 
continue to emerge from transnational organized crime, 
terrorists' groups and hostile foreign governments. The 
argument goes that the smarter and more connected the power 
grid becomes, the more vulnerable it becomes. I am sure you are 
familiar with the scale we are talking about.
    The Department of Homeland Security reported that 56 
percent of cyber incidents against critical infrastructure in 
2013 were directed at energy infrastructure, mostly in the 
electric grid. While the number has shrunk to 16 percent in 
2015, there is much more to be done. That is why I support the 
Energy Policy Modernization Act of 2016 that Chairman Murkowski 
and Ranking Member Cantwell worked so hard to get passed out of 
Committee and finally out of the Senate by a vote of 85 to 12. 
Believe me, that does not happen here that often.
    The bill includes a cyber energy section that includes the 
research and development program to develop advanced cyber 
security technologies, doubles the Department's current 
investment in cyber-related research and development, supply 
chain security and public/private partnerships.
    It encourages the Department of Energy to work hand in hand 
with the private sector. This recognizes the importance of 
aligning government capabilities with the needs of industry 
actors that are dealing with potential threats to our grid 
every day.
    The ability to deliver energy quickly, securely and without 
interruption is something that West Virginia prides itself on. 
So that is also why I am particularly appreciative of Senator 
King's passion for this issue, and I commend him and all of the 
co-sponsors of this bill.
    Chairman Risch and Senator Heinrich's ongoing efforts for 
this bill is muchly appreciated.
    I want to thank the Chair for holding this hearing, and I 
look forward to the testimony of our witnesses. At this time, I 
would like to turn it over to Senator King.
    Senator Risch. Senator King.

 STATEMENT OF HON. ANGUS S. KING, JR., U.S. SENATOR FROM MAINE

    Senator King. Thank you.
    I first want to commend the Chair. This is first in my 
experience of a hearing that actually started early rather than 
late. That bodes well.
    Senator Risch. If it ends or that could be it.
    Senator King. That is another challenge.
    When I used to appear before the main legislature, the 
first question always asked was, why are you here? I think the 
answer in this case is pretty clear.
    As Senator Risch mentioned he and I serve together on the 
Intelligence Committee. I am also on the Armed Services 
Committee. I would say in virtually every hearing that we have 
had over the past four years that I have been to, somehow the 
cyber vulnerability comes into the conversation.
    In fact we had a classified Armed Services Committee 
hearing just this morning on this very issue, and I 
characterize this as the longest windup for a punch in the 
history of the world.
    We know that it is coming, and we know that there are 
people who are actively working to do us harm right now. And we 
have had warning shots--OPM, SONY, and others.
    As Senator Manchin mentioned, we are asymmetrically wired, 
so we are asymmetrically vulnerable. This is a very 
straightforward bill, and it does grow out, to some extent, of 
the experience in the Ukraine where when they found that they 
had analog and human intervention at certain key points. We are 
not talking about rewriting all the software or dumbing down 
the grid. We are talking about inserting some elements of 
analog and human intervention at certain critical points in 
order to protect us.
    Interestingly enough, just this year, just in the last few 
weeks, there has been an analogous policy recognition in the 
United States Navy. For the first time in 20 years Annapolis is 
now going back to the teaching of celestial navigation, and the 
reason is that you can't hack a sextant.
    This is a recognition that with all of our sophistication 
comes additional vulnerability and that what we are attempting 
to do today is to talk about and work on, on a pilot basis, and 
on a voluntary basis for the utilities, some unconventional 
solutions to this vulnerability challenge. I do not want to go 
home to Maine after a disastrous attack somewhere in the United 
States on our critical infrastructure and explain that we did 
not try some various options.
    That is the reason I brought forth the bill. It grew out of 
conversations with Senator Risch and the work that we have done 
in the Intelligence Committee, and I am delighted that we are 
here today.
    I appreciate the opportunity to present this bill.
    Thank you.
    Senator Risch. Thank you, Senator.
    Do you have an opening statement you want to make, Senator 
Heinrich?

STATEMENT OF HON. MARTIN HEINRICH, U.S. SENATOR FROM NEW MEXICO

    Senator Heinrich. I do, Mr. Chairman, and I will make it 
very quick.
    I want to thank you for your work and Senator King as well. 
I think this is a very important piece of legislation, and I am 
pleased to be an original co-sponsor.
    I want to reiterate Senator King and I both had a closed-
door hearing in Armed Services this morning that really drives 
home what a real issue this is and how we need to take it very 
seriously.
    I do think it is important to make the point that this is 
not about dumbing down the grid. I think Senator King, myself, 
and others on this Committee have been very staunch advocates 
of smart grid technology, of microgrids, and of all of the 
developments that are making our grid much more responsive 
today. But it is about having those backups in place and those 
fail safes in place.
    I think it is important to state that our bill is not 
prescriptive in that the working group has the flexibility to 
consider a full range of options.
    So, once again, I want to thank Chairman Risch and I want 
to thank Senator Manchin for holding this hearing today, and I 
very much look forward to the testimony from our witnesses who 
are here.
    Senator Risch. We will now turn to our witnesses. Ms. 
Hoffman, would you care to start us off, please?

 STATEMENT OF PATRICIA HOFFMAN, ASSISTANT SECRETARY, OFFICE OF 
ELECTRICITY DELIVERY AND ENERGY RELIABILITY, U.S. DEPARTMENT OF 
                             ENERGY

    Ms. Hoffman. Thank you, Chairman Risch, Ranking Member 
Manchin and members of the Subcommittee. Thank you for 
continuing to highlight the importance of a resilient electric 
grid.
    The Department also appreciates the opportunity to provide 
initial views on Senate bill 3018, the Securing Energy 
Infrastructure Act.
    The Department supports the goals of Senate bill 3018 which 
are consistent with the Department's ongoing role to helping 
ensure resilient, reliable and flexible electricity system in 
an increasingly challenging environment.
    The Department would like to work with the sponsor and this 
Committee to offer continued additional input on the bill, and 
I will discuss this later on in my testimony.
    Our economy, national security and even health and safety 
of citizens depend on a reliable delivery of electricity. The 
mission of the Office of Electricity Delivery and Energy 
Reliability is to strengthen, transform and improve the energy 
infrastructure to ensure access to reliable, secure and clean 
sources of energy. We are committed to working with our public 
and private sector partners to protect that the nation's 
critical energy infrastructure, including the electric power 
grid, from disruptions caused by natural and manmade events, 
physical security events and cyber security events.
    A crucial factor in meeting these challenges will be to be 
proactive and cultivate, what I call an ecosystem of 
resilience, a network of owners and operators, regulators, 
vendors, Federal partners and consumers, working together to 
strengthen our ability to prepare, respond and recover.
    Our organization works on in-depth strategies, products and 
tools which inform and educate industry as well as state and 
local officials in their energy emergency preparedness 
activities. As part of the Administration's effort to improve 
the electric sector, cyber security capabilities, the 
Department and industry partners are developing and have 
developed a maturity model. This evaluation tool helps an 
organization prioritize and advance its security posture in the 
areas such as information sharing, supply chain management and 
access control, just to name a few.
    The Department of Energy has provided strategic leadership 
by requesting and facilitating the development of an 
electricity information sharing and analysis center and the 
development of the Electric Sector Coordinating Council. The 
Electric Sector Coordinating Council is a group of leaders from 
the electric sector that meet regularly with government to 
coordinate and share information.
    When the power goes out the local utility is a first 
responder. Should any threat or emergency exceed local or 
private resources or require a full blown response, the 
Electric Sector Coordinating Council will engage with the 
Federal Government for a coordinated response to a crisis 
activity.
    The keys to strengthening resilience are not only from 
better threat insight and response but also through innovation. 
Advanced technology and innovation in cyber security, storage, 
and microgrids will help the industry get ahead of these risks. 
All of the Department's cyber security research initiatives are 
based on industry involvement, joint funding with matching 
funds and the development of an end goal to get industry 
deployment.
    There are several examples of DOE, our organization's, 
activities that support cyber security technologies developed 
for the power grid and use physics and the capabilities of the 
electric grid to its advantage. One example is an industry-led 
research project that helps the protection and control 
equipment check the commands it receives to ensure these 
commands support this ability of grid operations. Another 
example is a national laboratory-led research that is designing 
cyber security awareness and to power system applications 
themselves so that malicious actors should not be able to 
manipulate power system devices.
    Thank you for the opportunity to provide technical 
assistance on Senate bill 3018. We agree with the goals of the 
bill to strengthen the cyber security posture by allowing the 
DOE national laboratories to study the systems most critical to 
national security.
    With respect to assessments, many electric sector entities 
already conduct vulnerability assessments of part of the 
standards set by the North American Electric Reliability 
Corporation. Yet, there still may be a gap where the DOE 
national laboratories should partner with industry.
    But even assessments aren't enough. Research is required to 
conduct cyber engineering to mitigate these risks.
    In conclusion, threats will continue to evolve. The 
Department is working diligently to stay ahead of the curve. To 
accomplish this, we must invest in resilience, encourage 
innovation and use the best practices to raise the energy 
sector's cyber security, physical security maturity level as 
well as strengthen incident response and recovery capabilities.
    Thank you. This concludes my remarks, and I look forward to 
any questions that you may have.
    [The prepared statement of Ms. Hoffman follows:]
    
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
   
    Senator Risch. Thank you, Ms. Hoffman.
    You mentioned that, I thought I picked up in there, you had 
some suggestions for the bill. Do you have any specifics at 
this point?
    Ms. Hoffman. With respect to specific suggestions, one 
suggestion that we have is to make sure to coordinate with the 
Electric Sector Coordinating Council, which Duane is a co-chair 
of the Council, as part of the working group.
    We would like to make sure that we have leverage the 
continued capabilities within----
    Senator Risch. I hope you will put some language together 
for us, and we will be happy to have a look at that. As I think 
everybody has picked up here, this is not a partisan issue, by 
any stretch of the imagination. We are all pulling the wagon 
together here, and I think that the Administration's view on 
this, particularly DOE's, will be very helpful for us as we go 
forward.
    If you will get that for us, we would sure appreciate it.
    Thank you.
    Ms. Hoffman. Thank you.
    Senator Risch. Thank you.
    Mr. Highley.

    STATEMENT OF DUANE HIGHLEY, PRESIDENT AND CEO, ARKANSAS 
            ELECTRIC COOPERATIVE CORPORATION (AECC)

    Mr. Highley. Yes, sir.
    Chairman Risch, Ranking Member Manchin and all members of 
the Committee, thank you for the invitation to testify today. 
It's an honor to sit on this panel with these colleagues that I 
respect so much.
    I serve as President and CEO of the Arkansas Electric 
Cooperative Corporation. We serve a million Arkansans with 
reliable and affordable, non-profit electricity.
    Electric co-ops in the United States serve--900 coops serve 
42 million people in 47 states covering 75 percent of the 
nation's land mass. That's 2,500 of the 3,100 counties in this 
country. You can imagine the challenge protecting that much 
infrastructure from intentional attack, let alone just normal 
weather events. But the challenge of protecting that is 
actually impossible, but we're working on it all the time.
    I serve as co-chair of the Electric Subsector Coordinating 
Council which is a public/private partnership of critical 
infrastructure operators which coordinate with our government 
counterparts on a regular basis on policy-level security 
issues. So this council is comprised of 30 utility and trade 
association CEOs. We represent all segments of the electric 
industry. We work regularly with the White House, Department of 
Energy, DHS, Federal Energy Regulatory Commission (FERC), the 
FBI, National Security, all those agencies, to make sure that 
electric policy is complementary to reliability for our 
members.
    Now through the ESCC, the Electric Subsector Coordinating 
Council, we have this thing called the Information Sharing and 
Analysis Center that provides real time information on threats 
to utilities.
    It's working well, but it could work even better. We would 
like to see stronger communications and more timely information 
flowing from government. We understand there's confidentiality 
that has to be preserved, and yet when we get that information 
we can send it on to our utility partners, who can take action. 
So in the instance of the Ukraine event, the sooner we know 
about what's going on there, the quicker we can develop a way 
to respond.
    Now as we develop standards for reliability on the grid, we 
don't do that haphazardly. The grid has developed over 100 
plus, and we have to be very deliberate about the way we make 
changes to the grid. The way we do that is through a standard 
setting process through NERC.
    So if FERC passes a regulation, they pass it off to NERC, 
the North American Reliability Corporation. Subject matter 
experts vet that. The NERC Board approves it. FERC then 
approves that, and those standards then become mandatory and 
enforceable on this industry. We can face fines of up to $1 
million a day for violations of cyber security regulations or 
physical security regulations, and NERC has established 
standards for physical security and GMD.
    Now the standards are based on criticalities. So the most 
critical assets get the largest amount of standards. Less 
critical don't have as much. Just for example in our little co-
op we have 90 million log entries a day that we have to 
preserve of what computer talked to what computer so we can 
ensure that that is not, nothing bad is happening.
    Now our main answer to all threats is defense in depth. We 
didn't design the grid to protect against intentional acts of 
war, but when we designed it with the redundancy to cover 
weather events and equipment failure we end up having high 
reliability. And if you imagine the very worst threats 
possible, a bad event like a tornado or an earthquake, we've 
seen the grid out for, maybe, days. A really terrible event 
like a hurricane or a massive regional ice storm, you might see 
it out for a week or two.
    But the reason those events don't cause greater outages is 
because of the reliability that's already built into the grid, 
and that's also going to protect us from intentional attack.
    And we talk about EMP (electromagnetic pulse), which is a 
doomsday scenario and would constitute an act of war against 
the United States. It would impact more than just the electric 
sector. If we fried all the microprocessors, obviously, it 
would affect gas pumps, ATMs, cash registers, automobile 
engines. We're concerned about the impact of EMP but we want to 
act based on facts, not speculation, which is why we want to 
hear from EPRI about the good work they're doing on a voluntary 
basis to try and figure out the threat, characterize it, so we 
can design appropriate mitigation.
    We have to remember that we could gold plate every 
substation, but there's transmission lines coming in and out so 
we have to balance the amount of effort we put on protecting. 
We can't overprotect one area and leave the rest vulnerable.
    How can Congress help? We thank you for the FAST Act and 
for the Consolidation Appropriation Act which is already 
helping us improve government and industry coordination.
    The insider threat is one of the largest factors we face 
now. We'd like to see you consider legislation giving the FBI 
authority to assist the industry with fingerprint-based, 
criminal and terrorist background checks so the people that 
operate our control systems we know don't have a bad 
background.
    And we find Senate 3018, Securing Energy Infrastructure 
Act, to be very complementary to the industry efforts.
    Please avoid a one-size-fits-all legislation. The grid has 
been custom-designed based on geography and the characteristics 
of the grid. And if we can work that through the NERC standard 
setting process, I think we'll end up with the best result.
    Thank you.
    [The prepared statement of Mr. Highley follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    Senator Risch. Thank you very much.
    Mr. Manning.

   STATEMENT OF ROBIN MANNING, VICE PRESIDENT, TRANSMISSION, 
            ELECTRIC POWER RESEARCH INSTITUTE (EPRI)

    Mr. Manning. Thank you, Mr. Chairman. Thank you, Senators 
and staff.
    I appreciate the opportunity this afternoon to talk about 
the electric grid. It is a passion of mine, and anytime I talk 
about the grid I get excited. So I'm excited to talk about that 
this afternoon.
    I've spent 38 years of my life dedicated to grid operations 
in one way or another. I've taken apart an analog relay and 
reassembled the analog relay. I've taken apart a digital relay. 
Well, I'll stop there. Perhaps I didn't reassemble that one.
    But I will say that it's always exciting to talk about the 
electric grid. And I have watched, over the last 38 years, the 
transformation of our nation's electric grid from what it was 
to a true technological marvel that we see in operations today. 
After all, it's a tremendously integrated system. It's a 
tremendously complex engine, in fact. And in short, we deal 
with a unique commodity.
    Electricity is a unique commodity. We make it, we move it 
at the speed of light, and we use it all at exactly the same 
time. And there's no doubt that there's such a complex system 
out there to manage that. And to operate that grid requires 
huge volumes of information. It requires constant attention. It 
requires constant tremendous diligence by operators like Mr. 
Highley here.
    This is particularly true as we begin to see greater 
concentrations of intermittent resources such as renewable 
energy resources as they enter the equation. These are 
important resources. They are clean resources. They are a part 
of our future, but integrating those resources creates a 
greater reliability on technology.
    The U.S. grid is a collaborative engine. Utilities across 
our country work carefully together, day in, day out, to ensure 
a safe, reliable supply of electricity flows from home to home. 
Even so, from time to time, we face threats that challenge the 
reliability that for which we become known. And many of these 
threats are predictable and become very manageable, like 
evening thunderstorms.
    Yet, we're also seeing an emerging class of threats which 
we have dubbed high impact, low frequency events that are less 
predictable. They're more problematic when it comes to 
preparation and recovery. And certainly much of the discussion 
this afternoon centers around cyber security threat, but 
utilities are evaluating risk and threats from many potential 
hazards and each of these potential hazards have to be 
evaluated and understood so that determination can be made 
regarding strategies to address the entire array of potential 
threats.
    And we can learn from the threat analysis that is taking 
place and from the approach taken with other high impact, low 
frequency events, such as the threat, for example, of 
electromagnetic pulse, or EMP, on the grid. EPRI is 
initializing a broad collaborative effort with the assistance 
of the Department of Energy and the ESCC, as Mr. Highley spoke. 
And in doing so, we are adopting a consistent methodology used 
to develop a deeper understanding of threats and mitigation 
options.
    This mitigation, this methodology, highlights a scientific 
approach to adopting change within the complex U.S. grid. The 
methodology is a tried and true method of threat mitigation. It 
requires systematic research and development, and it provides a 
scientific basis underpinning to any significant change 
initiative.
    Essentially, the methodology requires a clear 
characterization of the threat and identification of potential 
vulnerabilities, evaluation of the impacts and risk and 
identification of mitigation, hardening and recovery practices 
and tools and a well-defined decisionmaking process that 
considers the balance of risk and reward.
    Finally, we need to ensure that there are trials, that 
there are pilots, so that we understand the true implications 
of applying changes to a very complex system. We believe 
following an approach such as this one ensures there are no 
unanticipated impacts any time you introduce change into a 
complex system like the U.S. grid, even a change that is 
designed to simplify.
    The MP initiative provides a solid technical approach that 
it considers all impacts, mitigation, recoveries, even the cost 
to implement, allowing utilities to take these considerations 
and balance them against effective risk making decisions.
    So, we at EPRI, we were created to serve the public good. 
We do that by providing a scientific basis for safe, reliable, 
affordable and environmentally responsible energy. And it is 
this consistent supply of energy that fuels our nation. But it 
is the well-rounded, thoroughly understood science that is the 
underpinning of this energy supply and its carefully 
constructed research and development that is the pathway to 
lighting our future and negotiating all manner of threats, even 
ones so ominous as cyber security.
    I couldn't help but be struck, Mr. Chairman, by your 
comment. It is science that answers the question, can we do it 
better? Should we do it differently?
    Thank you very much. I look forward to your questions.
    [The prepared statement of Mr. Manning follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    
    Senator Risch. Thank you.
    Mr. Stacey.

   STATEMENT OF BRENT STACEY, ASSOCIATE LABORATORY DIRECTOR, 
    NATIONAL & HOMELAND SECURITY, IDAHO NATIONAL LABORATORY

    Mr. Stacey. Chairman Risch, Ranking Member Manchin and 
distinguished members of the Subcommittee, I want to thank you 
for holding this hearing and inviting testimony from Idaho 
National Laboratory, also known as INL.
    As a fellow citizen of Chairman Risch's home State of Idaho 
and the Associate Laboratory Director of INL's National and 
Homeland Security directorate, I'm honored to participate and 
request that my written testimony be made a part of the record.
    INL extends its gratitude to Senators King, Risch, Collins, 
Heinrich, Crapo, and Murkowski for the leadership and 
dedication demonstrated in sponsoring Senate bill 3018 with the 
goal of establishing a pilot program to develop a cyber 
informed, engineering strategy that defends our energy 
infrastructure from the most serious security threats.
    INL views this bill as an opportunity to perform the 
research and development and testing that are necessary to 
explore, innovate and validate with science-based data the 
ground truth on credible, high consequence, vulnerabilities and 
their mitigation.
    We understand that the solutions will include advanced 
technologies and engineering alternatives that can be proven 
and practically implemented.
    We believe that our understanding is consistent with the 
intentions and perspectives of many peers in government and in 
industry. My colleague, Mike Assante, the SANS Lead for 
Industrial Control System and Supervisory Control and Data 
Acquisition Securities, said it this way, and I quote, ``Beyond 
enhancing our cyber defenses our goal is to unlock the greatest 
benefits that technology offers but not go so far as to ignore 
the select need to establish responsible limits and 
alternatives.'' This is a role appropriate for national labs.
    INL, as well as other laboratories, partner today on a 
breadth of solutions. This research is sponsored by and 
coordinated with Assistant Secretary Hoffman, leading DOE's 
Office of Electricity Delivery and Energy Reliability, DOE's 
Office of Nuclear Energy, the National Nuclear Security 
Agency's Office of Defense Nuclear Non-Proliferation and DOE's 
Office of Intelligence and Counter Intelligence.
    Our utilities have been efficient and effective in 
positioning the electric sector's infrastructure for 
functionality, reliability and safety and in raising their 
cyber security awareness and posture. Yet, with the advent of 
sophisticated and adaptive cyber adversaries, we are now faced 
with the need to enhance our infrastructure security that it 
can better detect, resist, absorb and respond to the most 
sophisticated cyber attackers.
    INL's vision for control system cyber security research is 
grounded on the following principles and trends. First, the 
speed of technological innovation is outpacing traditional 
approaches. Second, determine sophisticated and patient 
adversaries will be successful in penetrating an 
infrastructure's digital systems. Third, a disciplined 
adversary likely will know the dynamics of digital technology 
better than the asset owner and the asset owner will know their 
engineering and processes better than the adversary. We need to 
leverage our knowledge advantage and strengths. And fourth, 
technology for automation and digital control are inherently 
embedded into our infrastructure. It's simply not feasible to 
go back and implement large scale manual control.
    At INL, we believe that unexplored options exist for taking 
consequences off the table. To this end, INL is piloting a 
transformative approach. We call it consequence driven, cyber 
informed, engineering, or CCE for short.
    CCE reprioritizes the way we look at high consequence risk 
within control system environment. This process starts with 
identifying the highest impact, most severe consequence and 
then discovers the best process design and protection 
approaches for engineering out the cyber risk. Further reducing 
risk will require government research and industry toward a 
common goal complemented by investment in over the horizon 
research and development addressing these holistic solutions.
    An example of a significant step forward in partnering 
within national laboratories to address this national 
challenge, INL, Pacific Northwest National Laboratory and 
Sandia National Laboratories are teaming to lead a research 
initiative that holistically addresses control system, cyber 
security across multiple sectors of the infrastructure and 
government.
    I thank the Committee's members and fellow panelists for 
their dedication to this complex challenge. Protection of the 
energy sector deserves our full commitment to assure economic 
prosperity and energy security, and INL welcomes its role in 
serving the nation.
    Your commitment to this hearing, the high quality of peers 
as my fellow witnesses, your proposed legislative actions and 
appropriations for research demonstrate that the nation is 
actively engaged in addressing this challenge.
    Thank you for inviting me today to testify, and I look 
forward to your questions.
    [The prepared statement of Mr. Stacey follows:]
    
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]    
    
    
    
    Senator Risch. Thank you, Mr. Stacey.
    Thank all of you for your well advised thoughts and we 
really appreciate that. Hopefully we will all be able to move 
this forward together.
    We are going to go to a round of five minute questions. 
Since we do have the vote at 3:30, I would urge everybody to be 
as succinct as they can in their questions and answers. I want 
to have everybody have an opportunity, so I will pass. I will 
waive, at least at the outset, and proceed to Senator Manchin.
    Senator Manchin. Thank you. Thank you, Mr. Chairman.
    My one concern is the reliability of the grid and if you 
are concerned about that base load fuel being in jeopardy of 
giving you the necessary reliability. Do any of you have 
concerns about that with so much of our base load being 
diminished?
    Very quickly, anybody? Do you want to start, Mr. Manning?
    Mr. Manning. So it does change. It changes the equation. So 
we have designed----
    Senator Manchin. We are talking base load, mostly, the 
fossils have come offline. Okay, we understand that and we know 
there is a transition going on.
    But are we in jeopardy of the system basically not being 
able to provide reliability?
    Mr. Manning. No, I don't believe we're in jeopardy.
    Senator Manchin. Okay.
    Mr. Manning. But I do think we have to operate the system 
differently tomorrow than we operated the system.
    We spent 80 to 100 years operating it a certain way. And 
the generation of today is very different from the traditional 
generation and is creating new operational protocols, is 
demanding new technologies and we're implementing those as we 
go. But I believe with Pat's help, with the help from FERC and 
from NERC, we're managing that effectively.
    Senator Manchin. My main concern on that was with the polar 
vortex. PJM has about 61 million customers, and that is in all 
of our area. They came within a razor's thin of collapsing.
    Have you all been able to shore that up so that won't 
happen again? Mr. Highley.
    Mr. Highley. When we plan the grid we're always planning 10 
to 15 years out. And so, we're definitely looking at the loss 
of those coal and fossil assets and making the mitigation plans 
now where transmission lines might be needed or gas pipeline 
infrastructure might have to be enhanced.
    Senator Manchin. Were you all aware of how critically close 
that become?
    Mr. Highley. Absolutely. It was also close in Arkansas that 
same winter.
    Senator Manchin. Okay.
    Now I will go to the shrinkage. We call it shrinkage or 
loss. Six percent of electricity is lost when it is transported 
from generation facilities across transmission with the current 
technology that we have and the current products we are using. 
That is enough I understand to power two million homes for one 
month. We are losing that much on the grid system.
    Are there any changes, technology wise, that would give us 
more efficiency so we don't have that much loss?
    Ms. Hoffman, do you know of any?
    Ms. Hoffman. So yes there is technology opportunities to 
improve efficiency on the system.
    With respect to the distribution system and some of the 
Recovery Act activities, we did look at conservation voltage 
reductions, really looked at better optimization and 
utilization of the distribution system.
    But there's also composite conductors, more efficient 
conductors out there that can support capacity on the 
transmission system as well as information technology such as 
the dynamic line rating. But really to be able to maximize the 
use of the transmission system, those are all some of those 
technologies.
    Senator Manchin. Are we changing the quality of products 
that we are using or the composition of the products such as 
ceramics? Are we using ceramics that I understand are much more 
efficient?
    Mr. Highley. I just might add on the transformers we're 
buying power transformers.
    We price in what the lifetime losses would be on that. So 
it's a cost benefit analysis. The losses that we incur are 
losses that are incurred because it's not cost effective to 
make them lower, and when we buy that transformer we price that 
in.
    The ceramic technology comes at a price. There's limited 
applications where that works, but most of the time you can't 
afford it because the energy you're saving isn't worth it.
    Senator Manchin. A final question, very quickly, to either 
Mr. Stacey or Mr. Manning.
    Which country do you think poses the greatest threat for 
cyber security as far as the grid to the United States of 
America? What organization or country?
    Mr. Stacey. I would offer the industrialized countries have 
the capability in many cases.
    Senator Manchin. Which one has the desire and the interest?
    Mr. Stacey. Well, there are probably a couple.
    Senator Manchin. Do you want to name any names or do you 
just want me to name them for you?
    Mr. Stacey. I'd prefer not, but I would say the industrial 
countries.
    Senator Manchin. Mr. Manning?
    Mr. Manning. That was a fantastic answer. I should say----
    Senator Manchin. Are we talking China or Russia or Russia 
and China?
    Mr. Manning. Yes, you are.
    Senator Manchin. Which one first?
    Mr. Manning. So I'm not sure it matters which is first. I 
think we were vulnerable to all. My answer was going to be 
foreign countries.
    Senator Manchin. Foreign. [Laughter.]
    Mr. Manning. But I thought that was a very good answer. 
Industrialized is a greater threat.
    Senator Manchin. I got you. It was very nice.
    Thank you very much. Thank you all.
    Senator Risch. Senator Cassidy.
    Senator Cassidy. Some folks from Bossier City, Louisiana, 
the site of our Innovation Center, had a conversation with a 
colleague of yours, Mr. Bachman. He differentiated between, 
let's see if I have this correct, traditional IT systems 
security personnel and the industrial control systems, 
supervisory control and data acquisition systems security 
personnel. I am learning that distinction, but is that a fair 
distinction? I see everybody nodding their head yes.
    The reason I bring that up is that he made the point that 
whereas we have the number of ICS security professionals is 
really limited, maybe 500 to 1,000 worldwide and we need tens 
of thousands. Would you all agree with that statement?
    Mr. Manning. Yes.
    Senator Cassidy. Now I guess that begs the question of what 
we are doing to address a shortage which is almost exponential.
    Ms. Hoffman, I hate to put the--but you are the guy, you 
are the gal from the government, if you will. To what extent 
are we planning for that in attempting to address that critical 
shortfall?
    Ms. Hoffman. So what we're trying to do is we're working 
with two universities to look at control system engineering. We 
have the University of Illinois and the University of Arkansas 
where we're trying to develop the next generation engineers 
that have both a cyber security background and a power 
engineering background.
    But likewise not only are we trying to develop through the 
research program engineers in this area, but we are also trying 
to help the industry as their key need is to develop cyber 
mutual assistance capabilities so if an event occurs they're 
able to respond, the industry has the capacity to respond. And 
so that's also a critical need that needs to be addressed.
    Senator Cassidy. Now it seems though as if you are doing 
not that much on man power or woman power training. I say that 
because if you have two universities with an engineering 
program, even if they are big engineering programs, they are 
still relatively small. Again, if I am told we have 500 to 
1,000 but we need tens of thousands, it seems, just if you are, 
I mean, does anyone else see a problem with manpower there, so 
to speak?
    Mr. Highley.
    Mr. Highley. Certainly the demand for technically-skilled 
folks, a lot of times we have to go out of the country to get 
those people. So it's just we don't produce enough in house to 
make it happen.
    Senator Cassidy. To what degree would you characterize the 
shortage? Severe or OMG. [Laughter.]
    Mr. Highley. If severe is the less strident of those 
statements, I'll go with severe. I think it's something we want 
to watch. We don't believe it's insurmountable.
    And again, the Cyber Mutual Assistance that Pat mentioned 
allows us to rely on our neighbors to help us in the event of 
some kind of disaster.
    Senator Cassidy. Gotcha.
    Well, I will put a plug in for our Bossier City Cyber 
Innovation Center which I think is trying to meet this need.
    Let me ask as well. I was speaking to someone recently 
about the attack at San Jose. I had read about that but I don't 
know the whole thing about that. But obviously in one sense 
very low tech. They just shot out a cooling system for a 
transformer and almost brought it down.
    At the time I read that this may have just been people 
hoping to rip off copper but then subsequently I was told that 
no, it was actually more sophisticated and folks had attempted 
to infiltrate a communications system and cut lines. They did 
not succeed. That is the only reason it was detected. Again, I 
see people nodding in agreement with this assessment. So it 
appeared a more coordinated thing. That is low tech.
    I am also told that if you hit key, maybe as few as nine, 
sub centers in the nation you could bring everything crashing 
down. What are we doing to protect ourselves against the low 
tech, if you will, not the EMP, but the guy with the rifle?
    Mr. Highley. The first protection is that redundancy in 
defense and depth so that we have lots of duplicate facilities. 
The grid is planned so that any critical facility can be out of 
the time of the greatest peak demand and yet the grid can 
change to deliver power.
    That's why in the Metcalf incident that you mentioned, 
there was no loss of service to any customers, even though nine 
transformers were destroyed. So that the grid continued to 
deliver and that's our first base line is to design for that 
and cover that.
    So beyond that the most critical facilities have been 
identified. They're not for public knowledge, but those 
critical facilities are being hardened from that kind of 
attack.
    Senator Cassidy. Gotcha.
    I am out of time. I appreciate it.
    Thank you.
    Senator Risch. Thank you.
    Senator King.
    Senator King. One of the genesis, what is the plural of 
genesis, I wonder? Genoese, of this I knew my college Latin 
would come in handy.
    Of this legislation was an important paper written by Andy 
Bachman and others, and the point they made was that the very 
complexity of the grid adds vulnerability. Could you elaborate 
on that, Mr. Stacey, that I think the term was the new layers 
are petri dishes for the growth of new attack surfaces and new 
interdependencies?
    Mr. Stacey. I believe that as we ask the grid to do things 
it wasn't necessarily originally designed to do, integrating 
distributed resources and others, that takes computer 
technology, software and other intelligent devices to be able 
to manage that.
    And when you do, there's an inherent side effect of 
complexity associated with that kind of automation to manage 
the efficiency and effectiveness and reliability of the grid. 
That complexity, or the addition of automation, does include 
some additional complexities and vulnerabilities.
    Senator King. So what we are talking about is, I think, 
there is a term I had never heard, attack surface interruption 
zone, and that is really what we are talking about is a place 
where an attack would be particularly devastating. It is not 
the whole grid. We are not talking about re-engineering the 
whole grid, but we are talking about picking out these 
particular areas of vulnerability. Is that accurate?
    Mr. Stacey. That's accurate.
    These attack surface interruption zones are intended to 
impact the sequence that a cyber attacker goes through to have 
a well-planned and predictable event. And so these disruption 
zones are intended to cause the attacker to have physical 
access and not be able to access remotely.
    Senator King. And that is the key term is physical access.
    The Ukraine hack was done remotely, and the problem is once 
they get through whatever the defenses are, if the whole system 
can be run from the computer, then we are sunk.
    Mr. Stacey. That's correct.
    One of the biggest lessons learned, I believe, from the 
Ukraine incident is being able to protect that remote access 
both from others having access and also so that we can, the 
asset owner, can have secure remote access.
    Senator King. Well as I understand the history of the 
Ukraine hack, one of the first things they did was change all 
the passwords so the operators couldn't get back into their own 
systems, and then they put malware in. I think it showed that 
they had a sense of humor because the last thing they did was 
turn out the lights in the control room. [Laughter.]
    Well, I hope this legislation will be helpful to you in 
focusing on this particular aspect. This is not intended to be 
the be all and end all for cyber security. Clearly, that is a 
massive issue.
    We are trying to focus on this one area that the Ukraine 
hack and the aftermath suggested, like the important one 
possibility is simply air gapping some of these data systems. 
But I understand there are vulnerabilities and limits to that. 
This is another option.
    Mr. Manning, your thoughts?
    Mr. Manning. Well I could not help but think about your 
reference to air gap.
    During my time at TVA our system was air gapped. But you're 
still vulnerable if there's physical access because you may not 
be vulnerable as much to the intrusion from outside cyber, but 
you're vulnerable from an inside actor who may give access to 
someone, to an even an air gap system, via some other means.
    Senator King. I was interested in your comments that we 
need to also be talking about security of operators.
    Mr. Manning. Exactly.
    Senator King. Internal people rather than----
    Mr. Manning. It's physical and cyber. And it strikes me 
that all of these things, we have to understand and balance all 
of these factors together because there are many threats and we 
have to manage and balance all of those.
    The complexity of the grid is by design. We added that 
complexity intentionally because we were lacking in areas that 
required that complexity. So the grid is inherently more 
reliable now because of that complexity.
    It is the technology that overlays it that has increased 
that reliability. So it's becoming more and more reliable, but 
the tradeoff is you have that greater threat factor out there 
associated.
    Senator King. You have more points of attack?
    Mr. Manning. Yes.
    Senator King. Not to depress us, but another whole area 
that we have not discussed is risks in the supply chain.
    I have a nightmare of all the bolts in all the 
transmissions in all the vehicles dropping out on the same day 
given that we are not sure where everything is coming from. 
There may be vulnerabilities built into some of the physical 
gaps or whatever it is that we are using. I presume that is 
another, again, echoing the Senator from Louisiana. You all are 
nodding. The record doesn't show nodding. [Laughter.]
    So if you could say yes that would be helpful.
    Thank you all very much for being here today and for your 
good thinking on this very important issue, I appreciate it.
    Senator Risch. Thank you, Senator King.
    Senator Gardner.
    Senator Gardner. Thank you, Mr. Chairman, and thank you to 
the witnesses. This is an incredibly important topic and 
something that is only going to grow as the latency of the 
Internet evolves around us and becomes more and more prevalent 
in everything we do, touch and work with.
    Ms. Hoffman, I just want to start with you. In 2013 there 
was a hack by Iranians of a New York hydropower facility. When 
that occurred where do you fall? Where does Department of 
Energy fall into the notification of that hack? Were you the 
first to notify, the first to find out? How did that process 
work?
    Ms. Hoffman. So with respect to the Dam Sector, the Dam 
Sector actually falls under the Department of Homeland 
Security. So they would notify the entity would coordinate with 
the local FBI as well as the Department of Homeland Security on 
the notification of that.
    That would go through the National Cyber Integration and 
Communication Center. That information would then go out to all 
the sectors with respect to it and be provided to the electric 
sector information sharing organization which would provide it 
to the entities involved.
    Senator Gardner. Okay. So hydro power is not within the 
Electricity Delivery and Energy Reliability Office?
    Ms. Hoffman. No.
    Senator Gardner. Okay.
    Ms. Hoffman. It is not, sir.
    Senator Gardner. And then so, at which point though--it is 
important though that you know about this.
    Ms. Hoffman. Yes.
    Senator Gardner. When are you notified about it and how 
does that notification occur?
    Ms. Hoffman. So we get notified in a coordination call with 
the Department of Homeland Security. We also participate on the 
floor at the end kick. The Department of Energy is an active 
participant there as well as the industry sector.
    And so that ends up being the coordination point in which 
notification comes out regardless of what sector would have an 
incident or a breach.
    We would also have, as part of the government, a unified 
coordination group, a call across the Federal agencies, to make 
sure everybody is on the same page.
    The one thing that's really important with your question. 
It's a valuable question because we want to make sure that we 
have accurate information and get information out to the 
industry as soon as possible so we may have a very early on 
call, early on with respect to the knowledge and details of the 
event to at least give some situational awareness but recognize 
that more information will be coming out over time.
    Like other events or unlike other events, physical events, 
you can generally know that somebody shot a bullet at a 
transformer. But with cyber security, the details tend to have 
to--there has to be more investigation to get some of those 
details.
    Senator Gardner. Would an agency or a department like the 
Department of State Cyber Bureau, would they reach out and 
contact your agency or Department of Energy over a concern, 
perhaps, that North Korea may be pursuing some kind of an 
attack? How does that ever occur?
    Ms. Hoffman. So with respect to any sort of outside 
influences or interests, usually that comes from the 
intelligence community into the Federal Government and then an 
assessment is performed from that point of view. And so, that 
would be the angle that we would get that information.
    Senator Gardner. One of the things I am trying to 
understand from the Department of Defense, to DHS, to 
Department of State, Department of Energy, is how the 
communication process works. I know you mentioned just one 
that, you know, a dam's hydropower go through one system and 
nuclear goes through another system and coal and nuclear go 
through the same or electricity generation through fossil fuels 
go through the same system, but not hydropower. That all goes 
to grid reliability. Is that the best way to do it?
    Ms. Hoffman. So we do have the existing sector specific 
agencies where DHS is in charge of all the critical 
coordination across all the critical infrastructures. The 
Department of Energy is the sector specific agency for the 
energy sector which includes electricity, oil and gas and those 
are the sectors.
    It's predefined how these sectors were developed under the 
National Infrastructure Protection Plan, but the important 
thing is that there is coordination and communication if there 
is something that is going on in the electric sector.
    For example, DHS co-chairs the Electric Sector Coordinating 
Council meetings with the Department of Energy when we bring 
the CEOs in and have these strategy discussions. So there is 
very close coordination. And that is the only way, regardless 
of the structure, the only way we're going to advance 
information sharing communication and get ahead of the 
discussions.
    Senator Gardner. And if you were to have a cyber issue that 
you wanted to address Congress with when it comes to a cyber 
issue and electricity, who do you think the Committee 
responsible for that jurisdiction is?
    Ms. Hoffman. I would actually reach out to multiple 
committees.
    Senator Gardner. Any guess of how many? [Laughter.]
    Ms. Hoffman. No guess, sorry, but thank you for the 
question.
    Senator Gardner. It is part of our problem and one of the 
things I am very concerned about is what you just stated is you 
would reach out to multiple committees because there seems to 
be a lot of heads of cyber and no one responsible body, 
something I am very concerned about.
    Thanks.
    Senator Risch. There's a lot of concern about that, 
Senator. We appreciate that.
    Let's see, Senator Heinrich.
    Senator Heinrich. Thank you, Mr. Chairman.
    Mr. Stacey, I want to go back to the partnership that INL 
and some of our other labs, Sandia and Pacific Northwest have, 
the work that has been done to look at this so far and ask you 
specifically with regard to these data systems what that work 
has generated in terms of generalized vulnerabilities and what 
you are concerned about there and then what are some of the 
standards or things we should be putting in place to mitigate 
those vulnerabilities?
    Mr. Stacey. Let me take the second part of the question 
first.
    I think a lot of the research and work that's been done, 
not only with the national laboratories, but also with industry 
and within the Department of Energy, has driven the NERC CIP 
standards which has really driven more awareness and more 
systematic discipline to overall protection of that process.
    To answer the second question, I would share with you that 
hygiene is an important element but it's not the only element. 
And as we work at the advanced persistent threat and other 
elements of the high consequence, low frequency event, there's 
additional research. And that's where the national laboratories 
come into play and working on things that others can't, won't 
or shouldn't do. Can't because they don't have access to the 
large infrastructure that Chairman Risch mentioned. They can't 
because they don't have the subject matter experts. Or they 
shouldn't for a variety of other reasons. So, we're focused on 
that research.
    And I would tell you that that research is having a 
significant impact. We can't talk a lot about that here, but 
associated with other elements of the government in DOD, that 
research has significantly helped the U.S.'s national security 
posture.
    Senator Heinrich. Okay.
    Mr. Manning, you talked a little bit about EMPs as one of 
these high consequence but low frequency or low probability 
events. Where would you put insider threats in that continuum 
of risk?
    Mr. Manning. That's a difficult question, I think, to 
answer with a distinctive, specific answer. So I don't know how 
to address it other than to say that I think Mr. Highley 
requested some assistance in that regard regarding ensuring 
that our employees are straightforward with us when we hire 
them.
    Senator Heinrich. Right.
    Mr. Manning. I think we don't know how serious this issue 
is because we haven't experienced a real serious issue yet in 
that regard. So it's difficult to handicap it.
    So I couldn't speak----
    Senator Heinrich. It is one of the reasons why I asked the 
question, actually, is because----
    Mr. Manning. Yes, but I can't tell you what is the answer.
    Senator Heinrich. As you pointed out, we have to divvy up 
our resources and our efforts in this based on what we believe 
the risk to be and there are some areas where it is very hard 
to define what that risk is.
    So, we need to figure out, at least, what low resource 
things we can do to mitigate that risk, even if we don't know 
what the gross risk is.
    Mr. Highley, do you want to add anything to that?
    Mr. Highley. It is important that we have access to this 
Federal database, so right now when we run background checks on 
potential employees we can only access the state level 
database, so we can't get that information.
    Senator Heinrich. Are you referring to, like, the tide 
state or the terrorist screening database?
    Mr. Highley. Correct.
    Senator Heinrich. Those----
    Mr. Highley. That the FBI would have access to, so we would 
like to know before we put someone in our critical control 
center.
    Senator Heinrich. Yes.
    Mr. Highley. If they have that kind of background.
    Senator Heinrich. That is very helpful actually.
    Mr. Highley. Yes.
    Senator Heinrich. I want to ask on another, sort of, broad 
scale issue, and it can be Ms. Hoffman or any of you who want 
to jump in on this one.
    One of the things we are seeing change dramatically from 
when I was a kid and my dad was a lineman at the utility and we 
had a centralized system and all the electronics load one way. 
We are seeing generation and things like storage which, kind 
of, act like a lubricant in the grid, migrate to the grid edge 
and to individual customers, storage generation all moving to 
places on the grid that they did not reside originally.
    What does that mean for our resilience? How do we take 
advantage of that when we can? And are we thinking through that 
in addition to just trying to protect the overall architecture 
of the utility and the transmission pieces of that grid?
    Ms. Hoffman. So I'll start real quick, and then I'll pass 
it to my colleagues.
    Thank you for the question because it's important because 
we are looking forward to opportunities where we can isolate 
parts of the grid, looking at microgrids. We can look at 
graceful degradation. We can look at additional support 
capabilities to the grid via energy storage and distributed 
generation, but also local generation.
    Regardless of the type of generation, I think, having a 
good proportional--proportion of generation in each of the 
regions of the country is very valuable.
    And so, from that perspective, those technologies can be 
quite advantageous. But like anything else, those technologies 
must be protected themselves with respect to cyber security 
measures, control systems, even from the generation point of 
view.
    Mr. Manning. Yeah, I would say the same thing.
    Secure technology enabled is the answer to your question. 
Secure technology enables us to take advantage of that and turn 
it from a challenge to a resiliency plus.
    Senator Heinrich. Great. Thank you.
    Senator Risch. Thank you, Senator.
    Senator Hirono, you would be next but we usually go back 
and forth. Do you object to Senator Capito?
    Senator Capito. Thank you, Mr. Chairman, and thank all of 
you who are here.
    Mr. Stacey, I would like to ask the crux of this bill deals 
with the research done by the National Energy Technology Labs. 
As you know, there are many across the country, one in our 
State of West Virginia in Morgantown. I am curious to know you 
are already pursuing this in the Idaho lab.
    What other kind of interplay do you have now with the other 
national laboratories? Are they all involved? Is it just 
centered around certain of those laboratories? And what would 
you envision through this bill in terms of research capacity at 
these different facilities?
    Mr. Stacey. So all of the national labs are working in one 
way or another on cyber security issues. The labs that I 
pointed out earlier, Pacific Northwest National Laboratory and 
Sandia National Laboratory, as well as Idaho National 
Laboratory, we believe, have unique capabilities and skills to 
bring to the industrial control system challenge that we're 
facing.
    But in fact, we shouldn't be restricted. We should have 
access to any of the national laboratories or resources we need 
to address this challenge, this complex challenge that the 
nation----
    Senator Capito. Do you have that now with the other 
laboratories, that kind of collaborative approach?
    Mr. Stacey. You know, I believe we do.
    Senator Capito. You do.
    Mr. Stacey. The national laboratories, early on, were more 
and more competitive. As we get challenges and the budgets are 
reduced you're seeing a renewed interest across all the 
laboratories, more cooperation and collaboration and frankly, 
the national challenge mandates that we take advantage of that.
    So I'm pretty optimistic about the approach and the teaming 
that we have right now across the national laboratory system.
    Senator Capito. Well, good. Thank you.
    Ms. Hoffman, well actually this is for Mr. Highley. My 
question is she did a good recitation as to what would happen 
and who she would, what other government agencies and 
committees would be involved if a breach were to occur and how 
quickly could be acted in a coordinated capacity. In your 
sector, as the electricity provider, do you feel that you are 
in the loop enough or as quick enough as you would want to be? 
Is that something that you are working on? What is that 
collaborative relationship like?
    Mr. Highley. So under the Electric Subsector Coordinating 
Council there's something called the Information Sharing and 
Analysis Center (ISAC), and that's where we would go.
    So we are a hydropower operator. We operate hydropower 
plants on the Arkansas River. And frankly if we had a cyber 
incident occur there we would immediately notify the ISAC. And 
then they disseminate that to the other utilities across the 
country, so that we know about that threat.
    Senator Capito. And they then disseminate to the Department 
of Energy and Homeland Security or is that how that works?
    Mr. Highley. And coordinates with NCCIC and the other 
counterparts.
    Senator Capito. And all that, okay.
    In the description of the bill I thought, well let me find 
the description of the bill that I found interesting. 
``Establishes a two-year pilot program with the national labs 
to examine ways to replace automated systems with manual 
procedures controlled by human operators to remove 
vulnerabilities that allow cyber criminals to access the grid 
through holes in digital software systems.''
    I am thinking to myself, I think today I might have seen a 
driverless car. I am thinking at the end of the day you can't 
replace the eyes on, hands on, mental acuity of a person 
actually driving a car which I immediately got on the sidewalk 
on, or in terms of this.
    So it is interesting to me just looking at it as we evolve 
with all this technology where we, kind of, come back to in the 
end, particularly in the terms of security.
    So I imagine that with that comes a lot of technological 
expertise, maybe some forensic ability to be able to pick this 
up. Are there any institutions in the country that are 
particularly looking at this as a job path, job creation? And 
if they are, maybe you could highlight a few of those for us, 
if anybody knows?
    Mr. Highley. I just would echo the comments of Pat about 
the University of Arkansas and that partnership. I'm very 
familiar with that one to develop that capability.
    Senator Capito. Anybody else, Ms. Hoffman, that you know 
that is working in this direction?
    Ms. Hoffman. Beyond the two universities I mentioned, 
University of Illinois has a strong partnership with power 
system engineers. I think what we're trying to do is really go 
after what capabilities do we need to enable in industry?
    Senator Capito. Right.
    Ms. Hoffman. And build in the educational institution as 
well as the emergency responders so that we actually can have 
an effective restoration process, but get the right information 
out in a timely manner.
    Senator Capito. Right. It would have to come from a whole 
spectrum of educational aspects to be able to really hit that.
    Thank you all very much.
    Senator Risch. Thank you, Senator Capito.
    The vote has been called and Senator Hirono, you can wrap 
it up for us.
    Senator Hirono. I will be quick.
    Ms. Hoffman, the covered entities as defined in S. 3018 
comes from Executive Order 13636 which requires the Department 
of Homeland Security Secretary to consult with sector specific 
agencies which includes DOE in identifying critical 
infrastructure, ``where a cyber security incident could 
reasonably result in catastrophic regional or national effects 
on public health or safety, economic security or national 
security.'' The list of entities is then updated annually.
    Are you confident in the process that the DOE uses to 
identify critical infrastructure under this Executive Order? 
And can you describe how the DOE engages with DHS in this 
annual process? And I might add that the list of critical 
infrastructure through this process is classified, isn't it?
    Ms. Hoffman. The list, I think, as a complete set is 
classified. Individuals, there can be conversations with 
individuals on that list.
    But first of all, thank you for the question.
    Identification, prioritization of critical entities and 
critical infrastructure gets to the crux of what we need to do 
in making sure that we're focusing on the right points on the 
system to advance technology but advance cyber security 
measures.
    With respect to the evaluation, we did a very transparent 
collaborative process with industry and the Federal Government 
looking at the criteria which was significant economic impact 
as well as potential impact to health and safety, were some of 
the criteria that was looked at in that evaluation. So with 
respect to the electric sector it was companies that would have 
a high economic impact in the United States and as well as 
associated critical infrastructures with those companies.
    Senator Hirono. So when you apply that kind of criteria 
there would be states, possibly such as Alaska or Hawaii, where 
we may not have what may be termed a national impact and 
therefore, how can we be assured that the proper analysis is 
done with regard to our grid to identify very specific, 
specifically, where the areas of vulnerability are either to 
physical attack or cyber-attack? Can we get help to--in this 
kind of analysis of our grid?
    Ms. Hoffman. Absolutely, Senator. I would love to sit down 
and talk to you and understand more the critical assets and the 
things that you're concerned about. And we can make sure that 
we incorporate that in our discussions and our activities 
moving forward.
    Senator Hirono. That is always a concern of mine whenever 
we have national legislation that kicks off with some kind of a 
program or assistance and then there is a criteria that you 
have to show a national impact. Obviously for noncontiguous 
states that is a little hard to show, and I think it really 
disadvantages Alaska and Hawaii. I just wanted to make that 
point, Mr. Chairman.
    Mr. Manning, the Department of Defense's recent Smart Power 
Infrastructure Demonstration for Energy Reliability and 
Security, better known as SPIDERS program, included projects to 
boost energy security at Joint Base Pearl Harbor Hickam and 
Camp Smith in Hawaii. I have worked to promote energy 
resiliency at military installations in the DOD Energy Security 
Act which I had introduced along with Senator Wyden.
    Clearly this is a rhetorical question that if it is a good 
thing that if our installations could get off the grid so that 
they can be pretty much self-sufficient. My question is could 
you talk a little bit about how a functioning military 
installation could help recovery of the larger grid if 
something happens to the larger grid?
    Mr. Manning. So I think it's not just specific to military 
installations but to a trend of microgrids in general. And the 
ability of a microgrid to integrate in and out of the existing 
grid, I think, is a function of technology in the ability to 
synchronize those grids together and to operate them either 
independently or dependently and to be free to move in and out 
of that continuum.
    I think with a number of the military bases we were very 
focused on the ability to operate either separately isolated or 
operate in conjunction with the grid. And ultimately I think 
that provides you the best scenario going forward because you 
may always decide I want to operate in this mode or the other 
or you may change depending on current conditions.
    Senator Hirono. Well that makes a lot of sense. So as more 
and more, for example, military installations become energy 
self-sufficient that that thought that the synchronization is 
as something that gets built into the design of the----
    Mr. Manning. Absolutely. And it's another example of where 
technology is enabling greater resiliency and greater poise 
going forward.
    Senator Hirono. Thank you, Mr. Chairman.
    Senator Risch. Thank you.
    Those interesting sounds you have heard indicate that we 
have got to get down to vote. So I never have figured out 
exactly how that works, but I know you have got to run to the 
floor when you hear the sound. So that is where we are.
    With that, I am going to conclude the hearing.
    I am going to leave the record open. Senator King and I, as 
sponsors of this bill, and for that matter, everyone on the 
Committee, sincerely appreciate all of you coming today to give 
us your input. But we want to get this right. Obviously it is 
not an area that is particularly controversial, but it is 
highly technical and it is important that we do get it right.
    If we have overlooked something, if there is something that 
you want to get your two cents worth in on this, I would really 
urge you to do that. I am going to keep the record open until 
this week, Friday at five o'clock, so you can get anything in 
that you want to.
    Senator Risch. Senator King, anything else for the good of 
the order?
    Senator King. No, I think I was just going to tell Mr. 
Stacey if we get this bill through I will personally deliver a 
sextant to the Office of the Idaho National Lab. [Laughter.]
    Senator Risch. Senator King, you have been threatening to 
come the INL and have not made it yet.
    Senator King. This is going to be the occasion.
    Senator Risch. We are going to get you there someday.
    Anyway, thank you so much, all of you. We will end the 
hearing, declare the hearing closed.
    [Whereupon, at 3:42 p.m. the hearing was adjourned.]

                      APPENDIX MATERIAL SUBMITTED

                              ----------   
                              
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]