[Senate Hearing 114-721]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 114-721

                   ASSESSING THE SECURITY OF CRITICAL
        INFRASTRUCTURE: THREATS, VULNERABILITIES, AND SOLUTIONS

=======================================================================

                                 HEARING

                               BEFORE THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED FOURTEENTH CONGRESS


                             SECOND SESSION

                               __________

                              MAY 18, 2016

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
        
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]       
        
        
                    U.S. GOVERNMENT PUBLISHING OFFICE                    
23-709 PDF                  WASHINGTON : 2017                     
          
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected].       
        

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin Chairman
JOHN McCAIN, Arizona                 THOMAS R. CARPER, Delaware
ROB PORTMAN, Ohio                    CLAIRE McCASKILL, Missouri
RAND PAUL, Kentucky                  JON TESTER, Montana
JAMES LANKFORD, Oklahoma             TAMMY BALDWIN, Wisconsin
MICHAEL B. ENZI, Wyoming             HEIDI HEITKAMP, North Dakota
KELLY AYOTTE, New Hampshire          CORY A. BOOKER, New Jersey
JONI ERNST, Iowa                     GARY C. PETERS, Michigan
BEN SASSE, Nebraska

                  Christopher R. Hixon, Staff Director
         Brooke N. Ericson, Chief Counsel for Homeland Security
              Jose J. Bautista, Professional Staff Member
   Servando H. Gonzales, U.S. Customs and Border Protection Detailee
              Gabrielle A. Batkin, Minority Staff Director
           John P. Kilvington, Minority Deputy Staff Director
         Abigail A. Shenkle, Minority Professional Staff Member
      Matthew R. Grote, Minority Senior Professional Staff Member
                     Laura W. Kilbride, Chief Clerk
                   Benjamin C. Grazda, Hearing Clerk
                            
                            
                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Johnson..............................................     1
    Senator Carper...............................................    14
    Senator Peters...............................................    16
    Senator Tester...............................................    19
    Senator Portman..............................................    23
    Senator Ayotte...............................................    26
    Senator Heitkamp.............................................    30
Prepared statements:
    Senator Johnson..............................................    45
    Senator Carper...............................................    46

                                WITNESS
                        Wednesday, May 18, 2016

Major General Donald P. Dunbar, Adjutant General, State of 
  Wisconsin......................................................     3
Thomas L. Farmer, Chair, Cross-Sector Council, Partnership for 
  Critical Infrastructure Security...............................     5
Ted Koppel, Author, ``Lights Out: A Cyberattack, a National 
  Unprepared, Surviving the Aftermath''..........................     7
Scott I. Aaronson, Managing Director, Cyber and Infrastructure 
  Security, Edison Electric Institute............................     9

                     Alphabetical List of Witnesses

Aaronson, Scott I.:
    Testimony....................................................     9
    Prepared statement...........................................    66
Dunbar, Major General Donald P.:
    Testimony....................................................     3
    Prepared statement...........................................    48
Farmer, Thomas L.:
    Testimony....................................................     5
    Prepared statement...........................................    57
Koppel, Ted.:
    Testimony....................................................     7
    Prepared statement...........................................    64

                                APPENDIX

ICIT Report submitted by Senator Portman.........................    75
American Public Power Association/National Rural Electric 
  Cooperative Association statement submitted for the Record.....   119
Responses to post-hearing questions for the Record
    Mr. Dunbar...................................................   121
    Mr. Farmer...................................................   125
    Mr. Koppel...................................................   127
    Mr. Aaronson.................................................   129

 
                   ASSESSING THE SECURITY OF CRITICAL.
         INFRASTRUCTURE: THREAT, VULNERABILITIES, AND SOLUTIONS

                              ----------                              


                        WEDNESDAY, MAY 18, 2016

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:01 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Ron Johnson, 
Chairman of the Committee, presiding.
    Present: Senators Johnson, Portman, Lankford, Ayotte, 
Ernst, Sasse, Carper, McCaskill, Tester, Heitkamp, Booker, and 
Peters.

             OPENING STATEMENT OF CHAIRMAN JOHNSON

    Chairman Johnson. Good morning. I want to thank all of our 
witnesses for taking the time to join us here and for your 
thoughtful testimony. I am looking forward to the hearing.
    Senator Carper is at a different committee hearing right 
now. He will be joining us later. And, we have a number of 
Members that also will but are running behind, but I would like 
to get started and be respectful of your time.
    When I first took over the Chairmanship of this Committee, 
coming from a business background as a manufacturer, I 
certainly found that developing a mission statement for any 
organization is pretty helpful. It directs the activity of the 
organization. So, working with Senator Carper, we developed a 
pretty simple mission statement: to enhance the economic and 
national security of America. They are inextricably linked.
    This Committee is really two committees in one: Homeland 
Security and Governmental Affairs. It is like the House 
Oversight Committee and Homeland Security.
    On the homeland security side of the Committee, we 
established four primary priorities; border security, 
cybersecurity, protecting our critical infrastructure, 
including our electrical grid, and then doing whatever we can 
to combat Islamic terror and other violent extremists to keep 
the homeland safe. We have been pursuing that mission 
statement. We have been addressing those top priorities.
    I guess it was about a year ago when we held our first 
hearing on the potential threat of electromagnetic pulses 
(EMP). We had former Central Intelligence Agency (CIA) Director 
James Woolsey. We had Dr. Richard Garwin, who worked with 
Enrico Fermi. I believe Dr. Fermi referred to Dr. Richard 
Garwin as one of the few true geniuses he had ever met. So, 
some smart people who even though some people consider, for 
example, the threat of EMP hokum, I asked pointblank these 
individuals, ``Do you think it is hokum?'' The answer was an 
unqualified, ``No, absolutely not.''
    Mr. Koppel, I truly appreciate the fact that you have 
written this book to raise public awareness of the 
vulnerabilities that we have with our electrical grid.
    In the 2001 National Defense Authorization Act, they 
authorized EMP commissions to take a look at the potential 
threat posed by things like EMP and potentially geomagnetic 
disturbances as well. That 2008 commission established some 
recommendations that were to be undertaken by the Department of 
Homeland Security (DHS) and the Department of Energy (DOE). I 
am going to take time to read them. They go A through O, and I 
just want to take time to read what the 2008 EMP Commission 
recommended:

    ``A. To understand system and network-level 
vulnerabilities, including cascading effects.''
    ``B. Evaluate and implement quick fixes.''
    ``C. Develop national and regional restoration plans.''
    ``D. Assure availability of replacement equipment.''
    ``E. Assure availability of critical communications 
channels.''
    ``F. Expand and extent emergency power supplies.''
    ``G. Extend black start capability.''
    ``H. Prioritize and protect critical nodes.''
    ``I. Expand and ensure intelligent island capability.''
    ``J. Assure protection of the high-value generation 
assets.''
    ``K. Assure protection of high-value transmission assets.''
    ``L. Assure sufficient numbers of adequately trained 
recovery personnel.''
    ``M. Simulate, train, exercise, and test the recovery 
plan.''
    ``N. Develop and deploy system test standards and 
equipment.''
    ``O. Establish installation standards.''

    Now, again, I realize that is kind of short, bullet-point 
form, but to me those are some pretty reasonable 
recommendations. The Secretary of the Department of Homeland 
Security and the Secretary of the Department of Energy were 
basically--it was recommended that their agencies start 
addressing these quick fixes, these recommendations.
    In our hearing, a report of the Government Accountability 
Office (GAO) basically reported that none of these had been 
done. This was, again, 2008, the results of a 2008 EMP 
Commission. Here we are in 2015, now here we are in 2016. None 
of this has been done. People are not taking this threat 
seriously, and we have to.
    So, again, the purpose of this hearing is to lay out the 
realities, the very complex problem. Again, I am not an 
electrical engineer, but we have to start looking at exactly 
what the vulnerabilities are. We have to identify it. We have 
to define it. And, from my standpoint, we have to take that 
first step in solving any problem, which is admitting we have 
one, which is the purpose of this hearing.
    Now, I do have a written statement for the record that I 
would ask to be entered,\1\ without objection.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Johnson appears in the 
Appendix on page 45.
---------------------------------------------------------------------------
    We will wait for Senator Carper. When he comes, we will see 
if he wants to offer an opening statement. But until that point 
in time, it is the tradition of this Committee to swear in 
witnesses, so if you will all rise and raise your right hand. 
Do you swear that the testimony you will give before this 
Committee will be the truth, the whole truth, and nothing but 
the truth, so help you, God?
    General Dunbar. I do.
    Mr. Farmer. I do.
    Mr. Koppel. I do.
    Mr. Aaronson. I do.
    Chairman Johnson. Thank you.
    Our first witness is Major General Dunbar. General Dunbar 
is Wisconsin's adjutant general. In this role, General Dunbar 
commands the Wisconsin National Guard and is responsible for 
emergency management. He also serves as Wisconsin's homeland 
security adviser, chairs the Homeland Security Council, and is 
the senior State official for cyber matters. Previously, he 
served in the U.S. Air Force, the Washington Air National 
Guard, and National Guard Bureau.
    General, thank you for your service, and we would welcome 
your testimony.

   TESTIMONY OF MAJOR GENERAL DONALD P. DUNBAR,\1\ ADJUTANT 
                  GENERAL, STATE OF WISCONSIN

    General Dunbar. Thank you, Senator. Good morning, and good 
morning to Members of the Committee. Thank you for the 
opportunity to speak today. I am the adjutant general for the 
State of Wisconsin, and although I appear before you today in 
uniform, I want to stress that I am appearing on behalf of the 
State of Wisconsin in a State status. I am not on active duty 
orders, and no one in the Defense Department (DOD) has seen, 
reviewed, or approved my remarks.
---------------------------------------------------------------------------
    \1\ The prepared statement of General Dunbar appears in the 
Appendix on page 48.
---------------------------------------------------------------------------
    I am privileged to command Wisconsin's National Guard. As 
you know, the National Guard is constitutionally unique. It has 
two foundational roles: We are the primary combat reserve of 
the U.S. Army and the U.S. Air Force and the first military 
responders in the homeland.
    You mentioned my other roles. Thank you for that. It is an 
honor to appear before the Committee to discuss critical 
infrastructure.
    Critical infrastructure is a shared responsibility. The 
Federal Government has a substantial role as do the industry 
leaders who generally own and operate the infrastructure. 
However, States have a leadership role as well. I will touch 
briefly on our organization, our strategy, and our efforts at 
addressing the threats to critical infrastructure in Wisconsin.
    We did not create a separate agency to manage homeland 
security, choosing instead to rely on existing roles and 
responsibilities. Our Governor created a Homeland Security 
Council, which includes representatives from State agencies and 
first responders who are joined by Federal partners and 
industry leaders regularly to attend and participate.
    Our homeland security strategy is updated quadrennially 
after each gubernatorial election and provides a framework to 
guide continuing efforts in preparation and protection of our 
communities and citizens. It also guides our investment of 
State and Federal resources. The strategy seeks to ensure that 
our first responders are trained and equipped, that our 
critical infrastructure is safe and secure, and that we 
continue to plan and prepare for emergencies and disasters that 
may impact our State.
    This strategy is our keystone document. It has four 
priorities: cybersecurity, preventing and protecting against 
asymmetric/terrorist threats, catastrophic incidents, and 
capability sustainment. Each priority has identified goals and 
objectives designed to be specific and measurable.
    Time does not allow for an in-depth discussion on all 
aspects of our efforts, but we are working on lines of effort 
to mitigate the threats to critical infrastructure. I will 
highlight just a few.
    In cybersecurity, we have developed at State expense a 
framework of five State cyber teams prepared to assist State 
and local government with cyber response. Three of these teams 
consist mainly of State and local professionals who, by 
agreement, have permission to respond when activated for 
response. We are developing a fourth team consisting of 
industry leaders which will also be available to respond, and 
our fifth team will come from the National Guard. We currently 
have in the National Guard a computer network defense team that 
helps protect our portion of the DOD network.
    The new team that we are building will be a computer 
protection team in collaboration with the Illinois Army 
National Guard. This team will be operational by the end of 
2019, and although trained to meet the Army's military 
requirements, it is fully available for State active duty at 
the Governor's discretion.
    The Wisconsin National Guard is finalizing an agreement 
with several of our utility companies. Our agreement is aimed 
at information sharing and the potential for National Guard 
physical support. We initiated this relationship after learning 
of certain real-world events, such as the attack in Metcalf.
    Wisconsin Emergency Management (WEM) and the Department of 
Natural Resources partnered with our railroad commissioner and 
major rail lines and have arranged for a cache of critical foam 
to be stored regionally at no expense in case we have an oil 
spill and fire on our rail lines.
    We have also revamped our HazMat structure, creating more 
versatile and regionally diverse teams that are strategically 
located consistent with population density and key lines of 
communication.
    We are working with our Public Service Commission (PSC) and 
our utilities to understand better the threat to our electric 
grid and actively seeking ways to mitigate potential effects.
    As an example, we are working with our public water and 
sewage utilities, all of whom have generator backup for their 
systems. However, all of these systems require diesel fuel, and 
we are working hard to make sure we have a solid plan for 
delivery in an outage.
    Another area we are discussing, although this is much more 
difficult given our utilities' sophistication, is the physical 
backup to utility systems. I am no expert, but I took note of 
the recent cyber attack in the Ukraine which disrupted their 
power system. Clearly, Ukraine is not a system on par with the 
system of the United States; however, when they understood that 
the attack was a cyber attack, they switched to manual backup. 
Based on open-source reporting, this occurred after about 6 
hours. The cyber network may yet still be infected, but the 
power disruption lasted only 6 hours. To my mind, that is a 
powerful lesson worth exploring, and we are working with our 
PSC to ask these questions of our utility partners.
    Last, I will mention that our National Guard works closely 
with emergency management across the board in planning for and 
exercising our emergency plans. We are certainly not alone in 
this aspect, as the National Guard across the Nation has unique 
relationships with law enforcement, firefighters, Federal 
agencies, and industry partners. Always ready, always there, we 
provide our Nation's Governors with a surge force that is 
highly trained and relevant across the domestic response 
spectrum.
    I have submitted my written testimony for the record and 
greatly appreciate the opportunity to appear today and offer 
these brief remarks. I look forward to any questions you may 
have.
    Chairman Johnson. Thank you, General Dunbar. By the way, 
your written testimony is entered into the record.
    Our next witness is Tom Farmer. Mr. Farmer is the chair of 
the Partnership for Critical Infrastructure System (PCIS) 
Cross-Sector Council. Mr. Farmer worked with the lead 
representatives for each of the critical infrastructure sectors 
and with senior government officials in coordinated efforts to 
advance priorities and capabilities in critical infrastructure 
protection and resilience. He also serves as assistant vice 
president for security for the Association of American 
Railroads. Mr. Farmer.

TESTIMONY OF THOMAS L. FARMER,\1\ CHAIR, CROSS-SECTOR COUNCIL, 
        PARTNERSHIP FOR CRITICAL INFRASTRUCTURE SECURITY

    Mr. Farmer. Thank you, sir, very much. Chairman Johnson, 
Members of the Committee, and staff, thank you very much for 
this opportunity to address the priorities and cooperative 
efforts of the Partnership for Critical Infrastructure Security 
Cross-Sector Council in critical infrastructure protection.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Farmer appears in the Appendix on 
page 57.
---------------------------------------------------------------------------
    As the current Chair, I am privileged to speak for a group 
of dedicated professionals across industries who volunteer 
their time and efforts to take on leading and organizing 
capacities in their respective sector coordinating councils, 
those forums formed in the National Infrastructure Protection 
Plan (NIPP) that enable industry to communicate and coordinate 
effectively with government.
    It is the respective efforts of these professionals that 
merit attention, for they represent a sustained commitment to 
partnerships and action, partnerships within their sectors, 
across sectors, and with Government.
    The written statement submitted to the Committee addresses 
a sampling of their efforts. Their scope exceeds the time 
available for a fuller delineation here, but as I prepared for 
the hearing, a representative of the dam sector, the Chair of 
the Dam Sector Coordinating Council well captured their scope 
in a delineation of his sector's activities: preparedness 
planning, exercises within the sector among dam facilities, 
cross-sector exercise with government officials and 
representatives of other industries, information sharing, 
cybersecurity guidelines and tools that are developed in 
partnership with government, training and webinars focused on 
security awareness and preparedness.
    Each of the sectors' leads consistently delineate very 
productive, proactive efforts on behalf of their respective 
sectors. Across sectors we are supporting these efforts by 
outreach and capabilities offered by government organizations. 
They include the Department of Homeland Security, the Federal 
Bureau of Investigation (FBI), the Office of the Director of 
National Intelligence (ODNI), the various sector-specific 
agencies, and State fusion centers. The support in these areas 
is fundamental to enhance and sustain effectiveness in critical 
infrastructure protection, areas like intelligence assessments, 
information sharing, risk assessments, resiliency assessments, 
tailored training and exercise programs, guidance materials for 
organizational and sector-based preparedness planning, and 
focused engagement on particular threats or security concerns.
    This extensive body of work creates opportunities that draw 
insights, that glean lessons learned, to apply them practically 
in security posture, and in protective measures. A colleague in 
the Sector Coordinating Council well captured the concept with 
the phrase ``next-level analysis,'' and priorities of our 
council emphasize this concept.
    What we are talking about is knowing what we can know as 
thoroughly as possible, about using information proactively, 
about analyzing the wealth of experience gained by the 
expansive and effective work undertaken by DHS, FBI, and other 
components, particularly focusing on trends, on patterns, on 
indicators of recurring concerns.
    Terrorism provides one example. Investigations of attacks 
and attempts and disrupted plots reveal over and over again 
indicators that were experienced, observed, and encountered 
that preceded the event. But their significance often was not 
understood, even if they were reported.
    Similarly, active shooter investigations reveal similar 
behavioral indicators that preceded the events. We must and can 
learn from this adversity, through analysis that highlights 
those recurring indicators of preparations, analysis that 
enables professionals in industry and government to identify 
the opportunities for security measures, and activities to make 
a difference.
    We are very familiar with the ``See Something, Say 
Something'' campaign. It works. But we can make it better. With 
this type of analysis, we can advance and information the ``See 
Something, Say Something'' concept, emphasizing those 
observable indicators and activities and preparations that have 
preceded acts of lethal and destructive violence time and 
again, and apply that information in security, training, and 
awareness initiatives with employees across industries to 
inform their vigilance both on the job and in their home 
communities.
    In cybersecurity, as we contemplate the hundreds of onsite 
and virtual assistance visits provided by DHS and FBI in 
response to cyber attacks, as we look at the in excess of 1 
million indicators of concern that have been disseminated by 
DHS to the private sector, opportunity emerges again, for 
analysis that produces a cyber threat profile, a profile we can 
update on a recurring basis, to help organizations across 
sectors understand what they are most likely to see in terms of 
how cyber threats materialize. What are those vulnerabilities 
that are so often exploited? What are those protective measures 
too often found lacking?
    Now, as these analyses are produced why dissemination is 
essential, we need to make sure we have depth of penetration 
across government and industry. In the Cross-Sector Council, we 
have partnered with DHS to do just that, leveraging existing 
councils in government and industry to ensure that information 
in a timely manner reaches those who are best equipped to get 
it out to their respective constituencies.
    We have also introduced the capability to share classified 
information and tested it on April 26. Two components of the 
Wisconsin fusion center participated. And, as part of that 
effort, we focus on ensuring that as the intelligence community 
(IC) produces products that are classified, they also produce 
an unclassified ``tear line,'' a version that all who attend 
the briefing can take back to their organizations to inform 
vigilance and security measures.
    The efforts of the respective councils are sound. They are 
proactive. No one is resting on laurels. We consistently seek 
opportunities to progress, and our shared objective of 
enhancing critical infrastructure protection is attainable.
    I thank you very much for this opportunity to participate 
in this esteemed forum today.
    Chairman Johnson. Thank you, Mr. Farmer.
    Our next witness is Ted Koppel. Mr. Koppel is the author of 
the book ``Lights Out''--I have a copy. Unfortunately, I do not 
have the cover. When I actually read books, I take it off. It 
is ``Lights Out: A Cyberattack, a Nation Unprepared, Surviving 
the Aftermath.'' He is also a 42-year veteran of ABC News where 
he served as anchor and managing editor of the ``Nightline'' 
program from 1980 to 2005. And, I would point out this is 
actually my brother's book. He gave it to me. I would say he is 
a little alarmed. ``Did you know this? '' I was aware.
    Mr. Koppel, thank you for coming here. I look forward to 
your testimony.

      TESTIMONY OF TED KOPPEL,\1\ AUTHOR, ``LIGHTS OUT: A 
  CYBERATTACK, A NATION UNPREPARED, SURVIVING THE AFTERMATH''

    Mr. Koppel. Mr. Chairman, Mr. Ranking Member, Members of 
the Committee: Your late colleague, the distinguished Senator 
from New York, Daniel Patrick Moynihan, liked to say that each 
of us is entitled to his own opinion; we are not, however, 
entitled to our own facts. That observation, which once seemed 
both sensible and self-evident, can no longer be taken for 
granted.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Koppel appears in the Appendix on 
page 64.
---------------------------------------------------------------------------
    In a political climate where even the President's status as 
a natural-born American citizen remains the object of doubt for 
more than a quarter of our population as he nears the end of 
his second term in office, in that climate it will be difficult 
to settle the far more complex issue before the Committee this 
morning: Is the Nation at risk of a crippling cyber attack 
against elements of our infrastructure in general and against 
one or more of our electric power grids in particular? After 
more than a year of research into the question, I believe the 
answer to be ``yes.''
    Simply stated, the electric power industry is made up of 
3,200 separate companies linked in a network that both 
generates and distributes electricity. For the system to 
function, a perfect balance has to be maintained between the 
amount of electricity being generated and the amount being 
distributed. Only the Internet is capable of maintaining that 
exquisite balance at all times. The Internet was never designed 
to be defended. The Internet remains vulnerable to cyber 
attack. Evidence of that vulnerability is accumulating every 
single day in private industry, government agencies, and in 
breaches of our personal data. General Keith Alexander, the 
former head of the National Security Agency (NSA), likes to say 
that there are only two kinds of companies--those that have 
been hacked and those that do not yet know it.
    Members of this Committee are certainly familiar with the 
conclusion of our intelligence agencies that the Chinese and 
the Russians have already mapped and penetrated the systems 
that control our electric power grids. Iran is not far behind. 
Nations like North Korea and Syria are enhancing their cyber 
warfare capabilities. It is surely only a matter of time before 
a terrorist group, unrestrained by any geopolitical interests, 
acquires the capability to attack one of our power grids.
    The problem, as Tom Ridge, our first Secretary of Homeland 
Security, noted, is that ours is a reactive, not a pre-emptive 
society. In the wake of the attacks on September 11, 2001, the 
United States embarked on actions and expenditures that would 
have been inconceivable only a week earlier.
    My message to this Committee this morning is simple: The 
Nation cannot wait for a cyber attack on the grid before making 
preparations for its consequences. It is my belief--and again, 
this Committee has access to more information on this subject 
than--I believe that while the Department of Homeland Security 
has plans for dealing with the consequences of hurricanes, 
blizzards, floods and earthquakes, it has no discrete plan for 
dealing with the aftermath of a cyber attack on one of the 
Nation's power grids. The Department's recommendations for each 
disaster are essentially the same: a 2-to 3-day supply of food 
and water for each person, a plan for families to meet at a 
pre-arranged point, a supply of essential medicines, 
flashlights, and a battery-powered radio.
    A cyber attack against one of our electric power grids 
could deprive tens of millions of Americans of electricity for 
a period of weeks or even months. I asked Homeland Security 
Secretary Jeh Johnson what, exactly, he would be telling 
Americans on their battery-powered radios after an attack that 
he was unwilling or unable to share now. He gestured toward a 
shelf carrying several white binders: ``I am sure there is a 
plan up there somewhere,'' he told me. I do not share the 
Secretary's confidence.
    We have neither the adequate food supplies to take care of 
those millions who decide to shelter in place, nor the 
collaborative plans with State governments to house and feed 
what could amount to tens of millions of internal refugees. If 
we began tomorrow, Mr. Chairman, implementing such plans would 
still take a couple of years.
    I thank the Committee for its attention to this critical 
issue.
    Chairman Johnson. Thank you, Mr. Koppel.
    Our final witness is Scott Aaronson. Mr. Aaronson served as 
the managing director for Cyber and Infrastructure Security at 
the Edison Electric Institute (EEI). Prior to joining EEI, Mr. 
Aaronson served as a senior adviser to the Chairman of the 
House Foreign Affairs Committee and Senator Bill Nelson. Mr. 
Aaronson.

TESTIMONY OF SCOTT I. AARONSON,\1\ MANAGING DIRECTOR, CYBER AND 
       INFRASTRUCTURE SECURITY, EDISON ELECTRIC INSTITUTE

    Mr. Aaronson. Thank you, Chairman Johnson and Members of 
the Committee. I am glad to be here today to discuss security 
of the power grid. We appreciate you holding this important 
hearing and that Mr. Koppel chose this subject for his book. As 
owners and operators of some of the Nation's most critical 
infrastructure, we share his concern and the Committee's to 
ensure that the grid is secure and resilient.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Aaronson appears in the Appendix 
on page 66.
---------------------------------------------------------------------------
    From some of the headlines and movie script scenarios out 
there, you might think that we are not doing anything and being 
complacent, that a month-long power outage is inevitable. If 
there is one thing that you take from my testimony today, it is 
to understand that the industry is doing an amazing amount of 
work at all levels all of the time to defend the grid and to 
respond to an incident.
    You have to remember, we live and work in the communities 
that we serve. Our infrastructure is our most important asset, 
so we have every incentive to make security a major priority.
    Since these topics can be sensitive, and even classified 
occasionally, we may not talk about them a lot in public, but 
do not take that lack of discussion for inaction. My written 
testimony has more extensive details on how electric companies 
address threats, so I will not read that to you. But I do want 
to go through what we effectively call the three legs of the 
stool that make up security for the electric grid.
    The first leg of the stool is standards. The electric 
industry has mandatory and enforceable critical infrastructure 
protection (CIP), regulatory standards for both cyber and 
physical security. These are not lax, lowest common denominator 
standards. These are rigorous requirements that improve the 
industry's security posture. Failure to comply can cost up to 
$1 million per infraction per day, so suffice it to say there 
is a lot of incentive to comply. But compliance does not equal 
security. Security is not a check-the-box exercise; if I do X, 
Y, and Z, I am secure. No. You have laid a foundation for 
security.
    The second part of what makes for full security, and the 
second leg of the stool, are partnerships. It has already been 
said--I think it was Major General Dunbar--that protection of 
critical infrastructure is a shared responsibility. In order to 
be prepared for an ever-changing threat environment, industry 
and government are partnering at an extremely high level. In 
addition to my role at EEI, I also am part of the secretariat 
for the Electricity Subsector Coordinating Council (ESCC). 
Along with the cooperative and public power segments of the 
industry, the ESCC is made up of 30 Chief Executive Officers 
(CEOs) from across the sector. These CEOs are meeting regularly 
with senior government officials from the White House, DHS, 
DOD, FBI, intelligence community, and the Department of 
Energy--our sector-specific agency.
    They do not just meet to simply update each other or pat 
each other on the back and say, ``We are doing a great job.'' 
They are setting a strategic vision for how we can improve the 
security posture of the industry and, by extension, the Nation, 
bringing together government and industry capabilities in a 
concerted way.
    So, the ESCC focus is on four major issues, and I will go 
through each of them briefly.
    The first is deploying tools and technology. The focus here 
has been moving government-developed tools to industry 
applications to improve situational awareness, and the best 
example of that is the Cyber Risk Information Sharing Program 
(CRISP), which you can find in my testimony.
    The second is improving the flow of information, making 
sure the right people are getting the right information at the 
right time. From classified briefings for executives to 
actionable intelligence for operators, government and industry 
are sharing threat information more often and more easily.
    The third is coordinating with other sectors. While 
electricity is always described as the most critical of the 
critical--everybody relies on us--without water we cannot 
generate steam or cool our systems; without telecommunications, 
we cannot operate; without transportation and pipelines, we 
cannot move our fuel or move our equipment. There are a lot of 
ways to impact the grid short of attacking the grid.
    To address these interdependencies, the power industry is 
actually working across sectors. And, in fact, Tom Farmer and 
the Nation's railroads have been great partners as we work 
together, for example, to move large transformers during 
incidents.
    The last area of focus for the ESCC also happens to be the 
last leg of the stool. So we have standards; we have 
partnerships. The last is preparations for response and 
recovery. Simply put, electric companies have to be right 100 
percent of the time, and the adversary has to be right only 
once. Given those odds, preparation for an attack is just 
common sense.
    First of all, we have a history of working together to 
restore power after an incident through mutual assistance 
networks where workers from unaffected companies descend on the 
affected company to restore power. We also have robust spare 
equipment sharing programs, including bilateral and 
multilateral arrangements, as well as a fully developed and 
legally binding plan called the Spare Transformer Equipment 
Program (STEP), that requires the sharing of large, hard-to-
replace spare transformers during a national incident.
    We exercise regularly. Of particular note is the North 
American Electric Reliability Corporation (NERC's) GridEx 
series, which brings thousands of owners and operators and 
executives from across North America in the largest exercise of 
its kind. And, now we are developing a cyber mutual assistance 
program to coordinate resources for companies affected by cyber 
incidents.
    The bottom line is this. We are constantly working to 
manage risk, but understand that we can never entirely 
eliminate it. There is not enough money in the world to protect 
against every threat in every location, but we are working to 
prevent incidents from having long-term or devastating impacts. 
We understand that the service we provide is critical to the 
life, health, and safety of Americans. From CEOs to operators, 
the power sector has shown it takes this responsibility 
seriously and is committed to constantly improving its security 
posture as these threats evolve.
    Again, I appreciate the opportunity to be here and look 
forward to answering your questions.
    Chairman Johnson. Thank you, Mr. Aaronson. Let me start 
with you. You just talked about the STEP program, about these 
replacement large power transformers. In our EMP hearing, I 
asked Dr. Richard Garwin how many are critical. What is the 
number of large power transformers that we really need to 
protect. He gave me a ballpark of somewhere between 200 and 700 
of these large power transformers. Would you agree with kind of 
around that assessment?
    Mr. Aaronson. In fact, I do. That is a fair assessment, and 
depending on what criteria you are using, someplace in there 
the number is going to fall.
    Chairman Johnson. So, how many replacements do we have for 
those that are basically ready to be moved into place in case, 
either through a kinetic attack or a cyber attack or EMP or 
geomagnetic disturbance (GMD), those large powerful 
transformers are destroyed?
    Mr. Aaronson. So, the STEP program is actually governed by 
a nondisclosure agreement, so the specific number I cannot give 
you, but I can tell you this:
    No. 1, we are sufficiently spared.
    No. 2, outside of those spares that are dedicated through 
the Spare Transformer Equipment Program, other companies have, 
first of all, operational spares that they use for obvious 
reasons. You will use a spare when you are doing maintenance on 
an active transformer, so you have that in place regardless. We 
have other ways of sharing equipment beyond just the Spare 
Transformer Equipment Program.
    Chairman Johnson. Let me ask you, so would I be able to--
with nondisclosures, could I as a United States Senator find 
out how many we really have to satisfy myself that we really 
are covered?
    Mr. Aaronson. I would have to go back to the industry to 
see if we would be able to breach the nondisclosure for that 
purpose.
    Chairman Johnson. I would appreciate that, because if you 
do not have spares, what is the length of time to replace some 
of these large power transformers?
    Mr. Aaronson. So, the number that we have heard all of the 
time is an 18-month lead time. That is not entirely accurate. 
Under duress, there are ways to procure transformers more 
quickly. You also have to understand that there is a 
significant amount of excess capacity in the system. So, when I 
say that we are looking to be able to operate under duress, we 
may go to a suboptimal State. One of the lessons that was 
learned out of Ukraine is going to a more manual operation. So 
this rush to automation is great because it gives us wonderful 
efficiencies, but it also increases the attack surface. So by 
diminishing the attack surface and looking at the ability to 
operate manually, the ability to operate suboptimally, the 
ability to focus resources on more critical load, whether it be 
hospitals, first responders, military installations, those are 
all things that, because of this CEO leadership, we are 
developing that capability.
    Chairman Johnson. Based on public reports, my--
``assumption'' is probably not the right word, but it sounded 
like the reason Ukraine actually restored power 6 days----
    Mr. Aaronson. 6 hours.
    Chairman Johnson. 6 hours, is because they actually had 
manual breakers, which we really do not have nowadays because 
we are more advanced. We have it all computerized. Correct?
    Mr. Aaronson. The answer is, ``It depends.'' I always hate 
giving that answer, but the answer is, ``It depends.'' In some 
cases, there is the capacity to operate manually. In others, we 
are going to need to continue to develop it.
    Chairman Johnson. OK. General Dunbar, in your emergency 
planning, Mr. Koppel talked about in general we have plans to 
have provisions for 2 to 3 days. Is that pretty much what you 
have planned for Wisconsin in your capacity, in your 
responsibility?
    General Dunbar. Our plans for a long-term power outage, 
taking care of the public, quite honestly our goal is to try 
and keep the people in their homes so they do not add to the 
problem by a mass evacuation. We do rely on the industry for 
the food stocks. It is a concern of mine because one system is 
very efficient as you know, and if something shuts down, it can 
quickly deplete it out. We do not have in Wisconsin a supply of 
meals ready to eat (MREs) beyond what you would expect for the 
National Guard, and even that is limited because at the DOD 
level it has those kinds of supplies.
    Chairman Johnson. Mr. Koppel, I was pretty impressed with 
the level of reporting and the digging you did in your book. 
You did not seem particularly convinced. You seemed to 
certainly ask some pretty hard questions, and you were not 
getting particularly good answers. Do you agree with Mr. 
Aaronson that we are probably sufficiently backed up in terms 
of large power transformers?
    Mr. Koppel. Well, first of all, I am in no position to 
agree or disagree with him because I do not have access to the 
numbers either. What I have heard, and what was in a Department 
of Energy report back in 2014, is that the number of large 
power transformers is quite literally in the tens of thousands. 
So, I am frankly a little bit astonished at the notion that we 
are only talking about--what did you say?--250 or so.
    Mr. Aaronson. 200 to 700.
    Mr. Koppel. 200 to 700. I think, A, the number is greater. 
B, I think that we are dealing with a problem of unique pieces 
of equipment that cannot easily be interchanged. And, C, Mr. 
Aaronson sort of dismissed the notion that it takes up to 18 
months to get a new one, but most of these large power 
transformers are not constructed in the United States. The 
majority--I think about 70 percent of them--are constructed 
overseas. And, by the time you order these and have them built, 
we are talking about pieces of equipment that weigh between 
400,000 and 600,000 pounds. It takes at least a year and up to 
a year and a half to order a new one and have it delivered. And 
even once you get it to the United States, delivering these 
things is incredibly difficult because they tend to overstress 
pieces of infrastructure like failing bridges.
    Chairman Johnson. Mr. Farmer, in your testimony you were 
really concentrating a lot--and this is, of course, good--you 
know, on coordination and communication and planning, that type 
of thing. But can you talk about what we have actually done to 
prepare and protect--physically, what we have done in terms of 
infrastructure to improve our survivability and improve our 
ability to stand the power grid back up?
    Mr. Farmer. Well, I am not specifically qualified to 
discuss in detail the electrical sector. What I can say, 
though, is that there have been very productive partnerships 
fostered through the Cross-Sector Council that enable 
industries to identify interdependencies and then work in 
concert to enhance their resiliency, to enhance their 
preparedness, to address concerns. Scott Aaronson addressed in 
his testimony the cooperation with the railroad industry and 
preparations to move large transformer equipment should we be 
in a situation where, due to some form of damage, a transformer 
is taken out of operation. And the electrical industry, the 
electrical sector approached our industry. We have worked in 
close coordination to do a number of things. One is to have 
preparedness plans in place for railroads to move the 
equipment. We have identified the types of rail cars that move 
the equipment. We maintain a current inventory of where those 
rail cars are. We have worked with the electricity sector 
through exercises the last 2 years.
    Each year, the railroad industry holds an annual security 
exercise. In that exercise, we take actual events and take them 
to another level through realistic terrorism and cyber 
scenarios to stress our industry's security planning, to stress 
our procedures, our decision-making, our actions to address 
concerns, our coordination with Government.
    We have integrated that exercise the last 2 years, 
scenarios involving damage to large power transformers, and 
then the electrical industry calling upon our industry for 
support in their movement. So this inventory is maintained by a 
group called Rail Link that provides informational technology 
(IT) support to our industry. We can generate an updated 
inventory within a matter of minutes to identify where the cars 
are specifically. And during the exercises, railroads' 
operational leads have worked with representatives of power 
utilities on what the transportation plan would look like. We 
are confident that, provided notice of a need, within a matter 
of hours we would have a rail transportation solution in place.
    Chairman Johnson. OK. Thank you, Mr. Farmer. Senator 
Carper.

             OPENING STATEMENT OF SENATOR CARPER\1\

    Senator Carper. Thank you. Thank you so much, Mr. Chairman. 
I want to apologize to our witnesses. As you know, we serve on 
a number of committees, and one of my committees, the Senate 
Environment and Public Works (EPW), was holding what we call a 
markup today, voting on a number of bills, several of which 
were mine, and I needed to be there to defend them. And, so, I 
cannot be in two places at once, but I am pleased to be here 
and thank you all for joining us today on a really important 
subject. So, I am going to go ahead and use this time to give 
an opening statement, and then maybe we will have a second 
round for questions, and I can ask some questions of all of 
you.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Carper appears in the 
Appendix on page 46.
---------------------------------------------------------------------------
    Obviously, what we are discussing today is of immense 
importance--it is in Delaware, and I know it is in the other 49 
States: the security of our critical infrastructure. And, when 
we talk about critical infrastructure, we are not just talking 
about the grid and supply of electricity, but also the 
dependability of our water, even our financial system that 
supports our economy.
    Unfortunately, our electricity and water utilities, as well 
as our banks, are at risk every day in a number of ways. We 
have heard a lot lately about criminals and terrorists 
targeting them online, but these critical services are also at 
risk due to any number of other hazards such as violent storms, 
earthquakes, and even failure due to aging and underinvestment.
    Fortunately Congress, our Administration, and the private 
sector have been hard at work to address vulnerabilities in a 
number of these areas. We have passed legislation in recent 
years to help make our critical infrastructure more secure and 
more resilient. I will mention just a couple of examples.
    In 2014, Members of this Committee worked for many months 
to enact legislation to reauthorize and enhance something 
called the Chemical Facilities Anti-Terrorism Standards (CFATS) 
program at the Department of Homeland Security. This program is 
our front-line defense against terrorist attacks against 
companies that store, manufacture, and process hazardous 
chemicals.
    That same year, 2014, the President signed legislation from 
this Committee to enhance the cybersecurity center at the 
Department of Homeland Security that works with critical 
infrastructure owners to prevent and respond to cyber attacks. 
That same year we also gave the Department of Homeland Security 
that authority that it needed to hire the best and brightest 
cyber talent that is out there.
    Just last year, the President signed cybersecurity 
legislation that the Chairman and I and almost every member of 
this Committee played a key role in drafting. That crucial new 
law makes collaboration between the Federal Government and 
companies grappling with cyber attacks easier and faster while 
protecting privacy concerns.
    This year, we are working hard to ensure proper 
implementation of these and other laws. We are also working to 
streamline and strengthen the office within the Department of 
Homeland Security that helps protect critical infrastructure. I 
have never cared for agencies that have a name that does not 
really explain what they do, and we have one that we call the 
National Protection and Programs Directorate (NPPD), that is 
within the Department of Homeland Security. It does not tell 
you a whole lot about what they do, but what they do is 
important. And, as the Chairman knows, my staff and I have been 
working with the Department of Homeland Security on legislation 
to streamline this office so that it can be a better partner 
with industry. We do this in part by elevating its cyber 
functions and making sure that physical and cyber threats to 
our critical infrastructure are assessed jointly so the left 
hand knows what the right hand is doing.
    We also want to change the name of the agency so people 
have some idea of what they actually do to name it the ``Agency 
for Cyber and Infrastructure Security.'' Doing so will make it 
clearer that when there is a problem with a vulnerability in 
the electric grid or some other piece of critical 
infrastructure, there is no question about who in the Federal 
Government can help, should help, and who can be held 
accountable when things go wrong and may be singled out from 
time to time when there is praise that is due.
    As we know, unfortunately, bad things sometimes happen, and 
the important thing is to be prepared for that when they do. 
So, I want to credit the men and women at the Department of 
Homeland Security, including in NPPD and elsewhere, for the 
hard work they do to ensure our critical infrastructure is 
secure and resilient. As one example of this important work, 
the Department conducts onsite assessments and incident 
response for dozens of critical infrastructure companies every 
year.
    When we talk about critical infrastructure--especially 
systems that we cannot afford to lose even for a few minutes--
this means building resiliency into our policies and practices. 
Today's discussion about critical infrastructure reminds me of 
one very promising technology that is already helping to make 
our country more resilient to electric grid outages. I was a 
naval flight officer for a number of years during the Vietnam 
War. When we were over in Southeast Asia, we were stationed at 
Moffett Field Naval Air Station, and we basically shared that 
large air station with the National Aeronautics and Space 
Administration (NASA). And later on, when Moffett Field was 
closed to active-duty purposes, some private sector companies 
came in and partnered with NASA and have done all kinds of 
amazing things. One of them is called ``Bloom Energy.'' They 
manufacture fuel cells that basically--some of them are 
manufactured in California. They do a lot of the research and 
development (R&D) in California, but they also manufacture fuel 
cells in Delaware. These stationary fuel cells do not require 
additional transmission capability to move electricity to the 
end user, meaning reliable electricity can be provided even 
when the electric grid goes down. Innovative solutions like 
these can help us be a lot better prepared for a variety of 
threats in the future.
    With that, I want to thank you all for coming, and I look 
forward to asking you in a few minutes a few questions. Thank 
you so much.
    Chairman Johnson. Thank you, Senator Carper. Senator 
Peters.

              OPENING STATEMENT OF SENATOR PETERS

    Senator Peters. Thank you, Mr. Chairman, and thank you to 
our panelists for your testimony today. This is certainly a 
very important topic, especially given the changes we are 
seeing in our society in terms of being interconnected in ways 
that are difficult to fathom. Critical infrastructure, 
operational, whether it is dams and bridges, grids, will all be 
connected through the Internet of Things. We are looking at 
millions and millions of objects all connected on this 
elaborate grid, even to the point that our electric toasters 
will be on the grid. So any sort of attack on a grid could 
have, without question, a catastrophic impact on society as we 
know it.
    We will talk about a variety of things. Hopefully we will 
have some additional time, if possible, to talk about some of 
the cyber issues and physical attacks. But one that I want to 
take a little bit of time on is an area that I focused on as a 
result of my work as the Ranking Member on the Space and 
Science Subcommittee as well as being on the Homeland Security 
Committee. And, this is something that we know will happen that 
will be potentially catastrophic to the electric grid if we are 
not fully prepared. And, that is space weather events where you 
have mass coronal ejection from the Sun, which sends particles 
to us here on Earth; it has the impact of compressing the 
magnetic field if it is large enough, which puts huge pulses of 
electricity through pipes, through electrical transmission 
lines, blow up transformers, and shut down vast parts of the 
grid for the country.
    We know it will happen. It happens regularly. Some of them 
are very large. The largest one that we know of is the 
Carrington Event, which occurred in 1859. We did not have a 
whole lot of electricity back then. We only had telegraphs. But 
all of the telegraphs went down in the country. They were all 
shut down as a result of this event. The sky lit up. Folks 
thought it was daytime. They got up, started making their eggs 
and breakfast. It was the middle of the night. But the sky was 
illuminated so brightly from the storm. Our scientists believe 
these storms occur about every 150 years they hit the Earth. 
That last one was 150 years ago, so it has been a while since 
we have seen it.
    We did monitor a storm of that magnitude in 2012 that 
missed the Earth by 7 days, so we can come very close to having 
one of that magnitude as well, which will have a significant 
impact.
    And, so, I have been working with my colleague Senator 
Booker, who is on both committees with me as well. We have 
introduced legislation to provide additional research and data, 
working with the National Oceanic Atmospheric Administration 
(NOAA) and NASA and all of the Federal agencies, including the 
Department of Homeland Security. And, the numbers are quite 
concerning, and the fact that Lloyd's of London estimated that 
if we get hit with another Carrington-type event, the impact to 
our economy would be anywhere from $600 billion to $2.6 
trillion. That is what we are looking at as an impact from one 
of these storms. And, we could see up to 40 million Americans 
without power. And, as we have had this discussion, talking 
about the large transformers, some of that could be a year or 
two. You could have 40 million folks, particularly along the 
eastern seaboard, which is particularly susceptible to these 
kinds of solar events. So just think of New York City without 
power for a year. That is not a good thing. New Jersey without 
power, which is why Senator Booker has been very engaged in 
this as well, a very concerning thing, as well as for me in the 
State of Michigan.
    We have to do a better job of preparing for that, and so I 
would like to ask Mr. Aaronson specifically what sort of 
research and information do you believe electric utility 
companies need from us as we are working on legislation to 
provide more information, more advance warning? What 
specifically do you need to prepare for this event? And how do 
you view it?
    Mr. Aaronson. So, specifically what you said about your 
role on the Space and Science Committee, notice is incredibly 
valuable when it comes to space weather. We actually have GMD 
standards in place. The North American Electrical Reliability 
Corporation, because this is something we have known for quite 
some time could happen, had developed GMD standards which 
dictate operational protocols to mitigate the impact of a 
serious coronal mass ejection.
    So a big part of that is, again, advance notice from an 
operational perspective so that operators can take action to 
shut down certain systems in a graceful way, let the solar 
flare do what it is going to do, and then be able to start back 
up, again, using something called--and it has been discussed 
already--``black start capability,'' which is basically 
starting the grid from scratch.
    Black start standards are in place, GMD standards are in 
place, and additional notice from some of those geostationary 
satellites that give us--I think right now we get about 15 
minutes' notice. Increasing that even to 30 minutes would be 
invaluable.
    Senator Peters. Well, that is an important factor, that we 
may not have a lot of advance notice. Our prediction 
capabilities for space weather are not as advanced as they 
should be. Folks have described it to me that we are where we 
were with hurricane predictions in the 1930s when it comes to 
space weather events. So we have a long ways to go; where we 
may know something is happening, we do not know the magnitude, 
we do not know where it is going to hit. And hurricanes have a 
significant impact on us, but a $2.6 trillion impact to the 
grid that shuts down everything obviously is a major concern.
    So if you had just perhaps 18 hours' notice, is that enough 
time? And what sort of protocols are in place if NOAA, or 
whatever the relevant agency is at the time as we work out some 
of these protocols, says, ``we think this storm is coming? '' 
This may mean you would have to shut down vast amounts of the 
grid in the United States.
    Mr. Aaronson. So, another thing to note is this is 
something that, as we have said, we have known about or know 
could happen for quite some time. And, in fact, there have been 
examples of impact because of GMD, particularly at the higher 
latitudes where the impacts are more pronounced.
    So there have been examples of GMD impacting the grid, but 
for minimal amounts of time. You will note that telegraph lines 
from the 1850s are significantly different than the 
infrastructure we own and operate today. Mr. Koppel during his 
answer to Chairman Johnson was talking about the fact that 
there are literally tens of thousands--45,000, actually, 
substations in the United States, 55,000 in North America. With 
that comes an exceeding amount of redundancy.
    So the reason that the number is closer to between 200 and 
700 of the most critical substations is because those others 
represent excess capacity and redundancy throughout the system. 
It is inaccurate to say that a single geomagnetic disturbance 
would have a universal and unilateral impact across the entire 
grid. So really what you do have to look at is as much notice 
as possible to take those operational protocols to shut down 
the grid to prevent damage, understand that in certain 
instances like that, you have what is called ``voltage 
collapse,'' which means that the systems fail safe, and that we 
are, again, able to restart it through black start procedures. 
And then, obviously, the redundancy and ability to move 
transformers around in order to restore power should a 
particularly damaging geomagnetic storm impact the grid.
    Senator Peters. And I appreciate that comment, which I 
think highlights the fact that we need to do a whole lot more 
research into these storms. Because as you mentioned, it does 
not have a uniform impact across the entire grid, but you need 
to know where it is hitting, and that is why I made the analogy 
to hurricane research. You need to know where it is going to 
actually hit in order to prepare, not the whole eastern 
seaboard but those particular areas where you think its path--
so the same thing for this research for space weather to make 
sure the resources and the coordination are available for all 
of the Federal agencies--NASA, NOAA, et cetera--to provide that 
information to you.
    I also wanted to make sure that I highlight the fact that 
the critical infrastructure are these major transformers, as 
Mr. Koppel talked about as well, that for the most part are not 
made in the United States. They are made in Europe, the primary 
manufacturer for them, and a large space weather event has the 
potential of not only destroying transformers that exist in the 
United States, but actually destroying or at least shutting 
down the facilities that manufacture the transformers in Europe 
at the same time. A large storm would actually shut down the 
manufacturing, so then you could not even make these until 
first you repair the entire infrastructure to even create 
transformers before you make them and then ship them to the 
United States. So this is something that I look forward to 
continuing to work closely with the utilities. I know you are 
focused on it. I know this is an issue that you have been 
following as well. But we have got to make sure these protocols 
are in place and we are really thinking this through.
    Mr. Aaronson. And I can say fairly unequivocally that 
helping to get more advance notice and increasing domestic 
manufacturing capacity for transformers are two things that the 
industry would be happy to work with you on.
    Senator Peters. Right. Thank you.
    Chairman Johnson. Senator Peters, first of all, thank you 
for that line of questioning. I want to just follow up just 
briefly. In a previous hearing, we were told, I think, in 
testimony that about $2 billion damage annually because of 
other types of solar events. So this is just happening all of 
the time. But the massive ones like the Carrington Event is 
something--I do not know how many orders of magnitude greater.
    Mr. Aaronson, I just have to ask you, if the protocol gave 
warning, 15 to 30 minutes, so we can shut down systems, who is 
going to make that call? Who is going to make that call under a 
massive geomagnetic disturbance that nobody knows how many of 
these transformers could be affected, nobody knows, who is 
going to make that call to shut them offline, take them offline 
so those effects do not go through those wires and destroy 
those large power transformers that cannot be replaced?
    Mr. Aaronson. So, grid operators are tightly aligned. We 
have talked about the fact that there are 1,900 entities that 
make up the bulk electric system. There are regional 
transmission operators and so on.
    Chairman Johnson. Who makes the call? I mean, who makes the 
call we are going to shut them all down in 30 minutes, in 15 
minutes?
    Mr. Aaronson. It is not as simple as cut the power. That is 
not how this is going to work. But there is, again, this shared 
responsibility among the sector----
    Chairman Johnson. Yes, who makes the call?
    Mr. Aaronson [continuing]. To be operating this--I do not 
know the answer to that question.
    Chairman Johnson. I think that is what Mr. Koppel is 
talking about.
    Let us see here. Senator Tester.

              OPENING STATEMENT OF SENATOR TESTER

    Senator Tester. Thank you, Mr. Chairman. I want to thank 
you all for your testimony.
    I want to talk about a little different kind of 
infrastructure since you are here, General Dunbar, and that is 
the infrastructure of our intercontinental ballistic missiles 
(ICBM) forces. It has been--well, currently we have Hueys that 
fly our personnel out for protection purposes. We are looking 
to get some Black Hawks in a couple of years, earlier if we can 
but in a couple of years at the latest.
    There have been some that have suggested that maybe we 
ought to use the Army National Guard for defense of our ICBMs 
to make sure that they are secure. Fire season aside--if we use 
them for that, they will not be available for fire season. It 
seems like the fire seasons are becoming more and more 
significant every year in Montana. In fact, they are.
    From your perspective, what kind of training needs to go 
in--or are they already trained--for National Guard soldiers to 
be able to protect our ICBMs?
    General Dunbar. Senator, thank you for that question, so 
let me start by, again, making clear for the record that I am 
here speaking on behalf of the State of Wisconsin as a National 
Guard officer, not for the United States Air Force. That is a 
very important Federal mission, and I would not propose that I 
speak in any way for the United States Air Force on that issue.
    In terms of the National Guard, the National Guard's 
advantage to the country is it is a highly trained Army and Air 
Force to do certain missions for the Army and the Air Force, 
and from that comes a surge capacity for all kinds of missions.
    So, in California and other States, National Guard members 
have been used to fight fires, both on the ground and in flying 
helicopters. I can talk in the State of Wisconsin that we have 
our Black Hawk pilots--not all of them but some of our crews--
trained to fly Forest Fire Missions with Bambi Buckets to help 
put out those fires that you talk about.
    In terms of moving personnel from Point A to Point B, it is 
pretty much square within a Black Hawk's mission that most 
crews have that capability in their wheelhouse.
    In terms of whether it is a good idea, I know you know 
this, sir, but the National Guard is a State military force 
until we are mobilized for active duty. So, if the Air Force 
needed the Guard to do that mission, then they could ask for 
volunteers. If the Governor thought that it would interfere 
with the State's response to firefighters, the Governor could 
push back and say, ``I am not going to authorize volunteers.'' 
And then, of course, the Federal Government could trump that, 
as it always can----
    Senator Tester. Bingo.
    General Dunbar [continuing]. And say we are going to be on 
active duty.
    Senator Tester. OK. I am just curious. I mean, we can solve 
this whole problem by getting the Black Hawks in quicker, but 
that is not within your purview.
    I want to talk to Mr. Aaronson for a second about 
transmission and the threats--on the grid, I should say. And 
excuse me if it has been asked already, but is that threat 
mainly in transmission or in generation?
    Mr. Aaronson. So, I guess I would answer it this way: The 
threat is mostly in transmission. Generation, there are so many 
generation assets lending electrons to the grid. Those are 
assets we want to protect, but transmission is really where it 
is at.
    Senator Tester. And, so, is this due to our reliance--
because I know nothing about, quite frankly, how this whole 
system works, so we are starting at zero. But is this due to 
our transmission reliance on the Web, or why should we be 
concerned about this from a terrorist standpoint? Or are we 
talking about bombs blowing stuff up?
    Mr. Aaronson. So, a lot of answers to that question. First 
of all, you are not alone, Senator, in not knowing a lot about 
how the electric grid works. Most people just figure you turn 
on the light switch and the lights turn on.
    Senator Tester. As long as they turn on, it is good.
    Mr. Aaronson. And that is our goal, too. We do not want you 
to have to think about all of the things that are happening 
behind it.
    Senator Tester. Yes.
    Mr. Aaronson. There are a lot of threats to the grid, and 
we like to say from squirrels to nation-states. And, frankly, 
there have been more blackouts as a result of squirrels than 
nation-states.
    Senator Tester. Right.
    Mr. Aaronson. The various threats--the reason the 
transmission matters, think of transmission as the----
    Senator Tester. I know why it matters, truly, because my 
lights do not come on without transmission.
    Mr. Aaronson. That is right.
    Senator Tester. If we do not connect it all up. The 
question is: Why is transmission a target? Is it because of the 
Internet? Or is it because of something else?
    Mr. Aaronson. It is because it is a soft target by 
definition. There are 45,000 substations in the United States. 
There are long lead lines everywhere.
    Senator Tester. You are right. And, by the way, those 
substations have been around a long time.
    Mr. Aaronson. They sure have.
    Senator Tester. When we were in conflicts in World War II, 
there were substations. In conflicts in Vietnam, there were 
substations. Conflict in the first Gulf War, there were 
substations. Why now? What is different than Vietnam? Why 
should we be concerned now when we never heard anything about 
it in the late 1960s?
    Mr. Aaronson. The threats continue to evolve. You can look 
at geopolitical situations. You can look at the fact that we 
used to be----
    Senator Tester. OK, so the threat level is greater.
    Mr. Aaronson [continuing]. Superpower, the line that we 
were a nation with friends north and south and bordered by 
oceans.
    Senator Tester. OK. So the threats have raised, is what you 
are saying.
    Mr. Aaronson. That is correct.
    Senator Tester. The threats of people wanting to do damage 
to the homeland have raised, and they were not necessarily--
Ted, do you agree with that?
    Mr. Koppel. No, Senator, I do not. What has changed is that 
the electric power industry has become deregulated. We now have 
3,200 companies. I am as much of a novice at this as you, so I 
have reduced it to a very simple analogy.
    Senator Tester. That is what we like.
    Mr. Koppel. I want you to imagine a balloon that has 3,200 
valves, and half of those valves are letting air into the 
balloon, and the other half are letting air out of the balloon. 
As long as you maintain a perfect equilibrium between the 
amount of air coming in and the amount of air going out, your 
balloon stays inflated. Too much air in, the balloon blows up. 
Too much air out, the balloon collapses.
    The electric power industry is made up of 3,200 companies. 
You have to maintain a perfect balance between the amount of 
electricity that is generated and the amount of electricity 
that is used. Too much electricity in, you have a problem. Too 
much electricity out, you have a problem.
    Only the Internet has the capability of maintaining that 
exquisite balance. There was no Internet back in the days of 
Vietnam. There was no Internet back in the days of World War 
II. You were dealing with a totally different kind of electric 
power industry.
    Senator Tester. And I appreciate that answer because that 
is what I had surmised. And I will tell you that the technology 
has done a lot of really good stuff for efficiencies and 
predictability and dependability. I come from agriculture, and, 
interestingly enough, I had a guy get on my combine--I actually 
still drive my combine. I do not have a GPS unit on it. And I 
had a guy get on my combine last year, and he said, ``How do 
you know where to cut? Because you do not have a GPS unit that 
is telling you where to harvest.''
    The point here is this: If we want to talk about 
preemption, I think that you have to run back and try to figure 
out how you can still manually control this stuff. And if it is 
impossible--as you may be correct, Ted, the Internet is the 
only way to control it--then we have to figure out different 
ways to do this.
    I will tell you that the comments about tens of millions of 
refugees, which is probably true, I mean, we have to work on 
preemption, because I do not see how we ever deal with a 
situation like that. It amazes me, flying into this city, how 
we feed people in this country, much less how we would feed 
them under a catastrophic situation.
    Go ahead.
    Mr. Aaronson. If I might, I would like to add a little bit 
of context to what Mr. Koppel said because he raises an 
important point about the fact that it is 3,200 entities, 1,900 
that make up the bulk electric system.
    First of all, it is not controlled by the Internet. We are 
talking about operational technologies, supervisory control. 
These are not Internet facing. So, yes, it is through that 
digital overlay is exceedingly helpful in providing these 
efficiencies, but it is not uniquely capable of keeping the 
grid operational.
    Think back to just 20 years ago. We operated the grid for 
the better part of a century without digital overlay. There is 
the capacity to keep electrons flowing regardless of having 
supervisory control.
    Senator Tester. You are correct, and the only thing I am 
saying is if the threat has emerged because of the Internet, we 
need to go back to that system as a fail-safe.
    Mr. Aaronson. And we are.
    Senator Tester. OK.
    Mr. Aaronson. People have looked at what happened in 
Ukraine at the end of last year as this eye-opening experience 
for the electric sector. It was not eye-opening. It was 
something that we were aware could happen and have been 
preparing accordingly.
    Senator Tester. Thank you, Mr. Chairman.
    Chairman Johnson. And I want to point out it was highly 
sophisticated, so the use of the Internet, those operators 
thought the systems were working properly when they were not. 
And I think the greatest threat is taking that a step further 
and having the destruction of those large power transformers 
that we cannot replace, that takes something from a 6-hour 
shutdown to days and weeks and months. And that is what I 
continue to be concerned about. My primary concern is the 
destruction in some way, shape, or form from various threats of 
these large power transformers.
    Again, I think that you are minimizing what that is. I 
think that you are just trying to be a little too soothing in 
this process.
    Next, Senator Portman.

              OPENING STATEMENT OF SENATOR PORTMAN

    Senator Portman. Thank you, Chairman, and thank you and 
Senator Carper for holding the hearing. It is an incredibly 
important issue.
    I want to talk about something that is specific to a threat 
to our infrastructure, and that is the increasing evidence out 
there that we have ransomware that has infected not just 
individuals' computers but commercial systems. I recently had 
the opportunity to get a briefing from the FBI on this, and I 
noticed that they sent out something on their website just a 
couple weeks ago warning people. There is a unique, I suppose, 
warning out from the Canadian Government and our government 
right now on ransomware based on some information.
    To me, this seems to be a growing problem, and yet it is 
underreported because my understanding is a lot of companies 
are not eager to talk about their ransomware payments. For 
those who do not follow this, this is when you have an 
infection in your system, and you find your system has been 
encrypted to the point that it is blocked, and you get a notice 
saying, ``If you pay this amount of money during this time 
period''--and sometimes there is a clock that shows you 
apparently what your time period is--``we will pull the malware 
off, and you will be able to operate your system.''
    There have been some unfortunate instances of this that 
have gotten a lot of attention. One was the Hollywood 
Presbyterian Medical Center in L.A. earlier this year. For 
weeks, they had to shuttle their patients to other facilities 
because they were locked down with a malware problem.
    I guess my question probably is best to you, Mr. Farmer, 
because you are here as Chair of the Partnership for Critical 
Infrastructure Security. I am sure you have seen this report. 
The Institute for Critical Infrastructure Technology (ICIT),\1\ 
issued this report, and its headline is kind of jarring. It 
says, ``2016 will be the year ransomware holds America 
hostage.'' Maybe the title of your next book, Ted.
---------------------------------------------------------------------------
    \1\ The report submitted by Senator Portman appears in the Appendix 
on page 75.
---------------------------------------------------------------------------
    So, Mr. Farmer, could you tell us--and I know this data is 
difficult to come by because, again, it is not always reported. 
But based on what the FBI has said and based on this report and 
based on some of these specific instances that have come to the 
media's attention, what is the nature of the problem? Is it, in 
fact, increasing dramatically, as some say? And what are some 
of the ways in which we as legislators could be more effective 
in dealing with it?
    Mr. Farmer. Thank you, sir, for that question. I do think 
the problem is expanding, and the FBI's attention to it and 
DHS's attention to it is reflective of that. The media coverage 
highlights those cases where ransomware has not only had an 
effect but actually worked. And I think like anything else, so 
long as the tactic is working, the interest in pursuing it is 
going to expand.
    There are two avenues to focus on in terms of whether 
incidents get reported. Often an affected organization will 
report a matter to the FBI as a law enforcement concern. The 
FBI will handle that matter through its investigative 
procedures with the affected entity. Whether it gets shared 
more broadly is a determination that entity might make with its 
sector partners, with DHS. But I think there is a lot of 
reporting which is informing the FBI's efforts and providing 
these awareness bulletins in terms of entities affected by this 
trying to deal with the problem and seeking law enforcement 
assistance. So, I think on that side, you have a lot of good 
reporting, and because of the manner in which the FBI handles 
its investigations, that is generally with the affected entity.
    Now, because of the FBI's experience--and I give the FBI a 
lot of credit here--they have done a great deal of work in 
taking what they are learning from these law enforcement 
investigations, stripping out the indicators of the affected 
organizations, and then publishing for wider dissemination 
guidelines and advisories, in particular, papers that focus on 
indicators.
    One of the things we focus on in the Cross-Sector Council 
is we are not necessarily interested in who the perpetrators 
are. That is investigative information that is not necessarily 
important to us. What is important is the tactics. How is it 
that these events are taking place? And, in particular, how 
does the intrusion occur onto the affected networks?
    The focus of our cybersecurity priorities collectively is 
on that aspect. What can we learn from all that work the FBI 
does in its investigative efforts? As I mentioned earlier, from 
all that assistance DHS provides in terms of onsite work with 
affected organizations and sharing indicators, let us take that 
next analytical step and understand better how these events 
happen.
    So, what makes it to the media is the effect: the computers 
are no longer accessible, the hospital cannot get to the 
records. So, the effect makes it. But what is far more 
important from a cybersecurity perspective is how did that 
happen. And, I think as Mr. Koppel can point out just from the 
work that he did in connection with this book, too often the 
means of intrusion are perilously simple, and there is a lot of 
work that we can do based on that next level of analysis, 
understanding what those tactics are that are used most often, 
understanding what vulnerabilities are most often exploited. 
That can be passed in advance, understanding what protective 
measures when that support is extended were found lacking.
    I will give a comparative example. In Australia, their 
equivalent of the United States' Computer Emergency Readiness 
Team did an analysis of times when the Australian Government--I 
think it is the Signals Directorate in Australia--had to 
provide assistance to private entities in Australia affected by 
cyber attacks, and that analysis found that in 85 percent of 
those cases, if four categories of protective measures had been 
taken, those attacks never would have materialized as they did.
    And, so, we look at that from the U.S. perspective. We 
credit DHS and FBI for that expansive work, and we say let us 
take that next step of analysis and build a very good cyber 
threat profile that we can pair with the Cybersecurity 
Framework issued by the National Institute of Standards and 
Technology (NIST), and sectors can then look at that and say 
for organizations of varying sizes, this is what the threat 
looks like; these are what the vulnerabilities are that are 
most often exploited; these are the protective measures you 
really need to pay attention to; and marry those with 
objectives of the framework.
    Senator Portman. Mr. Farmer, I would say, with all due 
respect to that analysis that has been done and the information 
that is out there, I am looking at a bulletin right now that is 
on the FBI website. It is tips for dealing with ransomware 
threat, and yet it is dramatically increasing, as I understand 
it and as this report says, and I think you confirm that.
    Mr. Farmer. Right.
    Senator Portman. So, despite our ability to understand how 
these ransomware attacks are happening and this information 
that is out there, it is expanding. And I think one reason it 
is, from what I understand, is that sometimes the ransomware 
folks are asking for a relatively small amount of money, small 
enough that, frankly, they are not being investigated, so let 
us say $10,000. I am told that is kind of the sweet spot. My 
view would be we need to up the enforcement of that and 
investigate all of them because it is sort of the broken 
windows analogy on the policing side.
    Mr. Farmer. Yes.
    Senator Portman. You cannot let some of this ransomware 
happen. And then, second, how do you encourage people to 
report? As you are saying, some do report it as a law 
enforcement matter. Some do not, particularly if it is at this 
relatively low level.
    And then the final thing is--and this is where I think Ted 
Koppel has done a great service--talking about what 
restrictions are there that we could help with both at the 
regulatory level and at the legislative level to allow people 
to protect themselves better. The great example that I have in 
some research that my team did was hospitals that are told 
under the Health Insurance Portability and Accountability Act 
(HIPAA) rules, they have trouble defending themselves following 
these very tips that are being laid out. And, I think you wrote 
something about actually an Ohio incident where there was a 
brownout in Ohio, and some regulatory issues affected the way 
people were able to defend themselves.
    Is that accurate or am I missing----
    Mr. Farmer. I think you are accurate, sir, in terms of the 
nature of the threat. You are accurate as well in terms of the 
expansion. I do believe a similar widespread publication of 
investigative actions and successful prosecutions that result 
in serious penalties for this behavior would be helpful as a 
deterrent factor.
    I will say this, though: I do not agree, though, that----
    Senator Portman. So going after people more aggressively 
who are participating in this and increasing the fines or the 
criminal penalties.
    Mr. Farmer. Increasing the criminal penalties, but also 
taking that Step 2 of ensuring that those sorts of penalties 
are well known. Again, often the focus of attention is on what 
happened in the particular event and what the impacts were. We 
do not pay enough attention afterward to how that was resolved 
in terms of someone was prosecuted, someone went to jail 
because of the actions they took.
    And there is one area, sir, where I do want to make a 
point. I do not think we have done so well yet at highlighting 
for organizations across the board, particularly those smaller 
in size that do not have a lot of resources. Hospitals become a 
good target because they have limited means to protect 
themselves. I think we really need to focus on understanding 
better through analysis what the intrusion mechanisms are that 
enable the ransomware attack to happen and help organizations 
understand what they can be doing better in terms of 
narrowing--the term that gets used--the ``attack surface,'' 
narrowing that opportunity.
    So, I think it is a two-pronged approach. We do a really 
good job of highlighting ransomware as a problem. We do not do 
nearly as well a job of saying this is how ransomware 
intrusions based on analysis are happening, and here are some 
things you can do to narrow the risk profile of your 
organization.
    Senator Portman. Let us follow up on that. My time has 
expired. Again, thank you all for being here. And I think you 
are right. It was hospitals maybe among institutions that were 
most vulnerable initially and smaller hospitals that did not 
have a more sophisticated system. My understanding is it is now 
moving to larger hospitals and other entities that have even a 
bigger impact on our critical infrastructure.
    Thank you, Mr. Chairman, and maybe we will follow up, Mr. 
Farmer, if that is OK, with some follow up questions.
    Mr. Farmer. Yes, sir.
    Senator Portman. Thank you.
    Chairman Johnson. Senator Ayotte.

              OPENING STATEMENT OF SENATOR AYOTTE

    Senator Ayotte. Thank you, Chairman.
    I would like to ask you, Mr. Koppel, based on the book that 
you wrote, ``Lights Out,'' what are the top three takeaways you 
want us to have today in terms of the action that we could take 
as a priority?
    Mr. Koppel. Thank you, Senator.
    Thank you for the question, Senator. I think you are 
exactly right. We are focusing a little bit on the wrong 
issues, and I think the key issue we need to focus on is even 
some of the most potentially successful measures that the 
industry is taking to defend itself, I think Mr. Aaronson will 
concede, are still some time off in terms of their real 
effectiveness. The CRISP program that he referred to before, 
when Mr. Aaronson and I spoke about a year ago, I believe he 
told me that the goal was that by the end of 2015, something 
like 0.4 percent of the industry would be covered, and I would 
like to give him an immediate opportunity to respond. Maybe you 
are way ahead of that by now.
    Mr. Aaronson. It is 0.4 percent of the number of electric 
utilities covering approximately 75 percent of all customers.
    Mr. Koppel. OK. But it is still a minuscule percentage.
    Mr. Aaronson. It is the right ones.
    Mr. Koppel. OK, except that the right ones and the wrong 
ones are all connected.
    Mr. Aaronson. So to that point--and it is an important 
one--socializing the information, CRISP is wonderful for the 
companies that deploy it because they get near-real-time 
feedback about the impacts on their system. Shortly after, that 
information goes to classified databases, is compared to those 
databases, and then is actually socialized through our Electric 
Information Sharing and Analysis Center (EISAC), to all of 
those 3,200 entities that you reference. So the few who are 
deploying this technology are helping the whole.
    Mr. Koppel. Except that the deployment of that information 
in the age of the Internet, where we are talking about 
fractions of a second----
    Senator Ayotte. With very quick development of new 
technology.
    Mr. Koppel. With very quick development, exactly--is 
somewhat less than useful.
    My point is I think we may be focusing on the wrong area at 
this moment. I think we have to conclude, whether it is from 
EMP, whether it is from some space weather incident, or whether 
it is from a cyber attack, that the United States needs to 
begin preparing for the consequences of a successful cyber 
attack on the grid in particular, because the grid indeed just 
does have such an impact on so many other parts of the 
infrastructure.
    We do not have enough food. We are focused primarily on 
MREs, which, because they only have a life span, a shelf span 
of 5 years, the government has not bought in sufficient 
quantity because it does not want to be sitting there with 
millions of MREs which are going to be no good after 5 years.
    Even if we turn to freeze-dried food, which I think is 
going to be the long-range answer, and if we were to begin 
today to try to accumulate the necessary amounts of freeze-
dried food, it would be 2 to 3 years, if we started right now, 
before we had an adequate supply.
    We do not yet have adequate plans for evacuating, if that 
indeed is what has to happen--let us say a major city like New 
York is hit, and a large part of the East Coast is without 
electric power. And some people--and we are talking about tens 
or hundreds of thousands of people--decide to evacuate, where 
are they going to go? And I think it is a question that perhaps 
General Dunbar can address, the degree to which each State is 
prepared to accept large numbers of internal refugees. I think 
we need to begin making plans. I think we need to begin 
communicating State to State, Federal Government to State 
government, and vice versa.
    I know of at least one State on the East Coast whose 
preparations are that they would activate the National Guard, 
they would have their sheriff's department, they would have the 
State police standing there with maps, a bottle of water, and a 
sandwich. And as refugees from nearby cities came through, they 
would give them the water, the food, and the map and show them 
where the nearest way out of town is.
    Senator Ayotte. Wow.
    Mr. Koppel. We assume, because we are all Americans, that 
every State is going to welcome vast numbers of internal 
refugees. I would suggest to this distinguished panel that that 
is not necessarily the case.
    Senator Ayotte. Thank you, Mr. Koppel.
    Mr. Aaronson, I wanted to follow up. When I heard 0.4 
percent of those that cover 75 percent of the infrastructure, I 
guess I have to agree with Mr. Koppel in terms of describing 
that as a very small, if not minuscule amount. But here is a 
question I have for you: What is your association's position on 
the installation of devices that would protect transformers 
that may be susceptible to damage from solar storms or EMP 
attacks?
    Mr. Aaronson. So there is a lot of misinformation out there 
that there is a particular technology that would protect 
everything from everything. Early on, we were discussing EMP, 
and there are very different natures of an electromagnetic 
pulse. You have a high-altitude nuclear weapon as one source--
--
    Senator Ayotte. Well, let me ask you this: Are you opposing 
installing----
    Mr. Aaronson. No, certainly not.
    Senator Ayotte [continuing]. Devices to protect 
transformers?
    Mr. Aaronson. Certainly not. And, in fact, we are doing it, 
though, in a responsible way. Our real concern here is 
unintended consequences. The point----
    Senator Ayotte. What kind of unintended consequences?
    Mr. Aaronson. Potential impact to the grid. When you put 
new widgets, whatever they may be--blockers, capacitors, 
resistors--on the grid, energy has to go someplace. And to Mr. 
Koppel's point, I will agree completely that it is a balanced 
system, and new stuff can throw that balance----
    Senator Ayotte. But here is our problem: So we are worried 
about new stuff, but we are facing a potential blackout 
situation that could cause mass chaos in our country. So as we 
look at the risks we are facing versus deploying new 
technology--and, 
obviously, there are always new undertakings with new 
technology--wouldn't you agree with me that this is a very 
important issue for industry to step up and address?
    Mr. Aaronson. A hundred percent. And, in fact, we are. 
There is a lot of money right now behind the Electric Power 
Research Institute, which is looking at just this. What would 
the threat be from the various kinds of EMP, whether it is a 
direct energy weapon, a nuclear weapon, or a geomagnetic 
disturbance? And what are the appropriate mitigation strategies 
so that we do not have those unintended consequences?
    We agree, this is one of the risks, and we need to mitigate 
against it. But we do not want the solution to be worse than 
the threat, especially----
    Senator Ayotte. I am not sure what could be worse than a 
blackout where we are handing people a sandwich and a bottle of 
water and giving them a map.
    Mr. Aaronson. Well, let us be clear with especially--let me 
break down each of the threats. If you are looking at 
geomagnetic disturbance, this is something that already happens 
all of the time and that, in fact, we do have standards in 
place to deal with.
    Chairman Johnson. Excuse me. Not at a massive level. Let us 
be clear. Not at a massive level like the Carrington Event.
    Mr. Aaronson. The geomagnetic disturbance standard is 
ambivalent to whether it is a Carrington Event or just your 
typical solar max that we get every 11 years. It is operational 
procedures to protect the grid in the event of a coronal mass 
ejection.
    If you then look at direct energy weapons, these are things 
that are mostly localized in impact, not all that different 
from throwing a Molotov cocktail or a bomb into a substation. 
It is bad, but with 45,000 substations, we have a significant 
amount of redundancy.
    The last one, looking at a high-altitude nuclear weapon, 
this is absolutely something that could happen, but I would 
posit it is a high-impact but exceedingly low-probability 
event. This is not happening tomorrow. So let us do the right 
thing to ensure that as we work to mitigate against this and 
many other threats that we are doing so in a risk-based and 
responsible way.
    Senator Ayotte. With all respect, I think that government 
has a really important role when it comes to thinking about a 
nuclear attack. But let us just be clear. I serve on the Armed 
Services Committee, and we have Iran testing ballistic missiles 
right now. We have North Korea testing ballistic missiles. So 
we have a role in this. I get it, in terms of this. But what 
concerns me is that that is not the only source for potential 
EMP attack in terms of what could have an impact on this grid. 
And, so, what I would like to see is making sure that industry 
steps up.
    My time is up, but I have a follow up question, so perhaps 
I will wait.
    Chairman Johnson. Because I want a quick follow up. How do 
you explain that 8 years after the 2008 EMP Commission, the GAO 
reports to this Committee that we have done none of these--
performed any of these recommendations? Is GAO just wrong or--
--
    Mr. Aaronson. No, Chairman, I appreciate you actually 
running through the litany of the 2008 report, and I sort of 
took notes as you were doing it. My understanding is the GAO 
report was looking at some of the things that government may or 
may not have been doing over the course of the last 8 years.
    I can say--and this goes to Senator Ayotte as well--with 
respect to understanding the threat and what it might do to the 
grid, understanding the mitigation and the appropriate way to 
protect should an event like that happen, the industry is well 
underway in not just investigating but in some cases investing 
in mitigation. As companies build new control centers, as 
companies are building new substations and new control housing, 
they are doing things to shield against EMP.
    I note that we talked about restoration and replacement of 
equipment. The Spare Transformer Equipment Program started in 
2006, but has evolved dramatically with an eye toward any 
number of existential threats, whether it is combined cyber 
physical attacks, really big storms, solar flares, or even EMP. 
Going down the line, looking at critical interdependencies, 
there is a lot of work happening in this space that mirrors the 
recommendations of the EMP Commission's report.
    Chairman Johnson. OK. And, again, I will reiterate my 
request to get that information on those replacement 
transformers. Senator Heitkamp.
    Senator Heitkamp. Kelly can finish.
    Senator Ayotte. Thank you. I just have a follow up 
question. As I understand it, DOD has developed some 
technologies that the utilities could actually use hardware 
devices to protect electricity generators and pipeline 
compressor motors from certain cyber attacks. And I wanted to 
ask you, has the industry installed those hardware devices 
using some of the developments from the Department of Defense? 
And if not, why not?
    Mr. Aaronson. So, I am not familiar with the specific 
devices that you are referring to, but I will say this: An 
enormous part of what the Sector Coordinating Council that I am 
privileged to serve as part of the secretariat for is looking 
at technology transfer from the government to the industry.
    I will also say, as you pointed out in your question before 
that this is something that government can help with as well. 
The Department of Defense in particular has had to contemplate 
how they would prosecute a nuclear war and had some really 
interesting information about what the impact of a nuclear 
weapon might look like to the grid. The more we can do to get 
that information into the hands of the folks who are doing this 
successful to apply it to the grid would be invaluable.
    Senator Ayotte. So, I am going to submit for the record a 
follow up question because, as I understand, you have the 
information and you have the ability to do this, and so I will 
ask a very specific question and follow up for the record on 
this to get a more specific answer from you.
    I would like to thank all of our witnesses for being here 
and the Chairman. Thank you, Senator Heitkamp. I really 
appreciate it.
    Chairman Johnson. Thank you, Senator Ayotte. Senator 
Heitkamp.

             OPENING STATEMENT OF SENATOR HEITKAMP

    Senator Heitkamp. Thank you, Mr. Chairman.
    Mr. Aaronson, a miracle happens every day. We walk over to 
the light switch, and we turn it on, and lights come on. That 
is a pretty remarkable thing, and it has been a huge reason why 
this country has developed the way it has. So we all see huge 
consequences when we do not have access to power.
    Also, we are talking a lot about high-tech threats and 
challenges. I would tell you that as a veteran of the utility 
industry, you should also worry about low-tech. my guys would 
tell you that a .22 in the right place could do almost as much 
damage as anything we are talking about today. And, so, with 
some knowledge, we know that a lot of our substations are not 
protected, they are not securitized. I would add that to the 
list of things that we ought to be thinking about as we look at 
protecting the grid.
    Mr. Aaronson. If I can react to that--and, again, in my 
opening statement I remarked that we do have standards in 
place. Standards in and of themselves are not security. If you 
mandate a 10-foot fence around everything, the adversary brings 
a 12-foot ladder. So you want to make them bring that ladder, 
but you do not want to pretend that just because you have that, 
you are secure.
    Another component to security is this idea of resilience 
and redundancy. As you know--and I have mentioned a few times 
and so has Mr. Koppel--45,000 substations. These are by 
definition soft targets. They are in communities, they are in 
cities, they are in valleys, they are on mountains, they are in 
rural areas. So to try to protect everything from everything is 
a fool's errand.
    What we need to do is continue to build that capacity to be 
responsive and redundant when things happen, and I will give 
you one quick example. You may be familiar with an attack that 
happened in Silicon Valley a couple of years back. One or more 
people, we still do not know, shot up a substation, rendering 
inoperable 17 of the 21 transformers there. It was a bad 
attack. But I will note that the lights did not even blink in 
San Francisco or Palo Alto. So it shows the enormous resilience 
of this grid.
    Senator Heitkamp. But a coordinated attack by somebody with 
a great deal of knowledge about how you create redundancy on 
the grid could create real problems----
    Mr. Aaronson. We agree.
    Senator Heitkamp [continuing]. In a classic or traditional 
attack.
    Mr. Aaronson. We agree completely, and your point about 
low-tech, Occam's razor, the simplest is the most likely. It is 
a lot easier for the hunter who had a bad day to go take 
potshots than it is for a well-coordinated, combined cyber 
physical attack. There is sort of an adversarial curve. I want 
to quote John Brennan, the Director of the CIA: ``Those who can 
do this damage do not want to, and those who want to cannot.''
    Now, I will say that axiom is not static. There are 
certainly adversaries who are going to get more sophisticated.
    Senator Heitkamp. And we cannot afford the exception that 
proves the rule. That is the point.
    Mr. Aaronson. And we have to stay more sophisticated. That 
is exactly right.
    Senator Heitkamp. I am concerned about what happens, Major 
Dunbar, in the event of a catastrophic power outage as it 
relates to first responders and the resiliency and redundancy 
for first responders to operate in a world where we do not have 
access to electricity. And I am wondering what planning you 
have done in the State of Wisconsin or other organizations--in 
North Dakota, we have an emergency management plan that is 
reviewed periodically with the National Guard. It has proven to 
be an invaluable resource when we look at the major floods 
where we did experience power outages or huge snowstorms with 
ice that takes down power lines.
    What kind of system should we be looking at for first 
responders so that we can, in fact, keep the peace in the event 
of a catastrophic outage?
    General Dunbar. Thank you, Senator. In Wisconsin, like all 
States, we also have an emergency management plan that we 
update periodically. We have had experience with power outage, 
but not on the scale that we are talking about long-term and 
widespread. It is one thing if a small part of the community 
has power outage and the fire department and the police 
department have systems that they have right now to allow them 
to go into these areas and have generators and things like that 
and operate. The scale we are talking about, we do not have 
plans.
    Senator Heitkamp. Right.
    General Dunbar. We are trying to get our head around what 
that would look like, the very point that my colleagues on the 
panel are making in terms of how--it is one thing to have power 
outage for a couple of hours. I joke with my wife, if the power 
goes out for a couple of hours, it is almost romantic. You 
light a candle. It is not going to be romantic after a month. 
It is going to be a bad day, a bad week, a bad month in 
America. And then add to that if people start to leave their 
homes. A big concern of mine as Homeland Security Adviser in 
the State, if this happens in Milwaukee, our largest city in 
Wisconsin, or, God forbid, Chicago to our south and people 
start to leave their homes----
    Senator Heitkamp. I just think it is something that we need 
to have that communications network, we need to have the 
ability to continue to manage an emergency response network in 
the event of a catastrophic power outage, and, so prevention, 
hugely important, but also analyzing what we do with 
consequences.
    Mr. Koppel, you mentioned food security. The World Food 
Program tests food all of the time. They have packets that they 
deliver or drop from the sky. They are just now transitioning 
to a high-protein, high-calorie product. Have you looked at all 
at what the World Food Program does to basically look at 
logistics in very difficult places and what they do with food 
security?
    Mr. Koppel. No, ma'am, I have not. But I would point out to 
the Senator, we are not talking about delivery. I think if 
there is one thing that the United States absolutely surpasses 
any other country in the world at, it is delivery. I am talking 
about availability. In a State like New York, for example, you 
have 17 million people in the State. They have, let us say, 20 
or 30 million MREs stored in New York State. Do the math. You 
are talking about 2 days' worth of food.
    Senator Heitkamp. You might be a little concerned about 
delivery if the power goes out and you cannot pump the gas.
    Mr. Koppel. That is absolutely----
    Senator Heitkamp. I think you have to imagine, as Hollywood 
does all of the time, what an event like this looks like and 
what is the key components.
    Mr. Koppel. You are absolutely right, Senator, and the 
other point I would make, which I was discussing with General 
Dunbar before this session, is that we have a diminished number 
of military in uniform. And the fact of the matter is if and 
when an event like this occurs, ultimately every State and the 
Federal Government is going to be dependent upon the Northern 
Command (NORTHCOM). We do not have enough troops to do what 
would be necessary in this kind of an event.
    And if I may, your colleague Senator Ayotte asked if there 
is anything we are leaving out. I do not want this to be left 
out. The question of attribution, any other kind of attack that 
is launched against the United States, it is easy for our 
intelligence branches to discover instantaneously who did it, 
where the attack is coming from. In the event of a cyber 
attack, attribution becomes one of the biggest problems. You 
cannot respond if you do not know who did it. And it might take 
months before we actually determine, with any sense of 
certainty that would permit the President to respond, who did 
it. That is a huge issue and one that needs to be examined more 
closely.
    Senator Heitkamp. Well, I think this is a great opportunity 
for us to have this conversation, to think about preparation, 
because 90 percent of making this work is actually being 
prepared and being able to imagine the what-ifs. And the what-
ifs are not related always just to high-falutin' security 
attacks. There are some amazing things that can happen just 
conventionally with some very determined and bad people.
    And so, General, thank you so much for your service. We 
need to continue to recruit into our National Guard. That is a 
challenge, I think, for all of the National Guard today. And 
talking about these issues publicly in terms of what importance 
it is for people to serve in uniform, especially in the 
National Guard.
    Mr. Koppel, your book is a perfect example and a great 
recruiting tool to tell people what, in fact, the value of that 
service is. So thank you so much.
    Thank you, Mr. Chairman.
    Chairman Johnson. Thank you, Senator Heitkamp.
    I just want to underscore what you said, Mr. Koppel, about 
availability. I come from a manufacturing background. I am not 
exactly sure when the concept was developed, but it has been 
decades: ``Just in time.'' That is how we run our economy, just 
in time, so we do not have the availability. Senator Carper.
    Senator Carper. Thank you. Thank you, Mr. Chairman.
    Mr. Koppel, you mentioned the number of people we have in 
uniform. I wore a uniform for about 5 years active, another 18 
reserve, and so I am mindful of what you are saying. I also was 
commander in chief for 8 years with the Delaware National Guard 
as Governor of Delaware.
    My last State of the State address that I gave came off 
pretty well and finished up, and we were having a reception 
later in Legislative Hall, and a woman came up to me, and she 
said, ``Were you the Governor when we had the blizzard of the 
century?'' And I said, ``Yes, ma'am.''
    She said, ``Were you the Governor when we had the ice storm 
of the century?'' I said, ``Yes, ma'am.''
    ``Were you the Governor when we had the drought of the 
century?'' I said, ``Yes, ma'am.''
    And she said, ``Were you the Governor when we had the flood 
of the century?'' I said, ``Yes, ma'am.''
    She said, ``You know what I think?'' I said, ``No, ma'am.'' 
She said, ``I think you are bad luck.'' [Laughter.]
    Well, fortunately, the good luck was we had a great 
National Guard, and Frank Vavala, whom I know the general here 
knows well, is our adjutant general, and whenever there is a 
blizzard or an ice storm or a flood--they do not do so much on 
droughts, but we have Nor'easters, we have hurricanes on the 
East Coast, and the National Guard is always there. Air Guard, 
Army Guard, and we are grateful for all that they do.
    Senator Heitkamp just said in her comments, I think she 
mentioned that when you go to pump gas in some kind of 
emergency, if you do not have electricity, you cannot pump gas, 
and what that sort of leads to. And what it leads me to is to 
say, a lot of businesses and a number of homes have diesel-
powered generators that are there to provide electricity, maybe 
for a home or for a compound or for a business. They work. They 
also pollute a lot, and at a time when we are trying to reduce 
carbon emissions, they actually do not help out on that front.
    I mentioned in my opening statement that there are some, I 
guess, 21st Century tools or methods to meet those needs that 
are now met by diesel generators across the country. And one of 
them was actually created at the old Moffett Field Naval Air 
Station where Navy P-3 squadrons were on the West Coast, and 
with a joint facility with NASA. And I am going to ask you for 
ideas on other similar technologies that you may be aware of 
that can help us when the electricity goes out and businesses 
need to be run and gas needs to be pumped. It could be a data 
center or a telecommunications company, it could be banking, it 
could be retail, it could be logistics--any number of things 
that depend on electricity. And when the power goes out, they 
are not able in many cases to deliver, to do their job, and the 
rest of us are in a bind.
    The technology that came out of the efforts at the old NASA 
base near Mountain View, California, a company called Bloom 
Energy, and they used fuel cells and hydrogen in order to 
create electricity for some fairly small boxes--they call them 
``Bloom boxes.'' They are actually rather large ones that can 
meet greater needs. And they are installed across the country. 
Actually, the Department of the Navy uses them to some extent. 
I think other units of our military are interested in exploring 
those capabilities.
    I think a couple of States--we manufacture some of those 
Bloom boxes in Delaware. I think both New Hampshire and Ohio 
not only use fuel cells like these, but they also contribute 
heavily to manufacturing fuel cells.
    My question for our witnesses is: How can we change our 
policies and practices to further rely on innovative solutions 
like fuel cells to increase the security and resilience of our 
critical infrastructure? This is one thing that is being done. 
Go ahead, please, Mr. Koppel.
    Mr. Koppel. If I may, Senator, two points.
    One, I have a generator at home that runs on natural gas. 
The problem is the natural gas has to get pumped to my home, 
and the pump operates on the basis of electricity. So if we 
have a massive grid failure, I guess that natural gas is not 
going to make it to my house either.
    The other point is I interviewed a retired lieutenant 
general from the Air Force who indeed is engaged in exactly the 
kind of work you are talking about. He and his partners have 
noted that the nuclear generators that fuel a number of our 
Navy ships have now had 50 years of successful operation 
without a single accident. The theory is if we could create a 
number of these nuclear power generators and put them on 
military bases around the country, they could not only serve 
those military bases, but they would be additional power to run 
critical infrastructure in neighboring communities.
    I asked the general, if the President gave him the go-ahead 
tomorrow to develop that capability, how long would it take? 
His answer: Ten years.
    Senator Carper. Both my boys are Boy Scouts. I used to take 
our Scout troop, Troop 67 from Wilmington, Delaware, to the 
Norfolk Naval Station, every year for maybe 3 or 4 years, and 
spend the weekend, sleep in the barracks, eat in the galley, 
climb all over ships, submarines, and aircraft carriers. One 
Sunday we went to the Teddy Roosevelt, we got a tour of the 
Teddy Roosevelt. And we had about 25, 30 Scouts, maybe half a 
dozen adult supervisors. Anyway, we get to the bridge of the 
ship, and we were met by the commanding officer of the ship, a 
captain, a Navy captain. And he said to our group, he said, 
``Boys, when the Teddy Roosevelt goes to sea, it is 1,000 feet 
long.'' And the boys went, ``Ooh.'' And he said, ``Boys, when 
the Teddy Roosevelt goes to sea, it has 5,000 sailors on 
board.'' And the boys went, ``Ooh.'' And he said, ``Boys, when 
the Teddy Roosevelt goes to sea, it has 75 aircraft on board.'' 
And the boys went, ``Ooh. And then he said, ``Boys, when the 
Teddy Roosevelt goes to sea, it refuels once every 25 years.'' 
And the adults went, ``Ooh.''
    The hearing we just had, the markup we just had that I was 
late for--I am the senior Democrat on the Subcommittee called 
``Nuclear Safety.'' We actually focused on just this thing, new 
generation, nuclear power, small modular. And, actually, with 
the technology, you can use spent fuel rods from other nuclear 
power plants and derive electricity from them. So there is some 
really exciting stuff going on. Maybe a lot smaller, easier to 
build, maintain, and so forth. And redundant with more 
resiliency, so thank you for that idea.
    Any other ideas, please?
    Mr. Aaronson. Yes, Senator Carper, I appreciate some of the 
things that Mr. Koppel said. I want to underscore one. He 
talked about how his generator relies on natural gas but the 
natural gas relies on electricity. I would go even further 
back. The electricity relies on natural gas. So there are 
profound interdependencies throughout, and I think that is 
something that this sector, which has always been held up as 
the most critical, really gets just as a matter of course and 
is working across those critically interdependent sectors.
    With respect to technology as a solution to this, I would 
say, yes, technology, things like the Bloom boxes and other 
distributive resources, come with some added resilience and 
redundancy. It is a double-edged sword. They also come with, 
the phrase that has been used, ``an added attack service.''
    I am from New Jersey originally, and if you look at what 
happened during Superstorm Sandy, several hundred circuits were 
destroyed and had to be fixed, and it took between 10 days and 
2 weeks to get the power back on. Had there been distributive 
resources, maybe 30 million from all over the Greater New York 
Metropolitan Area, we would probably still be restoring. So I 
do not want to pretend that those devices in and of themselves 
equal security or redundancy. They are a component. They are a 
tool in the toolbox.
    The last thing I would say is with respect to military 
installations and that sort of a partnership, yes, in fact, 
siting generation on military installations for their use and 
then for the community's use in the event of an incident is 
something that is happening and certainly could be happening 
more. So I think there are a lot of interesting ways--I want to 
be very careful to say we are open to anything. I think 
anything that enhances the resilience and redundancy of the 
service we provide is something we all ought to be exploring, 
and it is the value of the Sector Coordinating Council and the 
CEO and senior government leadership which are setting that 
strategic course. As opposed to finding these little tactical 
things that we can be doing, let us learn from some of those 
experiences like Ukraine, like Metcalf, like Hurricanes Sandy 
and Katrina, like the wildfires in California, and like our 
experience putting things on military installations, and let us 
build on those and figure 
out--let us have an automated response to some of these 
incidents, and let us have a capacity to go back to the 1960s 
and be able to support civilization without automation.
    Senator Carper. All right. Thank you. My time has expired, 
but, Mr. Koppel, go ahead.
    Mr. Koppel. If I could just add one footnote to what Mr. 
Aaronson just said, prior to the deregulation of the power 
industry, military bases in this country generated their own 
power. And the Pentagon came under great pressure from this 
particular geographic location on Capitol Hill to save money by 
using private industry to generate the power on the bases. So 
to a certain extent, we are talking about going back to the 
future.
    Senator Carper. All right. Good.
    A quick side note, Mr. Chairman. Hurricane Sandy was about 
3 or 4 years ago, but actually there were Bloom boxes that were 
deployed previously before Hurricane Sandy hit, and they were 
actually used, I think, to good effect. So that is, I think 
some encouraging news. Thank you so much for being here. It is 
a great hearing. Thank you so much. Good to see you all.
    Chairman Johnson. Thank you, Senator Carper.
    What I am going to do is kind of go down the line there and 
give everybody a chance to make a final comment. But I do want 
to quickly explore what I am assuming is the major, the primary 
weak link, and I think it really is transmission. First of all, 
is that correct? Yes, you can shut down a power station, but 
there will be other power stations that might survive. But let 
us say you do these things on military bases, and you can maybe 
distribute within the military base, but then going further and 
further out. Transmission is really sort of the weak link here, 
isn't it?
    Mr. Aaronson. I mean, I will quibble with the word. I would 
not call it a ``weak link.'' It is actually exceedingly secure 
because it is so redundant, but it is, I think, the primary 
focus of our attention for security.
    Chairman Johnson. But, again, depending on maybe a very low 
probability of an EMP or a massive GMD, the weak link in that 
transmission system are these large power transformers, 
correct?
    Mr. Aaronson. They are the lifeblood of the transmission 
system.
    Chairman Johnson. OK. What determines the 200 to 700 
critical transformers? Is that size? Is it location? Why are 
they critical, versus the tens of thousands of other ones that 
Mr. Koppel was talking about?
    Mr. Aaronson. So, yes, it is size. It is what they serve. 
There is any number of criteria that each individual company 
would know as to why a particular transformer is critical, and 
I will just tell a quick anecdote. There is a company that had 
identified several of their transformers to be critical and 
disclosed them as so. And then that list changed, and somebody 
asked why. And the answer was they built another substation.
    So there are certain substations that are taking 
electricity in very critical areas and transmitting it, and so 
as a result, those are your priority transformers. And let us 
put it this way: If you have 45,000 priorities, you have none. 
So we really do have to hone in on those that are the most 
critical to the system.
    Chairman Johnson. So would you agree with me that--my 
concern has always been these large power transformers--those 
are the things we must protect, we must have redundancy for? 
There are other concerns, but that is coming from a 
manufacturing background, what is the root cause? Is that sort 
of the most critical thing that we should be turning our 
attention to, the protection of those?
    Mr. Aaronson. There are a lot of critical things that we 
need to be doing, but I think I do agree with your statement, 
and the industry agrees with your statement, which is why we 
have developed so much excess capacity, and, again, working 
with folks like Mr. Farmer and the railroads, the ability to 
move these things around. I have heard too often this notion of 
if there was something really bad that happens, we would 
``reengineer the system.'' That is a hard thing for a non-
engineer to fully appreciate.
    What we have been doing recently is to explore what does 
``reengineer the system'' mean and plan for that so we can do 
it more effectively and efficiently if and when something does 
happen.
    Chairman Johnson. OK. Let me start with you, General 
Dunbar. Closing comments?
    General Dunbar. Well, Senator, thank you for the 
opportunity to be with you. I would foot-stomp I think four 
things at the end here.
    One, just to reiterate the importance in my mind of trying 
to do what is possible from my level to State level. A lot of 
things we are talking about are beyond my level. If something 
happens long term, it is my intent to try and keep citizens in 
their homes, and that means making sure we have water and 
sewage systems so that they are not desiring to leave the city. 
A big problem if that happens.
    If there is a long-term power outage, the industry talks 
about things like islanding and micro-gridding. I think there 
is great value in trying to think through how we do that as a 
country if we had to do that after an event.
    The third thing I would mention--and, again, I am not an 
expert, but it is my understanding that our black start 
capability used to be largely based on coal. We are moving as a 
country away from coal for the reasons that we are doing it--I 
am not making a political statement, but from a public safety 
point of view, if we have issue with generating and 
transmitting natural gas and coal will allow a better black 
start, we ought to reserve some of that black start capability 
from a public safety point of view.
    And the last thing I will mention is the information-
sharing piece. The Federal Government is doing a lot of great 
work with utilities and with industry. Often the States are not 
part of that information sharing. I think we have a role to 
play, and we should be part of that information sharing.
    Thank you.
    Chairman Johnson. Thank you, General. Mr. Farmer.
    Mr. Farmer. Thank you, sir, very much for the opportunity. 
Thank you, Senator Carper, as well.
    I will open by referencing a point you asked about 
technology development, and really the key to advancing 
technological solutions is a combination of innovation and 
investment.
    And to the point about coordination, what the Partnership 
for Critical Infrastructure Cross-Sector Council, and you can 
hear the term ``council'' and ``coordinating committee'' and 
think you have just seen another range of inside-the-Beltway 
groups. But they are not. In particular, this Cross-Sector 
Council that I am privileged to represent dates back 16 years 
now. That is a commitment by industry to working in concert, 
across sectors and with government, on matters relating to 
critical infrastructure protection. And there is a laboratory 
of ideas there. It is an ability to bring all that talent, that 
expertise together, in industry and government, to look at the 
sorts of problems we talked about today.
    In some cases, we can look to near-term solutions that can 
help ameliorate some of the concerns, and then look through a 
technological development program to those longer-term 
innovative investments. DHS is starting this year and 
coordinated with our council in its development of a Resilience 
Challenge Program. The purpose of that is to do exactly what 
Senator Carper alluded to: Let us inspire some innovative ideas 
on how we can address some of these challenges.
    And, again, we are looking at a two-phased approach. In 
some cases there are things we can do to mitigate problems now, 
and some are going to take a long time. But just because it 
takes a long time does not mean we should not be innovating and 
investing in that direction. Quite the contrary. If it is going 
to take a long time, let us get moving on it and let us use 
initiatives like a resilience challenge or some other similar 
investment program where we can combine public and private 
funds to advance these efforts.
    As I said, this council has been in effect for 16 years. It 
is a tremendous forum to create a foundation for the sort of 
cooperation between industry and government that can make 
progress in these important areas. Think about this term 
``public-private partnership.'' This is a new way of government 
and industry working together, sharing experiences, expertise, 
information, ideas on a common goal. What can we do together to 
take the sorts of actions, near term and long term, to enhance 
how well our infrastructure is protected and how well it can 
withstand various types of threats. And we are taking 
innovations in this process that would have been inconceivable 
just a few years ago.
    The day of the Paris attacks, we ratified an information-
sharing approach that we had exercised just a few days earlier, 
that we had to put into effect within a matter of hours. We 
have built on that since then. And to the general's point about 
integrating State and local government, we said to DHS there 
are going to be 
occasions when, whether it is a cyber threat or a physical 
threat or some broader concern--an electromagnetic pulse is one 
example--where you are going to want to share very quickly 
classified information, and you cannot wait days or weeks to 
get people in Washington, D.C., to do that. You have this 
tremendous infrastructure in the fusion centers that allows us 
to get on a secure video teleconference. Why aren't we using it 
to good effect to ensure that what formerly might have taken 
days or weeks can now be accomplished in a matter of hours?
    On April 26 of this year, we exercised that capability. The 
participants did not have notice of precisely when this event 
was going to occur. They received an emergency notification 
that morning. It simply said, ``Go to the fusion center where 
your clearance has been validated for a classified presentation 
by DHS.'' And we exercised it in six cities simultaneously, and 
it worked. We are going to exercise it again before our 
councils come together--Federal Government, industry, State and 
local--for a meeting in early July.
    The point is the coordination that this process allows 
creates opportunities for a kind of interaction between 
government and industry that simply has not happened at this 
level before. And that is the strength of the perspective that 
I think this cross-sector route brings.
    Some of these challenges are very daunting. Some of them 
are so daunting that inertia can set in and you kind of throw 
up your hands and say, ``What to do about it?'' But that is 
precisely what this group is designed to avoid. It is designed 
to bring together the right subject matter expertise, and 
through representatives like Scott and me to reach back for 
more. So I thank you for chance to talk about what we do.
    Chairman Johnson. I appreciate that. You can have the most 
wonderful processes, but one of the things I have noticed about 
Washington, D.C., there is an affliction that affects this 
place, and it is called the ``denial of reality.'' And in many 
respects, I think a lot of the discussion here is centered 
around the fact that we just deny this reality. The possibility 
of a low-probability event could be just catastrophic.
    Now, Mr. Koppel, I appreciate the way you opened your book 
with a little scenario, that if people do not read the entire 
book, at least read that. OK? It will lay out what a potential 
reality would look like. If we lose power for more than 6 
hours, it starts filtering into even days and then weeks and 
then months. So the first thing we have to do is recognize and 
admit this possibility, the reality, and start--because 
otherwise we will never take the first step in these processes, 
and it will take a very long time. Mr. Koppel.
    Mr. Koppel. Thank you, Mr. Chairman, Mr. Ranking Member. I 
think the observation I want to make most of all is that the 
Chinese are already in our power grid; the Russians are already 
inside our power grid. They may lack the motivation because of 
the interrelationship that we have with both those governments 
to take action against our grid, but they can do it. We live in 
an age of cyber warfare. Cyber warfare is going on all of the 
time on every different stage of our lives.
    The fact that the governments like North Korea, for 
example, which are desperately seeking the same kind of cyber 
sophistication that the Russians and the Chinese have, the fact 
that they do not yet have it should not be the source of any 
particular comfort to us. The fact that organizations like 
ISIS, which still probably have $1 to $2 billion in resources, 
have not yet used that money to buy the expertise to attempt 
perhaps a cruder kind of cyber attack on our power grid should 
not give us a great deal of confidence.
    And I would like to add one other point that I suspect will 
be politically very controversial. I do not think the 
Department of Homeland Security is best equipped to deal with 
this issue. The National Security Agency is by far the most 
sophisticated body in the U.S. Government to deal with it, and 
I think leaving it up to a department that has one of the 
lowest rankings in Federal Government and allowing ourselves to 
be concerned more about privacy than about security clearly is 
the subject for a whole other hearing. But I did not want to 
let this one conclude without at least raising the issue.
    Thank you, Mr. Chairman.
    Chairman Johnson. I appreciate your comments, and, again, I 
appreciate your book. Mr. Aaronson.
    Mr. Aaronson. Chairman Johnson, Senator Carper, it may 
surprise you to hear ``thank you.'' I appreciate you all 
holding this hearing. And it also may surprise you that the 
industry agrees with a lot of what is being said. We do take 
this seriously. And we do understand the threats that exist out 
there.
    I will tell you a quick anecdote. About 4 years ago now, 
several CEOs were in Colorado Springs for a board meeting, 
about 70 of them. We brought them over to NORTHCOM for a 
classified briefing, and the CEOs heard from the Intelligence 
Community, from the Department of Defense, from other agencies, 
some of the threats that were out there. And what came as a 
surprise, I think, to the government participants was the CEOs 
were not raising their hands saying, ``Is there really a 
problem? We do not see this.''
    ``Yes, there is a problem. What can we do about it?''
    And from that one meeting has been born this incredibly 
effective relationship between CEOs and senior government 
officials. Now, I occasionally joke that CEOs do not do work. 
But they do provide accountability. They do provide a 
direction. They provide resources. And when the people in the 
corner office care about something, it is amazing how the rest 
of the enterprise does.
    So what we are seeing is, up to and including the CEO 
level, security of the electric grid is a priority for this 
industry. In Mr. Koppel's book, there is a chapter titled 
``Guardians of the Grid.'' We are, and we take that very 
seriously.
    The other thing I would leave you with is there are a lot 
of movie script scenarios out there that have been referred to. 
I had the opportunity to testify in a State capital and had to 
tell whether or not ``Die Hard 4'' was actually a plausible 
scenario. Let us not use movie scripts to dictate public 
policy. My problem is when I come into venues like this I am 
giving issues of popular mechanics and resilience and 
redundancy and all of the things that can and might happen, 
might not happen, and we are studying it. I get bored just 
saying that. So I understand that we need to be informing 
public policy in a reasonable and rational way, understanding 
that these high-impact, low-probability events are something we 
absolutely have to put on the spectrum, but also understanding 
that there are a lot of things that happen day to day that 
require our attention as well. The Chinese, other sophisticated 
adversaries, that is where government and industry absolutely 
have to partner.
    Now, I do not have an opinion on what Mr. Koppel said about 
whether or not DHS is the right place or the wrong place. We 
have had a wonderful experience working with the Department of 
Homeland Security and particularly NPPD. But I would suggest 
this is a whole-of-community issue. And by ``whole of 
community,'' I do mean north-south, between the government and 
the industry, the industry and the government, and east-west 
across the critical sectors. And Tom talked about what we are 
doing with the railroads, but we are seeing very similar 
partnerships with communications, with financial services, with 
the water sector, with the gas sector.
    So we are learning. We are looking at preparation. You 
build the roof when it is not raining, and that is what we are 
doing today. I think the industry has learned some great 
lessons from what has happened in Ukraine, from what has 
happened from the quite literally decades of natural disasters. 
And I want to leave you with the one parting thought that while 
there are 45,000 substations in the United States, it is the 
definition of a soft target. It is also exceedingly resilient 
and redundant. There is a lot of excess capacity, and we are 
working to grow that continually.
    And then the last thing I would say is, as you all consider 
policies, let us not have a rush toward automation. Let us not 
have a rush toward the newest, shiniest object. Let us think 
about how policy decisions, just as we think about how 
investments decisions, will have an impact on the security, 
reliability, and resiliency of the grid.
    So, again, I thank you for having me here today.
    Chairman Johnson. I am the guy who is talking about manual 
breakers in Ukraine that kind of saved them. Senator Carper.
    Senator Carper. Thank you. I just want to come back to the 
question of the competency of the Department of Homeland 
Security. Mr. Koppel, I shared your views 4, 5, 6 years ago. 
The previous Chairs of this Committee--Susan Collins, Joe 
Lieberman, and me--and now Senator Johnson have worked long and 
hard to try to change that reality, and that was a reality half 
a dozen years ago, even 3 or 4 years ago. And I will not go 
through the entire list of things, but there was a time--we 
used to have the problem when I was Governor of Delaware--we 
hired people to work in information technology, hire them, 
train them, put them to work, and somebody would come along and 
hire them away. So we would hire some more. You guys know what 
I mean. We would hire some more people, train them, and they 
would go to work in IT, and somebody would hire them away.
    As it turns out, the National Security Agency has the 
ability to hire people, pay them more money, retention bonuses 
and that sort of thing. The Department of Homeland Security 
never had that. So they would hire people, train them, and they 
would get hired away by NSA.
    One of the things we have done is to make sure that 
Homeland Security has the ability to actually compete in a 
market that is really tough in terms of hiring--recruiting, 
hiring, and retaining cyber warriors.
    I will not go through all of the other things that we have 
done, but we have worked long and hard for years, and I think--
what is the old saying, the old tagline on Oldsmobile: ``This 
is not your grandfather's Oldsmobile.'' This is not the 
Department of Homeland Security of even 4 or 5 years ago. And 
can they do better? Sure, they can do better. They can always 
do better.
    The last thing I would say, the general here is wearing an 
Air Force uniform; I used to wear a Navy uniform. And there is 
a friendly inter-service rivalry, as you know, and I was with 
an Army guy the other day, and he was jagging me about being in 
the Navy. And I said, we wear different uniforms, but we are on 
the same team. We are on the same team. And the same is true 
with Homeland Security and NSA, and we need both of them to be 
really bringing their ``A'' game to the contest every day, 
because as you suggest, there is a real battle across the land.
    The other thing I would say is I was in China about a month 
ago, and you may recall that President Xi, the Chinese 
President, was here last September. One of the things that our 
President confronted him about was cyber theft for stealing 
intellectual property for economic advantage. He basically said 
to him, ``You have to stop this.'' The Chinese always say, 
``Oh, we do not do that.'' Well, they do. They have done it for 
years.
    But you know what happened? The President said, our 
President said, in so many words, ``You keep doing this, and 
the kind of sanctions we have imposed on Iran, we can do that 
with you. And we are your major trading partner.''
    So think about that. Since then, the incidence of cyber 
theft for intellectual property for economic advantage with 
respect to China has gone down. It is pretty interesting. A guy 
named Dave Dewalt who runs FireEye Mandiant, a big 
cybersecurity company, reported just last week or 2 weeks ago 
that we have seen a continued drop there.
    The other thing, Iran for many years was going after our 
banks, trying to shut down our banks, going on their websites, 
started closing them down, and it is called ``distributive 
denial of service.'' And one week after we entered into this 
joint agreement with Iran and five other nations, those attacks 
just stopped. They just stopped.
    And so let us keep that in mind. There are things we can do 
and that we need to do to be resilient, but the Chairman and I 
believe--we are very much into root causes, and sometimes--now 
China has some intellectual property they want to protect, so 
they have a dog in the fight. And they also have the threat of 
if they keep up this stuff, they will pay the price for that.
    The Iranians, they have been given a chance to be a good 
player. We will see how things continue if they keep their 
word. I think so far they have. And at least those attacks on 
our financial institutions have stopped.
    Chairman Johnson. Thank you, Senator Carper.
    Let me just close out the hearing reminding everybody that 
Dr. Richard Garwin--again, whom Enrico Fermi referred to as one 
of the few true geniuses he ever met--in testimony before this 
Committee reminded us of a solar event on the order of 
magnitude of the Carrington Effect happens once about every 100 
years. In other words, we talk about low probability/high 
catastrophic, that is about a 10-percent chance every decade, 
every 10 years, of having a massive solar storm affect our 
electrical grid. So maybe not quite so low a probability.
    Again, I want to thank all of the witnesses. I think this 
has been an extremely good hearing. It has certainly helped lay 
out a reality that hopefully we stop denying.
    This hearing record will remain open for 15 days until June 
2, 5 p.m., for the submission of statements and questions for 
the record. This hearing is adjourned.
    [Whereupon, at 12:05 p.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]