[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]




  EMPTY THREAT OR SERIOUS DANGER: ASSESSING NORTH KOREA'S RISK TO THE 
                                HOMELAND

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                             OVERSIGHT AND
                         MANAGEMENT EFFICIENCY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 12, 2017

                               __________

                           Serial No. 115-33

                               __________

       Printed for the use of the Committee on Homeland Security
                                     


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                     

        Available via the World Wide Web: http://www.govinfo.gov

                               __________


                         U.S. GOVERNMENT PUBLISHING OFFICE 

28-820 PDF                     WASHINGTON : 2018 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
     

























                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Sheila Jackson Lee, Texas
Mike Rogers, Alabama                 James R. Langevin, Rhode Island
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Lou Barletta, Pennsylvania           William R. Keating, Massachusetts
Scott Perry, Pennsylvania            Donald M. Payne, Jr., New Jersey
John Katko, New York                 Filemon Vela, Texas
Will Hurd, Texas                     Bonnie Watson Coleman, New Jersey
Martha McSally, Arizona              Kathleen M. Rice, New York
John Ratcliffe, Texas                J. Luis Correa, California
Daniel M. Donovan, Jr., New York     Val Butler Demings, Florida
Mike Gallagher, Wisconsin            Nanette Diaz Barragan, California
Clay Higgins, Louisiana
John H. Rutherford, Florida
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
                   Brendan P. Shields, Staff Director
                 Steven S. Giaier, Deputy Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                  Hope Goins, Minority Staff Director
                                 ------                                

          SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY

                  Scott Perry, Pennsylvania, Chairman
Jeff Duncan, South Carolina          J. Luis Correa, California
John Ratcliffe, Texas                Kathleen M. Rice, New York
Clay Higgins, Louisiana              Nanette Diaz Barragan, California
Ron Estes, Kansas                    Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Ryan Consaul, Subcommittee Staff Director
      Erica D. Woods, Interim Subcommittee Minority Staff Director
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Scott Perry, a Representative in Congress From the 
  State of Pennsylvania, and Chairman, Subcommittee on Oversight 
  and Management Efficiency:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable J. Luis Correa, a Representative in Congress From 
  the State of California, and Ranking Member, Subcommittee on 
  Oversight and Management Efficiency:
  Oral Statement.................................................     3
  Prepared Statement.............................................     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     5

                               Witnesses

Mr. Frank J. Cilluffo, Director, Center for Cyber and Homeland 
  Security, The George Washington University:
  Oral Statement.................................................     7
  Prepared Statement.............................................     8
Mr. Anthony Ruggiero, Senior Fellow, Foundation for Defense of 
  Democracies:
  Oral Statement.................................................    13
  Prepared Statement.............................................    14
Mr. Patrick R. Terrell, Senior Research Fellow, Center For the 
  Study of Weapons of Mass Destruction, National Defense 
  University:
  Oral Statement.................................................    19
  Prepared Statement.............................................    21
Mr. Jeff Greene, Senior Director, Global Government Affairs and 
  Policy, Symantec Corporation:
  Oral Statement.................................................    25
  Prepared Statement.............................................    27
Dr. Peter Vincent Pry, Chief of Staff, Commission to Assess the 
  Threat to the United States From Electromagnetic Pulse Attack:
  Oral Statement.................................................    30
  Prepared Statement.............................................    31

                                Appendix

Questions From Chairman Scott Perry for Frank J. Cilluffo........    65
Questions From Honorable John Ratcliffe for Frank J. Cilluffo....    65
Questions From Chairman Scott Perry for Jeff Greene..............    65
Questions From Honorable John Ratcliffe for Jeff Greene..........    65
Questions From Honorable Jeff Duncan for Peter Vincent Pry.......    66

 
  EMPTY THREAT OR SERIOUS DANGER: ASSESSING NORTH KOREA'S RISK TO THE 
                                HOMELAND

                              ----------                              


                       Thursday, October 12, 2017

             U.S. House of Representatives,
                    Committee on Homeland Security,
                             Subcommittee on Oversight and 
                                     Management Efficiency,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:02 p.m., in 
room HVC-210, Capitol Visitor Center, Hon. Scott Perry 
(Chairman of the subcommittee) presiding.
    Present: Representatives Duncan, Higgins, Estes, Perry, 
Correa, Rice, and Barragan.
    Also present: Representative Jackson Lee.
    Mr. Perry. Good afternoon, everybody. The Committee on 
Homeland Security, Subcommittee on Oversight and Management 
Efficiency will come to order.
    The purpose of this hearing is to examine the risks posed 
by North Korea to Homeland Security, and recommendations for 
the Department of Homeland Security to be better prepared to 
mitigate these risks. The Chair recognizes himself for an 
opening statement.
    It is no secret that Kim Jong-un and his maniacal regime in 
North Korea have ratcheted up tensions with the United States 
at an alarming rate. With the knowledge that North Korea 
conducted over 20 missile tests on over a dozen different 
occasions between February and September 2017, including tests 
of intercontinental ballistic missiles, many Americans and our 
allies around the globe remain on edge. However, Americans may 
rightly wonder about North Korea's ability to threaten the 
homeland directly.
    Intelligence from the hermit kingdom is oftentimes 
inconsistent and limited. Despite these intelligence 
challenges, information that has been gathered is reason enough 
for alarm. For example, according to media reports, two North 
Korean shipments to a Syrian government agency responsible for 
the country's chemical weapons program were intercepted in the 
past 6 months. While these reports did not detail exactly what 
the shipments to Syria contained, this is not the first time a 
North Korean ship has been seized due to carrying suspected 
missile system components. In 2013, a North Korean ship was 
intercepted in the Panama Canal with false manifests, and 
hidden under legitimate cargo parts for fighter jets and 
rockets.
    In addition, according to the Council on Foreign Relations, 
recent estimates suggest that North Korea's nuclear weapons 
stockpile comprises 10 to 16 nuclear weapons, and has the 
potential to grow rapidly by 2020 to potentially 125 weapons. 
Furthermore, the Center of Nonproliferation Studies estimates 
North Korea has between 2,500 and 5,000 metric tons of chemical 
weapons. And as we are all aware with the assassination of Kim 
Jong-un's half brother with a deadly nerve agent, those weapons 
have already been put to use.
    Whether or not North Korea intends to act on any of its 
threats to the United States directly, we must also keep in 
mind that Pyongyang is willing and able to supply weaponry, 
expertise, or technology to other hostile nation-states and 
possibly non-nation-state actors that are intent on destroying 
the United States and the freedoms we stand for.
    Former Department of Homeland Security Secretary John Kelly 
stated in April that the most eminent threat from North Korea 
is a cyber threat. North Korea's increasingly sophisticated 
cyber program has the ability to pose a major threat to the 
United States' interests. For example, Federal prosecutors are 
investigating North Korea for a possible role in the 
international banking system, or the SWIFT, hack that resulted 
in the theft of $81 million from the Central Bank of Bangladesh 
in 2016. In late 2014, the computer systems of Sony Pictures 
Entertainment were infiltrated, which was said to have been in 
retaliation over expressed outrage over the Sony-backed film 
centered on Kim Jong-un.
    With a growing variety of digital threats against the 
private sector and Federal networks, are we prepared to 
safeguard our infrastructure against a North Korean-led cyber 
attack? While a cyber attack from North Korea is a serious risk 
we face, we cannot discount other possible threats, such as an 
electromagnetic pulse, or an EMP. An EMP, while some believe as 
a low probability, has the potential to be a catastrophic event 
that could result in paralyzing the United States electric grid 
and other key infrastructure that rely on the electric grid to 
function.
    Disruption to our power grids would be disastrous. 
According to a 2016 Government Accountability Office, or GAO, 
report, a major EMP event could result in potential cascading 
impacts on fuel distribution, transportation system, food and 
water supplies, and communications and equipment for emergency 
services.
    As North Korea continues its belligerent actions, the 
United States must be prepared to protect the homeland from an 
array of threats. The Department of Homeland Security has a 
vital role in protecting our cyber space and critical 
infrastructure, and preventing chemical, biological, 
radiological, and nuclear terrorism.
    This hearing will allow us to gain a greater understanding 
of the multitude, severity, and probability of threats posed by 
North Korea, and how the Department of Homeland Security can 
best prepare for and mitigate these risks.
    [The statement of Chairman Perry follows:]
                   Statement of Chairman Scott Perry
                            October 12, 2017
    It is no secret that Kim Jong-un and his maniacal regime in North 
Korea have ratcheted up tensions with the United States at an alarming 
rate. With the knowledge that North Korea conducted over 20 missile 
tests on over a dozen different occasions between February and 
September 2017--including tests of intercontinental ballistic missiles, 
many Americans and our allies around the globe remain on edge. However, 
Americans may rightly wonder about North Korea's ability to threaten 
the homeland directly. Intelligence from the ``Hermit Kingdom'' is 
oftentimes inconsistent and limited. Despite these intelligence 
challenges, information that has been gathered is reason enough for 
alarm.
    For example, according to media reports, two North Korean shipments 
to a Syrian government agency responsible for the country's chemical 
weapons program were intercepted in the past 6 months. While these 
reports did not detail exactly what the shipments to Syria contained, 
this is not the first time a North Korean ship has been seized due to 
carrying suspected missile-system components. In 2013, a North Korean 
ship was intercepted in the Panama Canal with false manifests, and 
hidden under legitimate cargo, parts for fighter jets and rockets.
    In addition, according to the Council on Foreign Relations, recent 
estimates suggest that North Korea's nuclear weapons stockpile 
comprises 10 to 16 nuclear weapons, and has the potential to grow 
rapidly by 2020, to potentially 125 weapons. Furthermore, the Center 
for Nonproliferation Studies estimates North Korea has between 2,500 
and 5,000 metric tons of chemical weapons, and as we are all aware with 
the assassination of Kim Jong-un's half-brother with a deadly nerve 
agent, those weapons have already been put to use. Whether or not North 
Korea intends to act on any of its threats to the United States 
directly, we must also keep in mind that Pyongyang is willing and able 
to supply weaponry, expertise, or technology to other hostile nation-
states, and possibly non nation-state actors that are intent on 
destroying the United States and the freedoms we stand for.
    Former Department of Homeland Security Secretary, John Kelly, 
stated in April that the most imminent threat from North Korea is a 
cyber threat. North Korea's increasingly sophisticated cyber program 
has the ability to pose a major threat to U.S. interests. For example, 
Federal prosecutors are investigating North Korea for a possible role 
in the international banking system, SWIFT, hack that resulted in the 
theft of $81 million from the central bank of Bangladesh in 2016. In 
late 2014, the computer systems of SONY Pictures Entertainment were 
infiltrated, which was said to have been in retaliation over expressed 
outrage over the Sony-backed film centered on Kim Jong-un.
    With a growing variety of digital threats against the private 
sector and Federal networks, are we prepared to safeguard our 
infrastructure against a North Korean-led cyber attack?
    While a cyber attack from North Korea is a serious risk we face, we 
cannot discount other possible threats, such as an electromagnetic 
pulse event (EMP). An EMP, while some believe as a low probability, has 
the potential to be a catastrophic event that could result in 
paralyzing the U.S. electric grid and other key infrastructures that 
rely on the electric grid to function. Disruption to our power grids 
would be disastrous. According to a 2016 Government Accountability 
Office (GAO) Report, a major EMP event could result in ``potential 
cascading impacts on fuel distribution, transportation systems, food 
and water supplies, and communications and equipment for emergency 
services.''
    As North Korea continues its belligerent actions, the United States 
must be prepared to protect the homeland from an array of threats. The 
Department of Homeland Security has a vital role in protecting our 
cyber space and critical infrastructure and preventing chemical, 
biological, radiological, and nuclear terrorism. This hearing will 
allow us to gain a greater understanding of the multitude, severity, 
and probability of threats posed by North Korea and how the Department 
of Homeland Security can best prepare for and mitigate these risks.

    Mr. Perry. The Chair now recognizes the Ranking Minority 
Member of the subcommittee, the gentleman from California, Mr. 
Correa, for a statement.
    Mr. Correa. Thank you, Chairman Perry. Welcome all our 
guests here today, the panelists. Thank you, sir, for holding 
today's hearing on threats of North Korea to our great country. 
Again, I thank the witnesses for being here today.
    I also want to take a moment to send my thoughts and 
prayers to those affected by the California, southern 
California wildfires. In my district, many folks very near and 
dear to me have been evacuated. My staffers and friends have 
had to be evacuated from their homes, and a couple of camps 
receiving those evacuated are actually in my district. So our 
thoughts and prayers are with them as well as others in 
California.
    I also want to thank the first responders for, again, doing 
the work they are doing right now in and around my district.
    Mr. Chairman, while I recognize the seriousness of North 
Korea and threats it poses to us, I just want to take a moment 
to acknowledge that we also have to look at those affected by 
Hurricanes Harvey, Irma, and Maria, and I hope we give them 
attention as well.
    Coming back to North Korea, America's current diplomatic 
policy must be cautious in engaging this individual, this 
leadership that appears to be very unpredictable. Reports do 
confirm that North Korea's accelerating the pace of its missile 
testing, devoting more of its resources to develop its cyber 
operations, and threatening to create a multifunctional nuclear 
bomb.
    Recent actions, such as the North Korean-connected hacking 
group that successfully stole $81 million from banks in 
Bangladesh and southeast Asia, show that North Korea is getting 
more daring and much more functional with their cyber 
operations.
    From the witnesses today, I look forward to hearing from 
you and how this Department of Homeland Security can better 
protect the vulnerable, critical infrastructure of cyber, cyber 
threats, and how we can mitigate such threats here in our 
country.
    Further, while the probability of an electromagnetic pulse 
appears to be at this time unlikely, North Korea has made it 
clear that it is testing its ability to make a hydrogen bomb 
capable of such destruction. So my question to you is, is an 
EMP something that is a threat at this time or very soon?
    Speaking on his frustration with President Trump, North 
Korea's leader stated that Trump ``denied the existence of and 
insulted me and my country in front of the eyes of the world.'' 
My question in this, is this anything new or is this what has 
been going on for the last 20 years?
    I am interested in hearing today from the witnesses in this 
panel, what happens if the unthinkable happens? What would 
happen the first 10, 20, 30 minutes of an all-out war? A 
hypothetical scenario, but I think it is one that we need to be 
apprised of.
    With that, Mr. Chair, I thank you. I yield back the balance 
of my time.
    [The statement of Ranking Member Correa follows:]
               Statement of Ranking Member J. Luis Correa
                            October 12, 2017
    I would like to take a moment to send my thoughts and prayers to 
those in California, including my home district, affected by 
devastating wildfires. Thank you to the first responders and local 
emergency personnel for acting so quickly to evacuate impacted areas to 
save lives and protect property.
    I would also like to take a moment to acknowledge those affected by 
Hurricanes Harvey, Irma, and Maria. I am frustrated by the slow 
response by FEMA and the Trump administration, particularly for Puerto 
Rico. Instead of blaming victims, President Trump should be ensuring 
his administration gets aid to those without water, food, and 
electricity and working with stakeholders to help devastated 
communities recover.
    Further, while I recognize the serious National security threat 
posed by North Korea, I would note that there are pressing matters 
squarely within this committee's jurisdiction and oversight 
responsibilities. I hope we can give them the attention they are due.
    In regards to North Korea, America's current diplomatic policy is a 
dangerous game--to engage in a public threat war with the world's most 
unpredictable bully. According to experts, President Trump's 
unabashedly undiplomatic rhetoric--threatening to destroy North Korea--
has created an impression that it is actually the United States, 
instead of North Korea, that is motivated by aggression.
    Clearly, North Korea is stepping up the pace of its missile 
testing, devoting more resources to further develop its cyber 
operations, and threatening the creation of a multi-functional nuclear 
bomb with destructive power.
    Recent actions--such as a North Korea-connected hacking group 
successfully stealing $81 million from banks in Bangladesh and 
Southeast Asia--show that North Korea is getting more daring with its 
cyber operations.
    I look forward to hearing from the witnesses today how the 
Department of Homeland Security can better protect vulnerable critical 
infrastructure in response to cyber threats and provide assistance in 
mitigation efforts. Further, while the probability of an EMP attack is 
unlikely, North Korea has made it clear it is testing its ability to 
make a hydrogen bomb capable of such destruction.
    Speaking on his frustrations with Trump, North Korea's leader, Kim 
Jong-Un, stated that Trump ``denied the existence of and insulted me 
and my country in front of the eyes of the world.'' President Trump's 
own words aid North Korea's propaganda and create pressure for North 
Korea to respond with its own provocation.
    I also look forward to today's witnesses addressing how this 
administration has escalated the situation with North Korea and 
exacerbated an already-serious foreign policy matter.

    Mr. Perry. The Chair thanks the gentleman, and would also 
like to join you in echoing my concerns for those affected in 
and around your district, and of course in California, the 
wildfires, and the first responders, as well as the victims of 
the recent hurricanes here in the continental United States and 
our citizens in Puerto Rico and the Caribbean.
    With that, other Members of the subcommittee are reminded 
that opening statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                            October 12, 2017
    Undoubtedly, the threat posed by North Korea is one of the most 
complex challenges to our National security. Daily, we hear of North 
Korea's targeting our Nation--including our way of life. These threats, 
if carried out, could cause unprecedented devastation to our Nation.
    Under the Kim Jong-un regime, North Korea has executed 98 ballistic 
missile tests and 6 underground nuclear tests overall. This year alone, 
North Korea has fired 22 missiles during 15 tests, including an 
intercontinental ballistic missile (ICBM)--a missile that is reported 
to reach anywhere in the world--launched on July 4, 2017.
    Given the relationship between the United States and North Korea, 
it can be concluded that the purpose of the tests is producing missiles 
capable of reaching this country. North Korea's cyber capabilities also 
raise serious concerns, as the effects of cyber warfare can be 
crippling.
    Along with Russia, U.S. intelligence officials have long considered 
North Korea among the world's most dangerous cyber actors in terms of 
their ability to inflict damage via computer networks. The intelligence 
community has warned that North Korea has plans to execute a large-
scale cyber attack on our critical infrastructure.
    Furthermore, according to a recent and alarming CNN article, a 
Russian telecommunications firm is now providing North Korea a new 
internet connection, thus potentially augmenting North Korea's cyber 
attacking capabilities while deepening its ties to the Nation 
responsible for hacking the 2016 U.S. election.
    Today, I see that there is an effort in this body to place a 
serious focus on this threat. That sentiment is not shared down the 
street at 1600 Pennsylvania Avenue. Unfortunately, President Trump 
seemingly is uninterested in handling this threat in a diplomatic 
fashion.
    Instead, the President engages in a public ``war of words'' with 
North Korean leader Kim Jong-un, escalating tensions at a time when the 
need for appropriate sanctions and strategic diplomacy could not be 
greater. What is also appalling is the President's focus on disparaging 
the Nation's top diplomat and challenging his IQ.
    Instead, the President should devote his attention to the North 
Korean threat rather than tweeting and hurling insults all for the sake 
of attention.
    I look forward to having a productive discussion on the threats 
posed by North Korea to the United States and the steps the Department 
of Homeland Security can take to mitigate those threats.

    Mr. Perry. We are pleased to have a distinguished panel of 
witnesses before us today. The witnesses' entire written 
statements will appear in the record. The Chair will introduce 
the witness first and then recognize each of you for your 
testimony.
    All right. Mr. Frank Cilluffo--is that correct, sir?
    Mr. Cilluffo. That is correct.
    Mr. Perry. All right--is an associate vice president at the 
George Washington University and director of its Center for 
Cyber and Homeland Security. He previously served in numerous 
homeland security positions in the White House and Homeland 
Security Advisory Council. Welcome, sir.
    Mr. Anthony Ruggiero--is that correct or close enough?
    Mr. Ruggiero. Close enough.
    Mr. Perry. OK--is a senior fellow with the Foundation of 
Defense of Democracies. He served in the Treasury Department as 
director of the Office of Global Affairs and the Office of 
Terrorist Financing and Financial Crimes, and spent 13 years in 
various positions in the State Department. Welcome, sir.
    Mr. Patrick Terrell is a senior research fellow at the 
Center for the Study of WMD, Weapons of Mass Destruction, at 
the National Defense University. He served in the U.S. Army 
Chemical Corps for 27 years and was the WMD military adviser 
and deputy director for chemical, biological, radiological, and 
nuclear defense policy in the Office of the Deputy Assistant 
Secretary of Defense for Countering WMD. Sir, thank you for 
your service and welcome.
    Mr. Jeff Greene is a senior director of global government 
affairs and policy at Symantec, where he leads a team focused 
on cybersecurity, data integrity, and privacy issues. Prior to 
joining Symantec, he served in staff positions on the Senate 
Homeland Security and Governmental Affairs and House Homeland 
Security Committees and as an attorney with a Washington, DC 
law firm. Welcome, sir.
    Dr. Peter Vincent Pry is a Nationally-recognized expert on 
electromagnetic pulse, or EMP. Dr. Pry was most recently chief 
of staff of the EMP Commission, and has served on the staffs of 
various Congressional commissions related to National security, 
as well as the House Armed Services Committee, and was an 
intelligence officer with the Central Intelligence Agency. 
Welcome, sir.
    Thank you all for being here today.
    The Chair recognizes now Mr. Cilluffo for an opening 
statement. Sir.

STATEMENT OF FRANK J. CILLUFFO, DIRECTOR, CENTER FOR CYBER AND 
      HOMELAND SECURITY, THE GEORGE WASHINGTON UNIVERSITY

    Mr. Cilluffo. Chairman Perry, Ranking Member Correa, and 
distinguished Members of the subcommittee, thank you for the 
opportunity to testify before you today on such a critical set 
of issues.
    North Korea poses an increasingly complex and 
multidimensional threat to the U.S. homeland. The many facets 
of the challenge include, obviously, the nuclear threat, the 
missile threat, and the proliferation threat. My own remarks 
will focus on the cyber threat.
    As regards to the cyber aspect, it should be flagged up 
front that it is not one-dimensional. To the contrary, it may 
manifest itself in at least three ways: As a stand-alone cyber 
threat; as a component in conjunction with a broader campaign, 
i.e., military or kinetic means; or as an indicator of an 
attack or campaign that is yet to come, the cyber equivalent of 
intelligence preparation of the battlefield or the mapping of 
our critical infrastructures.
    At a conference we co-hosted with the Central Intelligence 
Agency just last week, a senior CIA official described North 
Korea as between bookends: The fear of Chinese abandonment on 
the one hand and the fear of U.S. strike on the other. The 
official stated further that North Korea exists to oppose the 
United States, and that Kim Jong-un defines winning as staying 
in the game. It is against this background, the overriding 
survival of the Kim regime and the Songun or military-first 
policy, that the North Korean cyber threat must be considered 
and evaluated.
    In terms of the bottom-line up-front, the cyber threat is 
already here. It is persistent, on-going, and comes in various 
guises and forms. The battlefield today includes the 
traditional air, land, sea, space, but increasingly cyber 
space, which is simultaneously its own domain and transcends 
all the other domains.
    The question is if and when the North Korean cyber activity 
escalates, moving higher up the chain of conflict, going beyond 
traditional computer network exploit and cyber crime to bigger 
and more destructive attacks. If so, what are the primary 
targets? How can we thwart the attacks or minimize the impact 
through contingency planning and building resilience into our 
networks and systems?
    At the high end of the threat spectrum are nation-states 
whose military and intelligence services are integrating 
computer network attack and computer network exploit into their 
warfighting strategy and doctrine.
    North Korea is one of a small handful of countries that top 
the list from a U.S. National security perspective. While many 
of the details of their actual cyber warfare capabilities are 
shrouded in secrecy, we do know that North Korea has invested 
heavily in building out their cyber capabilities. A 2015 report 
by the South Korean defense ministry estimates that the North 
Korean cyber army employs an elite squad of 6,000 hackers. This 
number has likely increased, and it's worth noting that many of 
these hackers operate outside of Pyongyang, in northeast China 
and Southeast Asia. While not up yet up to par with the likes 
of say, Russia or China, what North Korea may lack in 
capability, it unfortunately more than makes up for with 
intent.
    North Korea has engaged in both extensive espionage as well 
as disruptive and destructive activities or CNA. They operate 
without compunction. Recent reports of pilfering of Classified 
information from the South Korean military and the targeting of 
U.S. energy companies and other industrial control systems here 
is troubling and reflective of their persistent espionage. The 
attack on Sony is just one example of a destructive activity. 
There are sadly many, many more in South Korea.
    But perhaps what differentiates North Korea from other 
cyber actors is that they have turned to cyber crime to raise 
revenue, including funding their nuclear aspirations, 
especially given recent sanctions that are levied upon them. 
They have been pegged as the likely culprit, as both you, Mr. 
Chairman, and the Ranking Member have highlighted, behind a 
string of cyber bank robberies as far as Poland, but also the 
SWIFT hack on the Central Bank of Bangladesh, hacks against 
bitcoin and other cryptocurrency exchanges, and the WannaCry 
ransomware attack, which impacted 150 countries.
    If past is prologue, we ought to be prepared for a further 
spike in North Korean cyber crime. While the cyber twists may 
be relatively new, such behavior is not. North Korea has long 
turned to criminal activity, such as counterfeiting, currency, 
cigarettes, pharmaceuticals, to fill its coffers. Whereas 
traditionally forces of crime seek to penetrate the state, in 
the case of North Korea, the opposite is true, with the country 
often using diplomatic cover to pursue illegal activities. In 
essence, they are using national collection means, using all 
source intelligence for criminal gain or more aptly to be 
compared to as a state sponsor of cyber crime.
    One word on what we do about this. Bottom line, we need to 
train more and better, we need to exercise. I think contingency 
plans are really important, make the big mistakes on the 
practice field, not when it is game day. DHS has done some good 
work in terms of sharing of information intelligence, such as 
HIDDEN COBRA, where they provided TTPs and indicators of North 
Korean activity. This is so vital because that is going to be 
the warning. That is going to be the indicator that something 
bigger may be afoot.
    In terms of the broader threat picture, other potential 
scenarios like EMP, that will require a much broader response, 
and it will need to include partners like DOD, as DHS and the 
utilities would likely be overwhelmed in such a scenario. I 
hope there is more time to get into that during the Q&A.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. Cilluffo follows:]
                Prepared Statement of Frank J. Cilluffo
                            October 12, 2017
    Chairman Perry, Ranking Member Correa, and distinguished Members of 
the subcommittee, thank you for the opportunity to testify before you 
today on this subject of National importance. North Korea poses an 
increasingly complex and multidimensional threat to the U.S. homeland. 
The many facets of the challenge include the nuclear threat, the 
missile threat, and the proliferation threat--which encompasses North 
Korea's role in the global arms trade of conventional and non-
conventional weapons. Other experts testifying before you today will 
focus on these and other aspects of the problem. My own remarks will 
focus on the cyber threat, though I will also touch on the issue of 
electromagnetic pulse (EMP). As regards the cyber aspect, it should be 
flagged upfront that it is not unidimensional. To the contrary, it may 
manifest in at least three ways: As a stand-alone cyber threat; as a 
cyber component of a broader campaign that makes use of other means 
(e.g., military); or as an indicator of an attack or campaign that is 
yet to come (cyber intelligence preparation (IPB) of the battlefield or 
mapping of critical infrastructure). After assessing the threat, I will 
turn to the role that DHS can and should play in countering that 
threat.
      the cyber threat that north korea poses to the u.s. homeland
    At the Central Intelligence Agency (CIA)'s fourth annual public 
conference on the Ethos and Profession of Intelligence (co-hosted by 
the George Washington University Center for Cyber & Homeland Security), 
a senior CIA official described North Korea as between ``bookends''--
the fear of Chinese abandonment on the one hand, and the fear of a U.S. 
strike on the other. The official stated further that North Korea 
``exists to oppose the United States,'' and that Kim Jong-un ``defines 
winning as staying in the game.''\1\ It is against this background, the 
overriding survival of the Kim regime and the ``Songun'' or military 
first policy, that the North Korean cyber threat must be considered and 
evaluated.
---------------------------------------------------------------------------
    \1\ https://www.youtube.com/watch?v=a-N_NqVe_uc&list=PL-
bQ6_vfcE05kAK-AX3uGxjLk- 0bVDhE3O&index=2.
---------------------------------------------------------------------------
    In prepared testimony before the full committee \2\ and one of your 
counterpart subcommittees,\3\ I have set out in some detail the nature 
of the cyber threat that North Korea poses to the U.S. homeland. Today 
I will build further upon that baseline. At the high end of the cyber 
threat spectrum are nation-states whose military and intelligence 
services are both determined and sophisticated in the cyber domain and 
are integrating computer network attack (CNA) and computer network 
exploit (CNE) into their warfighting strategy and doctrine--North Korea 
is one of a small handful of countries that top that list from a U.S. 
National security perspective. While many of the details about North 
Korea's cyber warfare capabilities are shrouded in secrecy (the same is 
true of their military capabilities writ large), we do know that North 
Korea has invested heavily in building cyber capabilities. A 2015 
report by the South Korean Defense Ministry estimates that the North 
Korean ``cyber army'' employs an elite squad of 6,000 hackers,\4\ many 
of whom operate abroad in northeast China and throughout South East 
Asia. And, what North Korea may lack in capability, it makes up for 
with intent.
---------------------------------------------------------------------------
    \2\ https://cchs.gwu.edu/sites/cchs.gwu.edu/files/
Cilluffo%20Testimony%20for%20HHSC%203-22-2017.pdf.
    \3\ https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/
HHSC_Testimony_Feb%2025-2016_Final.pdf.
    \4\ Martin Anderson, ``North Korea's Internet Tundra Breeds 
Specialised `Cyber Forces' Numbering 6,000,'' The Stack, January 7, 
2015. https://thestack.com/security/2015/01/07/north-koreas-internet-
tundra-breeds-specialised-cyber-forces-numbering-6000.
---------------------------------------------------------------------------
    North Korea has engaged in both disruptive and destructive activity 
in the cyber domain--meaning both computer network exploitation (CNE) 
and computer network attack (CNA; as distinct from espionage). North 
Korea operates without compunction, targeting U.S. companies; the most 
notorious case being the attack on Sony Pictures Entertainment. North 
Korea is just as aggressive within its region: In 2017, there has been 
a major increase in North Korean cyber attacks (attempted and 
successful) targeting South Korean companies and government.\5\ Senior 
Japanese cybersecurity officials confirmed this in recent meetings, and 
expressed significant concern about the increase in volume and the 
level of boldness of North Korean cyber activity. Recent news articles 
revealing alleged U.S. cyber activities aimed at stymieing North 
Korea's ballistic missile program will likely serve to increase the 
likelihood of additional North Korean cyber attacks.
---------------------------------------------------------------------------
    \5\ Charlie Campbell, ``The World Can Expect More Cybercrime from 
North Korea Now that China has Banned its Coal,'' Time, February 19, 
2017. http://time.com/4676204/north-korea-cyber-crime-hacking-china-
coal/.
---------------------------------------------------------------------------
    In order to raise revenue--and under particular pressure from 
sanctions imposed recently by the international community (including 
key trading partner China), following North Korean nuclear and missile 
testing--North Korea has turned to cyber crime, and is the prime 
suspect in a string of bank heists throughout Asia (SWIFT hack), as 
well as reportedly targeting ``bitcoin and other virtual currencies'' 
for theft (FireEye report).\6\ It has also been reported that the 
country is ``widely believed to be behind the WannaCry [ransomware] 
cyber attack which spread to more than 300,000 computers across 150 
countries.''
---------------------------------------------------------------------------
    \6\ Luke McNamara, ``Why is North Korea So Interested in Bitcoin?'' 
(September 11, 2017), https://www.fireeye.com/blog/threat-research/
2017/09/north-korea-interested-in-bitcoin.html. See also Ryan Browne, 
``North Korea appears to be trying to get around sanctions by using 
hackers to steal bitcoin,'' (September 12, 2017), https://www.cnbc.com/
2017/09/12/north-korea-hackers-trying-to-steal-bitcoin-evade-
sanctions.html.
---------------------------------------------------------------------------
                      state sponsor of cyber crime
    If past is prologue, we ought to be prepared for a further spike in 
North Korean State-sponsored and/or State-supported cyber crime. The 
former head of the United Kingdom's Government Communications 
Headquarters (GCHQ) reinforced this point the other day, stating 
bluntly, ``They're after our money.''\7\ While the cyber twist may be 
relatively new, such behavior is not: North Korea has long turned to 
criminal activity, such as counterfeiting (of currency including so-
called super-notes, pharmaceuticals, and cigarettes), to fill its 
coffers. In this way, the regime engages criminal proxies and their 
cyber prowess to help achieve the ends that will perpetuate the 
regime's survival. This convergence of nation-state and criminal forces 
heightens the dangers posed by both. Whereas, traditionally, it has 
been the forces of crime that seek to penetrate the state; in the case 
of North Korea, the opposite is true, with the country often using 
diplomatic cover to pursue illegal activities.
---------------------------------------------------------------------------
    \7\ Harvey Gavin, ``Hacking warning: Kim Jong-Un's henchmen to step 
up cyber attacks and target city of London,'' Express (October 1, 
2017), http://www.express.co.uk/news/uk/861007/north-korea-hackers-
target-uk-banks.
---------------------------------------------------------------------------
    North Korea's cyber strategy and tactics must be understood in 
broader context, as part and parcel of other geopolitical tools and 
goals (military, political, economic). The country's cyber capabilities 
are just one weapon in their arsenal, to be used in conjunction with 
other elements and for the purpose of achieving a wide range of goals 
and objectives. When assessed and appreciated in this way, North 
Korea's cyber activity may portend a broader campaign (including 
military operations), and thereby serve as an indicator or early 
warning of the intent to strike in other domains. And, cyber crime is 
undoubtedly helping fund North Korea's nuclear and missile programs. At 
the same time, from a cyber standpoint, North Korea is less vulnerable 
(relative to the countries it targets) to retaliation in-kind, since 
North Korea is not ``wired'' like most other nation-states. To the 
extent that the country is connected to the internet--for military and 
intelligence purposes, for example--it appears that efforts have been 
made to protect and maintain that cyber capability and resilience, by 
diversifying connectivity: Just days ago, it was reported that a 
Russian firm will provide North Korea with a second internet 
connection, thereby decreasing reliance on the previously single 
connection that a Chinese firm had provided; and expanding North 
Korea's cyber attack capability.\8\ There has also been chatter about 
Russian criminal support of North Korea's cyber activities.
---------------------------------------------------------------------------
    \8\ Reuters Staff, ``Russian firm provides new internet connection 
to North Korea,'' Reuters (Oct. 2, 2017), http://www.reuters.com/
article/us-nkorea-internet/russian-firm-provides-new-internet-
connection-to-north-korea-idUSKCN1C70D2?il=0.
---------------------------------------------------------------------------
    A further risk for the United States is electromagnetic pulse 
(EMP), which includes the threat posed by directed energy weapons. As 
defined by the Department of Energy, EMPs ``are intense pulses of 
electromagnetic energy resulting from solar-caused effects or man-made 
nuclear and pulse-power devices.''\9\ Nuclear EMP in particular--
generated by detonating a nuclear device at a high altitude--would have 
catastrophic effects for the electricity, communications, 
transportation, fuel, and water sectors (including others). EMP is a 
threat that the United States must address from both a strategic and 
operational perspective. In connection with North Korea, it may be 
tempting to think in binary terms; but we do so at our peril, for cyber 
tools/attacks, EMPs, missiles, kinetic actions, and so on, are not 
``either/or'' propositions. To the contrary--and, especially, if North 
Korea does not have the requisite launch capacity for its missiles (be 
they nuclear-tipped or conventional)--the country may turn to some 
combination of the foregoing (i.e., cyber plus . . . ). Significantly, 
just last month North Korea publicly stated, for the first time, that 
they have developed a hydrogen bomb that can be detonated at high 
altitudes thereby signaling ``interest and ability in an EMP 
attack.''\10\ While the probability of first use may currently be 
relatively low, the potential consequences and impact could be 
catastrophic and, therefore, the possibility must be taken seriously 
and treated accordingly.
---------------------------------------------------------------------------
    \9\ https://energy.gov/sites/prod/files/2017/01/f34/
DOE%20EMP%20Resilience%20Action%- 20Plan%20January%202017.pdf (at page 
1).
    \10\ Anthony Furey, ``North Korea openly threatens EMP attack for 
the first time, changing the game,'' Toronto Sun (September 3, 2017), 
http://m.torontosun.com/2017/09/03/north-korea-openly threatens-emp-
attack-for-the-first-time-changing-the-game.
---------------------------------------------------------------------------
    The chart on the following page captures, at a glance, the 
multidimensional nature of the North Korean cyber threat; and 
contextualizes it with selected examples.

                     NORTH KOREA--CYBER THREAT ACTOR
 
------------------------------------------------------------------------
            Strategy                  Discriptor            Example
------------------------------------------------------------------------
Computer Network Attack (CNA)...  Disruptive or       Hack of SONY
                                   destructive in      Pictures
                                   nature, cyber-      Entertainment
                                   specific/           Inc.
                                   exclusive or in
                                   combination with
                                   kinetic military
                                   operations.
Computer Network Exploitation     Espionage           Persistent, on-
 (CNE).                            (military,          going, across a
                                   economic, and       range of sectors
                                   diplomatic),        and targets
                                   cyber IPB of
                                   critical
                                   infrastructure
                                   can provide
                                   important
                                   indicators &
                                   warning of a
                                   broader campaign
                                   and attack plans
                                   (order of battle).
Cyber crime.....................  Theft, ransomware,  SWIFT hack, bank
                                   etc..               and bitcoin
                                                       theft, Wanna Cry
                                                       ransomware
------------------------------------------------------------------------

            the role of the department of homeland security
    Preparing for cyber threats from state actors such as North Korea 
requires a multidimensional response. Accordingly, all elements of 
statecraft--diplomatic, economic, law enforcement, intelligence, 
military, emergency preparedness, and so on--should be considered and 
integrated, as appropriate (including in contingency plans). Whatever 
the Department of Homeland Security (DHS) does, it must be undertaken 
with the preparatory efforts of its various partners in mind--
including, in particular, the Department of Defense and the private 
sector. Actions to protect and enhance the resilience of critical 
infrastructure, moreover, should be undertaken in a manner that 
recognizes, addresses, and integrates the full spectrum of threats, 
from cyber to EMP and beyond. There is a need to begin planning and 
exercising in earnest for various scenarios including EMP--which would 
have impact beyond DHS and U.S. utilities, given the importance of the 
electric grid and its interdependencies with all other ``lifeline'' 
critical infrastructures.
    Policy and programs must not only cohere at the strategic and 
operational levels within DHS, within the interagency, and across the 
public/private sector (to ensure that public and private-sector efforts 
and initiatives are pulling in the same direction). Policy and programs 
must also complement and leverage those of our international allies and 
partners, in order to be maximally effective. Others, beyond the United 
States, could and should do more to contain and crack down on North 
Korea. The United States is already working with South Korea and Japan, 
for example; but, geopolitical complexities must be navigated 
skillfully in order to further pull in other key actors constructively, 
so as to better deal with the challenges at hand. Keep in mind, for 
instance, that as pressure increases on China to pull back from North 
Korea, Russia is stepping into the breach as backstop for Kim Jong-un's 
regime.
    The Department of Homeland Security (DHS) must strategically plan, 
resource, and prepare for the cyber threat posed by North Korea, and it 
must do so in the context of the broader threat posed by that country, 
and as part of the Department's mission writ large, which includes but 
is not limited to the ``.gov'' environment. DHS must also do all of 
this at a time when resources are limited and threats are expanding. 
The challenge, therefore, is to develop and implement programs that are 
not only effective but efficient. The Quadrennial Homeland Security 
Review (QHSR) is one instrument that helps to align strategy 
imperatives with spending parameters, so that both programming and 
underwriting are undertaken wisely. However, in the present ecosystem 
where risks are intensifying, it bears asking (immediately) if the 
current status of DHS programs and plans is sufficient--or whether 
there are things that the Department can and should do differently.
    The National Protection and Programs Directorate (NPPD) of DHS 
provides a range of valuable services to support and protect entities 
directly within its remit (Federal civilian networks) and partners with 
whom the Department collaborates (State, local, Tribal, and territorial 
governments, and the private sector). These services range from 
vulnerability scanning and mitigation guidance, to information sharing 
and malware analysis, to technical assistance and intrusion-/incident-
specific ``hunt'' teams. Importantly, efforts are underway to 
``streamline and elevate'' the NPPD's cybersecurity and critical 
infrastructure mission. These activities, together with the 
multidisciplinary experience and expertise of the Department as a whole 
(e.g., in law enforcement, risk mitigation, and emergency management, 
to name a few), allow DHS to help further National resilience, and 
deter threat actors.\11\
---------------------------------------------------------------------------
    \11\ For additional details, see the written testimony of Acting 
Secretary of Homeland Security Elaine C. Duke, tendered to the Senate 
Committee on Homeland Security and Governmental Affairs (September 27, 
2017), https://www.hsgac.senate.gov/hearings/09/18/2017/threats-to-the-
homeland (see especially pages 9-11).
---------------------------------------------------------------------------
    The Department's work on ``Hidden Cobra'' is a case in point. This 
attack effort by North Korean government actors targeted U.S. 
businesses (including critical infrastructure sectors, financial and 
aerospace companies) using malware and botnet attacks.\12\ Working 
together with the Federal Bureau of Investigation (FBI), DHS provided 
critical infrastructure owners and operators (85 percent are in the 
private sector) with crucial situational awareness in the form an 
alert, attribution, and malware analysis.\13\ In its outreach to 
stakeholders, DHS specified the vulnerabilities that the North Korean 
perpetrators were using, as well as signatures that could be used for/
integrated into response strategies. Importantly, these types of 
network-defense activities can be very effective in countering North 
Korea in particular, which has a massive botnet infrastructure. From 
the standpoint of industry, furthermore, the sort of granular and 
timely information that DHS provided--including the identity of the 
attacker and the tactics, techniques, and procedures (TTPs) used--was 
valuable, as it allowed alerted entities to inoculate themselves 
against certain vulnerabilities (or, at least, to mitigate the 
consequences of breach). In addition to identifying TTPs, DHS, and FBI 
in conjunction with the intelligence community could also provide 
indications & warning (I&W) of potential North Korean target lists/
selection and potential order of battle.
---------------------------------------------------------------------------
    \12\ Tom Spring ``DHS, FBI warn of North Korea `Hidden Cobra' 
strikes against US assets,'' Threatpost (June 14, 2017), https://
threatpost.com/dhs-fbi-warn-of-north-korea-hidden-cobra-strikes-
against-us-assets/126263/.
    \13\ US-CERT Alert (TA 17-164A), ``HIDDEN COBRA--North Korea's DDoS 
Botnet Infrastructure'' (June 13, 2017), https://www.us-cert.gov/ncas/
alerts/TA17-164A.
---------------------------------------------------------------------------
    Hidden Cobra is thus illustrative of the interagency process 
working as it should, with DHS partnering with the Federal community 
for information exchange, in order for DHS to provide real added value 
to its stakeholders. The case also ties together the information-
sharing component with deterrence, in that the DHS alert and subsequent 
prevention/mitigation activity on the part of targeted businesses (and 
the Government) demonstrates to the attacker that the United States is 
both ready and able to take anticipatory (defensive) action against 
adversaries or, if need be, to rebound and show resilience post-attack. 
This evidence of ``a virtuous cycle'' is what DHS can and should build 
upon, so as to generate additional positive momentum that in turn will 
help further fuel its own success. Interagency partners like the Cyber 
Threat Intelligence Integration Center (CTIIC) have already proven to 
be willing and capable partners in upping the U.S. game against cyber 
adversaries: As events unfold, CTIIC brings together information from 
across the Federal cyber community to form a shared picture of the U.S. 
Government's information (both Classified and Unclassified), gaps, and 
actions to inform decision makers who have a role in the response. But 
still, we need to do more, and we need to do better. In this respect, 
we should strive for the DHS equivalent to military planning and 
execution, where all relevant players have a seat at the table pre-
incident and where all concerned are well-positioned to thwart attacks 
and attackers when an incident is underway.
                               conclusion
    Thank you again for this opportunity to testify on this important 
topic.\14\ I look forward to trying to answer any questions that you 
may have.
---------------------------------------------------------------------------
    \14\ I would like to thank the Center's Associate Director Sharon 
Cardash for her help in drafting my prepared testimony.

    Mr. Perry. The Chair thanks the gentleman.
    The Chair now recognizes Mr. Ruggiero--Ruggiero for an 
opening statement. I threw an I in there. I don't know where it 
came from, but I threw it in.

 STATEMENT OF ANTHONY RUGGIERO, SENIOR FELLOW, FOUNDATION FOR 
                     DEFENSE OF DEMOCRACIES

    Mr. Ruggiero. Chairman Perry, Ranking Member Correa, and 
distinguished Members of the subcommittee, thank you for the 
opportunity to address you today on this important issue.
    North Korea's nuclear weapons and missile programs are 
expanding after a decade of failed American policies, and now 
pose a direct threat to the U.S. homeland. Pyongyang has 
threatened our close allies South Korea and Japan, as well as 
the U.S. troops stationed for decades on allied territory.
    The progress of North Korea's program should not be 
surprising since Pyongyang conducted its first nuclear test 11 
years ago. Its long-range missile program has lasted for more 
than 20 years. Pyongyang twice tested an intercontinental 
ballistic missile in July that could target Los Angeles, 
Denver, and Chicago, and possibly Boston and New York. The Kim 
regime tested a massive thermonuclear weapon designed to 
obliterate cities and could be delivered by Pyongyang's long-
range missiles.
    These developments are more concerning when we consider 
that Pyongyang has a proclivity for selling weapons to anyone 
who will pay for them. It has sold items related to nuclear 
weapons, chemical weapons, and ballistic missiles. Among North 
Korea's most troubling relationships are those with Iran and 
Syria. The threat we face is acute and growing. After years of 
strategic patience, the time has come for a policy of maximum 
pressure that actually stands a chance of restraining the North 
Korean threat without resorting to war.
    The Trump administration is pursuing Iran-style sanctions 
to force North Korea to denuclearize. Absent that result, 
protect the United States and its allies from Pyongyang's 
activities. Both critics and supporters of the 2015 nuclear 
deal agree that sanctions were the main driver that brought 
Iran to the negotiating table. Modeled on the successful Iran 
sanctions program, the Trump administration's efforts clarify 
the choice we are asking other countries to make: Do business 
with North Korea or do business with the United States. It 
cannot be both.
    This approach includes diplomatic efforts to convince other 
countries to cut ties with North Korea, reinforced by the 
threat of losing access to the U.S. financial system. The Wall 
Street Journal reported that a year-long effort by the State 
Department resulted in over 20 countries cutting off diplomatic 
or commercial relationships with North Korea.
    In prior testimonies, I detailed flaws in the current 
sanctions regime, including a failure to prioritize the North 
Korea sanctions program and the need to focus on Pyongyang's 
overseas business network, as well as non-North Koreans 
facilitating sanctions of Asia.
    North Korea's shipping network plays a crucial role in 
supporting this evasion, including the prohibited transfer of 
commodities. The Countering America's Adversaries Through 
Sanctions Act contains several provisions for the Department of 
Homeland Security that require it to highlight the role of 
North Korean vessels in illicit transfers and the role of 
third-party countries facilitating these transfers.
    The Department must publish a list of North Korean vessels. 
Treasury's Office of the Foreign Assets Control currently lists 
only 40 vessels as blocked property of North Korean designated 
persons, but our research indicates that more than 140 could be 
linked to North Korea.
    The Department of Homeland Security and other elements of 
the U.S. Government should focus on the activities of North 
Korean linked vessels, including increasing the number of 
entities and individuals sanctioned in the North Korea shipping 
sector, compiling a complete list of vessels linked to North 
Korea, and naming ports in China and Russia that facilitate 
North Korea sanctions of Asia. The urgency of the threat should 
call for the Department to take these actions before the 180-
day grace period granted by the sanctions law is elapsed.
    North Korea's nuclear weapons and missile programs are a 
threat to the U.S. homeland and our allies. There are two basic 
policy options for the United States. One accepts this 
dangerous situation as reality under the false premise that 
North Korea's provocations can be contained or deterred. The 
other path was successful in bringing Iran to the negotiating 
table with crushing sanctions that could force the Kim regime 
to realize the futility of continuing its nuclear weapons and 
missile programs.
    The only peaceful way to protect the U.S. homeland is to 
ensure Kim Jong-un feels the full weight of sanctions 
implemented by the United States and our allies.
    Thank you again for inviting me, and I look forward to your 
questions.
    [The prepared statement of Mr. Ruggiero follows:]
                 Prepared Statement of Anthony Ruggiero
                            October 12, 2017
    Chairman Perry, Ranking Member Correa, and distinguished Members of 
this subcommittee, thank you for the opportunity to address you today 
on this important issue.
    My testimony will begin with a review of North Korea's nuclear- and 
missile-related proliferation activities, followed by a discussion of 
how Iran-style sanctions can sharply increase the amount of pressure on 
Pyongyang. My testimony will conclude with recommendations for how the 
Department of Homeland Security (DHS) should implement its mandate to 
monitor North Korean vessels in order to maximize the impact of 
sanctions.
    North Korea's nuclear weapons and missile programs are expanding 
after a decade of failed American policies and now pose a direct threat 
to the U.S. homeland. Pyongyang has threatened our close allies, South 
Korea and Japan, as well as the U.S. troops stationed for decades on 
allied territory. The progress of North Korea's programs should not be 
surprising since Pyongyang conducted its first nuclear test 11 years 
ago; its weaponization program likely started before then. Its long-
range missile program has lasted for more than 20 years and is 
beginning to show success.
    Pyongyang twice tested an intercontinental ballistic missile (ICBM) 
in July. Both tests were launched in a lofted trajectory to avoid 
overflying Japan. But technical analysis of the second test on July 28 
suggests that North Korean ICBMs could target Los Angeles, Denver, 
Chicago, and possibly Boston and New York.\1\ While an ICBM may reach 
that distance, questions remain about the survivability of Pyongyang's 
missiles during their reentry into Earth's atmosphere, since the 
effectiveness of the heat shields protecting their warheads is 
unknown.\2\ However, it is important not to underestimate North Korea's 
ability to overcome these challenges, since Pyongyang's progress on the 
ICBM program has outpaced the intelligence community's development time 
lines by 2 years.\3\
---------------------------------------------------------------------------
    \1\ David Wright, ``North Korean ICBM Appears Able to Reach Major 
US Cities,'' Union of Concerned Scientists, July 28, 2017. (http://
allthingsnuclear.org/dwright/new-north-korean-icbm)
    \2\ David Wright, ``Reentry Heating from North Korea's July 4 
Missile Test,'' Union of Concerned Scientists, July 7, 2017. (http://
allthingsnuclear.org/dwright/july-4-reentry-heating)
    \3\ Ellen Nakashima, Anna Fifield, and Joby Warrick, ``North Korea 
could cross ICBM threshold next year, U.S. officials warn in new 
assessment,'' The Washington Post, July 25, 2017. (https://
www.washingtonpost.com/world/national-security/north-korea-could-cross-
icbm-threshold-next-year-us-officials-warn-in-new-assessment/2017/07/
25/4107dc4a-70af-11e7-8f39-eeb7d3a2d304- 
_story.html?nid&utm_term=.63b042018d2a)
---------------------------------------------------------------------------
    Kim Jong-un's regime followed its successful ICBM launches in July 
with a massive thermonuclear weapon test on September 3. As part of 
that test, North Korea likely succeeded in detonating a nuclear weapon 
designed to obliterate cities, which could be delivered by its long-
range missiles.\4\ The threat we face is acute and growing. After years 
of passivity justified by the mantra of ``strategic patience,'' the 
time has come for a policy of ``maximum pressure'' that actually stands 
a chance of restraining the threat without resorting to war.
---------------------------------------------------------------------------
    \4\ Anna Fifield, ``In latest test, North Korea detonates its most 
powerful nuclear device yet,'' The Washington Post, September 3, 2017. 
(https://www.washingtonpost.com/world/north-korea-apparently-conducts-
another-nuclear-test-south-korea-says/2017/09/03/7bce3ff6-905b-11e7-
8df5-c2e5cf46c1e2_story.html?utm_term=.17217f662896)
---------------------------------------------------------------------------
                       proliferation concerns \5\
---------------------------------------------------------------------------
    \5\ Additional North Korea proliferation examples cited in: Anthony 
Ruggiero, ``Restricting North Korea's Access to Finance,'' Testimony 
before House Committee on Financial Services, Subcommittee on Monetary 
Policy and Trade, July 19, 2017. (http://www.defenddemocracy.org/
content/uploads/documents/Anthony_Ruggiero_Testimony_HFSC.pdf)
---------------------------------------------------------------------------
    The advances in North Korea's weapons programs are more concerning 
when we consider that Pyongyang has a proclivity for selling weapons to 
anyone who will pay for them. It has sold items related to nuclear 
weapons, chemical weapons, and ballistic missiles. Among North Korea's 
most troubling relationships are those with Iran and Syria.
    Pyongyang and Tehran have a long-standing partnership on missile 
development, including the transfer of ballistic missiles. The 
relationship was serious enough for the Obama administration to 
sanction Iran just a day after implementation of the 2015 nuclear deal 
began. The Treasury Department reported at the time that Iranian 
technicians traveled to North Korea to work on rocket boosters and 
senior officials conducted contract negotiations in Pyongyang.\6\
---------------------------------------------------------------------------
    \6\ U.S. Department of the Treasury, Press Release, ``Treasury 
Sanctions Those Involved in Ballistic Missile Procurement for Iran,'' 
January 17, 2016. (https://www.treasury.gov/press-center/press-
releases/Pages/jl0322.aspx)
---------------------------------------------------------------------------
    North Korea and Iran would both stand to gain by extending their 
cooperation from ballistic missiles to nuclear activities. Pyongyang's 
nuclear weapons testing has produced useful information that scientists 
in Iran would be very interested in. There have also been unconfirmed 
reports of Iranian nuclear scientists at North Korea's nuclear 
tests.\7\ It is unclear how far along Pyongyang's uranium enrichment 
program is, but Iran can conduct advanced centrifuge research under the 
2015 nuclear deal, whose results could be attractive to North Korea.\8\ 
As sanctions on Kim's regime start to bite, it could turn to Iran for 
hard currency in exchange for nuclear technology and knowledge.
---------------------------------------------------------------------------
    \7\ Jeff Daniels, ``North Korea's `No. 2' official strengthens ties 
with Iran as U.N. hits Pyongyang with new sanctions,'' CNBC, August 4, 
2017. (https://www.cnbc.com/2017/08/04/north-korea-officials-visit-to-
iran-could-signal-wider-military-ties.html)
    \8\ Anthony Ruggiero, ``Gauging the North Korea-Iran 
Relationship,'' Foundation for Defense of Democracies, March 8, 2017. 
(http://www.defenddemocracy.org/media-hit/anthony-ruggiero-gauging-the-
north-korea-iran-relationship/)
---------------------------------------------------------------------------
    Supporters of the Iran nuclear deal are likely to dismiss these 
concerns out-of-hand, saying there is no evidence of Iran-North Korea 
nuclear cooperation, but proliferation is hard to detect. One example 
is North Korea's construction of a nuclear reactor in Syria, located in 
an area that would later be controlled by the Islamic State. The 
reactor was built with North Korean assistance and had ``striking 
similarities'' to Pyongyang's plutonium production reactor at 
Yongbyon.\9\
---------------------------------------------------------------------------
    \9\ Gregory L. Schulte, ``Uncovering Syria's Covert Reactor,'' 
Carnegie Endowment for International Peace, January 2010. (http://
carnegieendowment.org/files/schulte_syria.pdf); Robin Wright, ``N. 
Koreans Taped At Syrian Reactor,'' The Washington Post, April 24, 2008. 
(http://www.washingtonpost.com/wp-dyn/content/article/2008/04/23/
AR2008042302906.html)
---------------------------------------------------------------------------
    The lesson North Korea learned from its Syrian adventure was that 
once the United States has committed itself to ``engagement,'' it loses 
the will to punish even the most blatant disregard for international 
norms. Even though North Korea built the Syrian reactor while at times 
pretending to engage in serious denuclearization talks, the Bush 
administration went ahead and removed North Korea from the state 
sponsor of terrorism list in 2008. Since North Korea was not punished 
for constructing a nuclear reactor in Syria, it will likely decide that 
scientific exchanges with Iran or other countries are not likely to be 
detectable and will not be subject to punishment even if they are 
discovered.
    One should also note that North Korea's relationship with Syria 
included the transfer of materiel used for chemical weapons, which is 
especially disturbing given the Assad regime's use of chemical weapons 
on its own population. In 2009, Greece stopped a vessel headed to Syria 
that was suspected of violating North Korea-related U.N. sanctions; 
authorities found 13,000 chemical protective suits manufactured in 
North Korea.\10\ In 2013, Turkey stopped a vessel that originated in 
North Korea; it was carrying 1,400 rifles and pistols, 30,000 rounds of 
ammunition, and gas masks destined for Syria.\11\ The United Nations 
Panel of Experts noted in its September 2017 midterm report that it is 
investigating additional interdictions of North Korean-related vessels 
headed to Syria, as well as continued cooperation between Pyongyang and 
Damascus (including North Korean representatives in Syria), and a 
contract that could include cooperation on chemical weapons, ballistic 
missiles, and conventional arms.\12\
---------------------------------------------------------------------------
    \10\ Joseph S. Bermudez Jr., ``North Korea's Chemical Warfare 
Capabilities,'' 38 North, October 10, 2013. (http://www.38north.org/
2013/10/jbermudez101013/)
    \11\ Barbara Demick, ``North Korea tried to ship gas masks to 
Syria, report says,'' The Los Angeles Times, August 27, 2013. (http://
articles.latimes.com/2013/aug/27/world/la-fg-wn-north-korea-syria-gas-
masks-20130827)
    \12\ United Nations Security Council, ``Midterm report of the Panel 
of Experts established pursuant to resolution 1874 (2009),'' September 
5, 2017. (http://www.un.org/ga/search/view_doc.asp?symbol=S/2017/742)
---------------------------------------------------------------------------
    Another aspect of North Korea's proliferation activities is the 
role China and Russia play in allowing Pyongyang's proliferation 
entities to operate in their respective countries 11 years after the 
first U.N. sanctions were passed. Recent examples came to light when 
Treasury in early June sanctioned a Russian company and individual for 
providing supplies to Korea Tangun Trading Corporation and noted the 
individual is a frequent business partner of Tangun officials in 
Moscow.\13\ Tangun was designated by the United States and United 
Nations in 2009 for its involvement in North Korea's WMD and missile 
programs. In late August, Russia's Gefest-M LLC and its director were 
sanctioned for procuring metals for Tangun's Moscow office.\14\
---------------------------------------------------------------------------
    \13\ U.S. Department of the Treasury, Press Release, ``Treasury 
Sanctions Suppliers of North Korea's Nuclear and Weapons Proliferation 
Programs,'' June 1, 2017. (https://www.treasury.gov/press-center/press-
releases/Pages/sm0099.aspx)
    \14\ U.S. Department of the Treasury, Press Release, ``Treasury 
Targets Chinese and Russian Entities and Individuals Supporting the 
North Korean Regime,'' August 22, 2017. (https://www.treasury.gov/
press-center/press-releases/Pages/sm0148.aspx)
---------------------------------------------------------------------------
    In late August, Treasury sanctioned a Chinese company, Dandong Rich 
Earth Trading Co., Ltd., that purchased vanadium ore from a U.N.- and 
U.S.-sanctioned company, Korea Kumsan Trading Corporation, which is 
tied directly to North Korea's nuclear weapons program.\15\ The United 
Nations prohibited North Korea's exports of vanadium ore in March 
2016.\16\
---------------------------------------------------------------------------
    \15\ Ibid.
    \16\ United Nations Security Council, Resolution 2270, March 2, 
2016. (http://www.un.org/en/ga/search/view_doc.asp?symbol=S/RES/
2270%282016%29)
---------------------------------------------------------------------------
    These examples highlighting Pyongyang's provocations extend beyond 
its nuclear weapons and missile tests to continued operations of its 
proliferation entities and transfer of nuclear-, chemical-, and 
missile-related items. It also underscores why we cannot fall back into 
a period of acceptance of these provocations and must use robust, Iran-
style sanctions to limit these activities.
                          iran-style sanctions
    North Korea says it is not interested in denuclearization, and its 
actions reinforce its words. Pyongyang showed us the ``Map of Death'' 
in 2013 suggesting its nuclear targets are Washington, DC; Hawaii, home 
to Pacific Command; possibly San Diego, home to the Pacific Fleet; and 
possibly San Antonio, home to U.S. Air Force Cyber Command.\17\ Just 
after the July 4 ICBM test, North Korea's state media said that the Kim 
regime would not negotiate away its nuclear weapons or ballistic 
missiles or stop bolstering its nuclear force unless the United States 
ended its ``hostile policy and nuclear threat'' to North Korea.\18\ 
Translation: When Washington abandons its allies in Tokyo and Seoul and 
removes all troops, North Korea might be willing to talk about its 
programs.
---------------------------------------------------------------------------
    \17\ Jeffrey Lewis, ``The Map of Death,'' Foreign Policy, April 3, 
2013. (http://foreignpolicy.com/2013/04/03/the-map-of-death/)
    \18\ ``Kim Jong-un Supervises Test-launch of Inter-continental 
Ballistic Rocket Hwasong-14,'' Korean Central News Agency (North 
Korea), July 5, 2017. (https://kcnawatch.co/newstream/276945/kim-jong-
un-supervises-test-launch-of-inter-continental-ballistic-rocket-
hwasong-14/)
---------------------------------------------------------------------------
    Rather than working to overcome Pyongyang's intransigence, many 
experts call for the acceptance of North Korea as a nuclear weapons 
state and insist that the United States can protect itself with a 
policy of deterrence.\19\ Both nuclear and conventional deterrence are 
essential components of a comprehensive U.S. strategy, yet are not 
effective means of exerting pressure on Pyongyang or preventing 
dangerous provocations. Some suggest the United States has successfully 
deterred Pyongyang, since there has been no second Korean War. 
Nonetheless, North Korea's reckless behavior in recent years has 
included sinking the Cheonan, killing over 40 South Korean sailors, 
maintaining a robust relationship with Iran, building a nuclear reactor 
in Syria that Israel destroyed in 2007, and launching ballistic 
missiles directly over Japan. Unfortunately, this is a short list of 
the limits of deterrence.
---------------------------------------------------------------------------
    \19\ Jimmy Carter, ``Jimmy Carter: What I've learned from North 
Korea's leaders,'' The Washington Post, October 4, 2017. (https://
www.washingtonpost.com/opinions/jimmy-carter-what-ive-learned-from-
north-koreas-leaders/2017/10/04/a2851a9e-a7bb-11e7-850e-2bdd1236be5d_- 
story.html?utm_term=.e5801c8b4261); Fareed Zakaria, ``There's a way out 
on North Korea,'' The Washington Post, September 28, 2017. (https://
www.washingtonpost.com/opinions/theres-a-way-out-on-north-korea/2017/
09/28/4382dfc4-a48a-11e7-b14f-f41773cd5a14_story.html?- 
utm_term=.c0c3153afcc8); William J. Perry, ``To confront North Korea, 
talk first and get tough later,'' The Washington Post, January 6, 2017. 
(https://www.washingtonpost.com/opinions/to-confront-north-korea-talk-
first-and-get-tough-later/2017/01/06/9334aee4-d451-11e6-9cb0-
54ab630851e8_story.html?utm_term=.68cb376d8927)
---------------------------------------------------------------------------
    Some experts suggest the policy of deterrence should be 
complemented by a freeze of North Korea's nuclear weapons and missile 
programs that will lead to a reduction of the threat and roll-back 
elements of the programs. Pyongyang has a history of pocketing the 
incentives it has been offered in exchange for temporary restraints, 
then violating the deals with great haste. While nominally abiding by 
the 1994 Agreed Framework, North Korea developed a covert uranium 
enrichment program. We discussed earlier how Israel destroyed a nuclear 
reactor in Syria built by North Korea during negotiations on its 
nuclear program.
    The Trump administration is pursuing Iran-style sanctions to force 
North Korea to denuclearize and, absent that result, protect the United 
States and its allies from Pyongyang's activities. Both critics and 
supporters of the 2015 nuclear deal agree that sanctions were the main 
driver that brought Iran to the negotiating table. Last month I 
testified before the Senate Committee on Banking, Housing, and Urban 
Affairs, noting that before Congress passed the first North Korea 
sanctions law, sanctions against North Korea were not strong or well-
enforced. Despite the misconception that North Korea is already the 
most-sanctioned country in the world, FDD's research shows that 
Pyongyang was the eighth most-sanctioned country in February 2016 and 
has moved up to fourth behind Ukraine/Russia, Syria, and Iran.\20\
---------------------------------------------------------------------------
    \20\ Anthony Ruggiero, ``Evaluating Sanctions Enforcement and 
Policy Options on North Korea,'' Testimony before Senate Committee on 
Banking, Housing, and Urban Affairs, September 7, 2017. (http://
www.defenddemocracy.org/content/uploads/documents/09-07-17_AR_Senate_- 
Banking_Testimony-1.pdf)
---------------------------------------------------------------------------
    The key aspect of the Iran sanctions model was that it forced 
companies, individuals, banks, and governments in the United States and 
abroad to make a choice: Stop doing business with Iran, or lose access 
to the U.S. dollar and risk the United States freezing their assets and 
labeling them as doing business with a state sponsor of terrorism 
intent on developing a nuclear weapon. The approach worked. Around the 
world, banks, and companies--and eventually governments--curtailed or 
eliminated business with Iran.\21\
---------------------------------------------------------------------------
    \21\ Paul Sonne and Felicia Schwartz, ``U.S. Pressure on North 
Korea's Global Ties Bears Fruit,'' The Wall Street Journal, October 8, 
2017. (https://www.wsj.com/articles/State-department-pressure-on-north-
koreas-global-ties-bears-fruit-1507492004)
---------------------------------------------------------------------------
    Executive Order 13810, issued last month, is the latest in the 
Trump administration's efforts to clarify the choice for countries: Do 
business with North Korea or the United States, it cannot be both.\22\ 
The approach combines diplomatic efforts to convince countries to cut 
ties with North Korea supported by the threat of losing access to the 
U.S. financial system. Those efforts are beginning to work as countries 
are choosing America's $19-trillion economy. The Wall Street Journal 
reported that a year-long effort by the State Department resulted in 
over 20 countries cutting off diplomatic or commercial relationships 
with North Korea.
---------------------------------------------------------------------------
    \22\ Executive Order 13810, ``Imposing Additional Sanctions With 
Respect to North Korea,'' September 20, 2017. (https://
www.treasury.gov/resource-center/sanctions/Programs/Documents/
13810.pdf)
---------------------------------------------------------------------------
    China will play a large role in an effective, Iran-style sanctions 
regime against North Korea, given Beijing's robust economic 
relationship with Pyongyang. Over the last decade, Republican and 
Democratic presidents have pressed China's leadership to implement 
tough sanctions against North Korea, hoping the approach would be 
effective. But Beijing continued to vote for tough U.N. sanctions it 
has not implemented, and allowed its firms, individuals, and banks to 
facilitate North Korea's sanctions evasion.
    The Trump administration has started to address the problem 
directly by targeting Chinese banks that process financial transactions 
through the U.S. financial system on behalf of North Korea and Chinese 
networks that profit from facilitating North Korea's sanctions evasion. 
In particular, the Trump administration has used the Justice and 
Treasury Departments to sanction a Chinese bank, individuals, and 
firms; request that Federal courts return assets illegally processed 
through the U.S. financial system; and request additional fines.\23\
---------------------------------------------------------------------------
    \23\ Six actions against China show a developing pattern: 1) May 
22: damming warrants against Dandong Zhicheng network requiring eight 
U.S. banks to freeze U.S. dollar transactions; 2) June 14: asset 
forfeiture request for $1.9 million from Mingzheng; 3) June 29: 
declaring a Chinese bank (Bank of Dandong) a money launderer for North 
Korea; 4) June 29: designation of two Chinese individuals and entity; 
5) August 22: designation of five Chinese firms and one individual, 
including Dandong Zhicheng network; and 6) August 22: asset forfeiture 
request from the Dandong Zhicheng network. United States of America v. 
All Wire Transactions Involving Dandong Zhicheng Metallic Material 
Company, LTD., et. al. (D.D.C. filed May 22, 2017). (http://
www.dcd.uscourts.gov/sites/dcd/files/BAHMemoandOrder.pdf); United 
States of America v. Funds Associated with Mingzheng International 
Trading Limited, No. 1:17-cv-01166-KBJ (D.D.C. June 14, 2017). 
(Accessed via PACER); Proposal of Special Measure Against Bank of 
Dandong as a Financial Institution of Primary Money Laundering Concern, 
U.S. Department of the Treasury, Financial Crimes Enforcement Network, 
82 Federal Register 31537, July 7, 2017. (https://www.fincen.gov/sites/
default/files/Federal_register_notices/2017-07-07/2017-14026.pdf); U.S. 
Department of the Treasury, Press Release, ``Treasury Acts to Increase 
Economic Pressure on North Korea and Protect the U.S. Financial 
System,'' June 29, 2017. (https://www.treasury.gov/press-center/press-
releases/Pages/sm0118.aspx); U.S. Department of the Treasury, Press 
Release, ``Treasury Targets Chinese and Russian Entities and 
Individuals Supporting the North Korean Regime,'' August 22, 2017. 
(https://www.treasury.gov/press-center/press-releases/Pages/
sm0148.aspx); United States of America v. Funds Associated with Dandong 
Chengtai Trading Limited, No. 1:17-cv-01706 (D.D.C. August 22, 2017). 
(Accessed via PACER)
---------------------------------------------------------------------------
    In late September, Treasury sanctioned 26 North Korean banking 
representatives, including 19 in China; a clear message to Beijing and 
its banks that it must clean up its act or face consequences.\24\ 
Chinese leadership has responded to this pressure with the People's 
Bank of China, its central bank, issuing a directive mandating banks 
stop transactions with North Koreans.\25\
---------------------------------------------------------------------------
    \24\ U.S. Department of the Treasury, Press Release, ``Treasury 
Sanctions Banks and Representatives Linked to North Korean Financial 
Networks,'' September 26, 2017. (https://www.treasury.gov/press-center/
press-releases/Pages/sm0165.aspx)
    \25\ ``China's central bank tells banks to stop doing business with 
North Korea: sources,'' Reuters, September 21, 2017. (http://
www.reuters.com/article/us-northkorea-missiles-banks-china/chinas-
central-bank-tells-banks-to-stop-doing-business-with-north-korea-
sources-idUSKCN1BW- 1DL?il=0)
---------------------------------------------------------------------------
    But Beijing must do more to ensure North Korea cannot use China as 
a hub for its sanctions evasion. Chinese banks should increase scrutiny 
of financial and commercial relationships to identify and stop 
transactions with North Korea. Chinese banks have the financial 
resources to do it, but the Trump administration likely will need to 
sanction additional Chinese banks to reinforce the message, starting 
with fines similar to the approach against European banks for Iran 
sanctions violations.
                         dhs role in sanctions
    In prior testimonies, I detailed flaws in the current sanctions 
regime, including not prioritizing the North Korea sanctions program 
and the need to focus on Pyongyang's overseas business network and non-
North Koreans facilitating sanctions evasion.\26\ North Korea's 
shipping network plays a crucial role in Pyongyang's sanctions evasion, 
including the prohibited transfer of commodities.
---------------------------------------------------------------------------
    \26\ Anthony Ruggiero, ``Restricting North Korea's Access to 
Finance,'' Testimony before House Committee on Financial Services, 
Subcommittee on Monetary Policy and Trade, July 19, 2017. (http://
www.defenddemocracy.org/content/uploads/documents/
Anthony_Ruggiero_Testimony- _HFSC.pdf); Anthony Ruggiero, ``Evaluating 
Sanctions Enforcement and Policy Options on North Korea,'' Testimony 
before Senate Committee on Banking, Housing, and Urban Affairs, 
September 7, 2017. (http://www.defenddemocracy.org/content/uploads/
documents/09-07-17_AR_Senate_Banking_Testimony-1.pdf)
---------------------------------------------------------------------------
    The Countering America's Adversaries Through Sanctions Act (CAASA) 
contains several provisions for the Department of Homeland Security 
that will highlight the role of North Korean vessels in illicit 
transfers and the role of countries that facilitate these 
transfers.\27\
---------------------------------------------------------------------------
    \27\ Countering America's Adversaries Through Sanctions Act, 115 
U.S.C. (https://www.whitehouse.gov/legislation/hr-3364-countering-
americas-adversaries-through-sanctions-act)
---------------------------------------------------------------------------
    CAASA amends the Ports and Waterways Safety Act by requiring the 
Secretary of Homeland Security to publish a list of vessels ``owned or 
operated by or on behalf of the Government of North Korea or a North 
Korean person.''\28\ Even though Treasury's Office of Foreign Assets 
Control currently lists only 40 vessels as blocked property of North 
Korean-designated persons, FDD research indicates that more than 140 
could be linked to North Korea. The Department of Homeland Security, in 
consultation with other relevant agencies, should take an expansive 
view of the legal requirement to name North Korean-linked vessels, 
including those owned and/or managed by non-North Korean front 
companies. Pyongyang has extensive experience hiding its involvement in 
the commercial and financial sectors, a practice that likely extends to 
the shipping sector.
---------------------------------------------------------------------------
    \28\ Ibid.
---------------------------------------------------------------------------
    The law requires the list to contain vessels owned by countries: 
(1) Whose sea ports are not implementing U.N. shipping sanctions or 
facilitate the transfer of cargo prohibited by the United Nations; and 
(2) are identified by the president as not complying with applicable 
U.N. sanctions.\29\ This provision will be crucial, as China and Russia 
have allowed North Korean-linked vessels to continue to transfer 
prohibited materials. Beijing and Moscow will need to increase their 
inspection of North Korea-linked vessels to ensure compliance with U.N. 
shipping sanctions, including verifying Pyongyang is not importing or 
exporting prohibited materiel or commodities. Treasury Assistant 
Secretary Marshall Billingslea highlighted this challenge in testimony 
on September 12 before the House Foreign Affairs Committee. Billingslea 
noted that North Korean vessels transferred North Korean coal to China 
after turning off its vessel identification systems, a highly 
suspicious action. North Korean vessels have also used Russian ports to 
transfer North Korean coal between vessels to further obscure its 
shipment to China.\30\
---------------------------------------------------------------------------
    \29\ Ibid.
    \30\ Marshall Billingslea, ``Sanctions, Diplomacy, and Information: 
Pressuring North Korea,'' Testimony before House Foreign Affairs 
Committee, September 12, 2017. (http://docs.house.gov/meetings/FA/FA00/
20170912/106389/HHRG-115-FA00-WState-BillingsleaM-20170912.pdf)
---------------------------------------------------------------------------
    The Department of Homeland Security and other elements of the U.S. 
Government must focus on the activities of North Korean-linked vessels, 
including increasing the number of entities and individuals sanctioned 
in North Korea's shipping sector, compiling a complete listing of 
vessels linked to North Korea, and naming ports in China and Russia 
that facilitate North Korea's sanctions evasion. The urgency of the 
threat calls for the Department to take these actions before the 180-
day period granted by CAASA has elapsed.
                               conclusion
    North Korea's nuclear weapons and missile programs are a threat to 
the U.S. homeland and our allies. There are two policy options: One 
accepts this dangerous situation as reality under the false premise 
that North Korea's provocations can be contained or deterred. The other 
path was successful in bringing Iran to the negotiating table with 
crushing sanctions that could force the Kim regime to realize the 
futility of continuing its nuclear weapons and missile programs. The 
only peaceful way to protect the U.S. homeland is to ensure Kim Jong-un 
feels the full weight of sanctions implemented by the United States and 
our allies.
    On behalf of the Foundation for Defense of Democracies, I thank you 
again for inviting me to testify and I look forward to addressing your 
questions.

    Mr. Perry. The Chair thanks the gentleman.
    The Chair now recognizes Mr. Terrell for an opening 
statement.

STATEMENT OF PATRICK R. TERRELL, SENIOR RESEARCH FELLOW, CENTER 
FOR THE STUDY OF WEAPONS OF MASS DESTRUCTION, NATIONAL DEFENSE 
                           UNIVERSITY

    Mr. Terrell. Chairman Perry, Ranking Member Correa, 
distinguished Members of the subcommittee, it is my honor today 
to testify on the North Korean WMD threats to the homeland. The 
views expressed in this testimony are my own and do not reflect 
those of the National Defense University or the Department of 
Defense.
    We do not yet face a clear and present existential threat 
to the American homeland from North Korea, but it is getting 
closer each day. The threat will be very real very shortly, but 
it is nevertheless potentially manageable.
    Today, North Korea possesses nuclear, chemical, and 
potentially biological weapons that can be unleashed directly 
or through others against U.S. vital interests abroad and in 
the homeland.
    Under Kim Jong-il and Kim Jong-un--or Kim Il-sung and Kim 
Jong-il, nuclear weapons development progressed at a steady 
pace, a very deliberate pace. With Kim Jong-un, we have seen 
this extreme increase in pace of intermediate and 
intercontinental ballistic missile testing and nuclear weapons 
testing, to include the most recent one in September. This 
acceleration has North Korea on the verge of a functional road-
mobile ICBM capable of delivering nuclear weapons to the 
continental United States.
    While questions remain about the overall trajectory of the 
program, North Korea could have, by some estimates, enough 
fissile material for up to 60 nuclear weapons. Not all of those 
will be their most sophisticated design, but they could still 
be employed. Whatever miniaturized warheads they have managed 
to manufacture to this point could be used against Guam and the 
continental United States. While the reliability, accuracy, and 
survivability is questionable, we should expect that North 
Korea could endeavor to use these weapons in a time of crisis.
    Additionally, North Korea maintains a large stockpile of 
chemical warfare agents, probably mostly consisting of blister 
and nerve agents which, while intended for warfighting, the 
Korean geography supports strategic employment against the 25 
million people living in the greater Seoul metropolitan area, 
which would almost assuredly result in exposure to some of the 
140,000 American citizens living in South Korea, and raise the 
potential for the need of returned chemical casualties to 
United States for long-term care.
    The assassination of Kim Jong-nam with VX in Kuala Lumpur 
this February demonstrated North Korea's ability to transport 
and use chemical weapons overseas. While we know far less about 
their biological weapons program, it is believed that given the 
infrastructure that they possess within North Korea, they can 
conduct research and development and possibly produce small 
batches of biological agents.
    North Korea's long history of shipping conventional arms, 
drugs, and counterfeit money could facilitate attempts to move 
chemical or biological weapons into the U.S. homeland for 
attack. While not on the scale achievable in South Korea, they 
could be impactful enough to foment fear. While no one has 
clear insights into Kim Jong-un's thinking, we can surmise he 
has two primary objectives: His personal survival and the 
continued existence of a Kim-led regime. To that end, watching 
Iraq and Libya could reinforce his belief that he is more 
likely to remain in power by demonstrating a credible 
operational WMD capability intended to deter attack on the 
Korean peninsula.
    We also know North Korea remains intent on breaking our 
alliance system in Asia, and believes that threats to the 
homeland will cause United States to abandon South Korea and 
Japan during a time of crisis. We also know that both Kim Jong-
un and his father believed they could manage provocations in 
the escalation, and that by possessing a nuclear weapon, he 
believes that the U.S. threshold for war may be heightened, 
allowing him to be more provocative and belligerent.
    So what can we do about this? The pressure campaign must 
remain global. We must strengthen our homeland and develop a 
modern approach to deterrence. Regional economic links and 
military posture are essential to demonstrating U.S. presence 
as a transpacific leader. Financial diplomatic and 
informational pressures in other regions of the world must be 
applied to cut off potential trading partners.
    Next, the United States must protect all of our territory 
from North Korean attacks and respond should one occur. Many of 
the actions the Department of Defense, Department of Homeland 
Security, and others have taken to prepare for WMD attack by 
terrorists would also apply to North Korean attacks against the 
homeland. We must enhance our nuclear preparedness to include 
planning for and exercising responses to large-scale attacks, 
perhaps with multiple nuclear weapons.
    I am not sure we have fully grasped how difficult the 
logistics and coordination will be for immediate life-saving 
actions, short-term relief efforts, and long-term rebuilding 
following multiple nuclear detonations, particularly if one is 
2,500 miles away in Hawaii or over 6,000 miles away in Guam.
    Finally, we need to tailor a deterrent approach for the 
unique challenge of North Korea. Kim Jong-un must understand 
that any conflict with the United States will end his regime 
and he will be denied the effects he is seeking to achieve. He 
should see how his nuclear threats strengthen our alliance. 
Resolve is demonstrated not by words, but by deeds: Proper 
resourcing, training, and exercising of our response forces; 
demonstrating our ballistic missile defenses; hardening our 
critical infrastructure against attack; and possessing a ready, 
reliable, and survivable nuclear triad.
    Again, thank you for this opportunity, and I look forward 
to your questions.
    [The prepared statement of Mr. Terrell follows:]
                Prepared Statement of Patrick R. Terrell
                            October 12, 2017
    Chairman Perry, Ranking Member Correa, and distinguished Members of 
the subcommittee: It is my honor to testify on the weapons of mass 
destruction threat posed to the United States by North Korea. The views 
expressed in this testimony are my own and do not reflect those of the 
National Defense University or the Department of Defense.
    As to the seriousness of the dangers posed by the North Korean WMD 
arsenal to the U.S. homeland I would say, ``We do not yet face a clear 
and present existential threat to the American homeland, but we are 
getting closer each day. The threat will be very real very shortly--but 
it is nevertheless potentially manageable if we take the appropriate 
steps.''
    North Korea is not a new threat that has suddenly developed; the 
United States has been dealing with North Korea for 67 years. For most 
of that time, the challenges posed by North Korea remained isolated to 
the Korean peninsula and northeast Asia. Then particularly after the 
fall of the Soviet Union, North Korean arms sales particularly in the 
Middle East and African turned them into a global proliferation concern 
aiding other rogue regimes, such as Syria and Iran. With respect to 
North Korean WMD development, the North Korean leadership has long 
recognized the conventional military advantage the United States-
Republic of Korea alliance maintains on the land, in the sea, and in 
the air. Therefore, Kim Il-Sung looked to develop asymmetric 
advantages, first through the development of chemical and possibly 
biological weapons, and subsequently through its extensive nuclear and 
missile programs.
                                nuclear
    Over the past 40 years, North Korea has invested heavily in the 
development of ballistic missiles and nuclear weapons as a strategic 
capability. Additionally, the ballistic missile program provides real 
warfighting capabilities and a commodity that generates income for the 
State and the nuclear weapons program through sales to a myriad of 
countries to include Syria and Iran.
    In May 2016, Kim Jong-un established the nuclear weapons program 
and economic growth as the two pillars of North Korean strength.\1\ 
Under Kim Jong-un's leadership, North Korea's intermediate range 
ballistic missiles (IRBM) and intercontinental ballistic missile (ICBM) 
testing has increased in frequency and success. While it may seem like 
a normal action for a nation to ``develop, test, verify, and then 
field'' a missile program, it is a shift for North Korea, which had 
previously fielded entire systems with little or no testing. Such a 
shift marks a change from North Korea being concerned about the 
appearance of its missile programs to being concerned about its 
efficacy of its missiles. The takeaway from the 77 tests since January 
2014 (compared to 36 in the preceding 29 years) is that Kim Jong-un, 
unlike his father, has not been afraid to fail, sometimes even 
catastrophically, which has been the key to learning and advancement in 
the missile program in order to reach key operational thresholds.\2\
---------------------------------------------------------------------------
    \1\ James Pearson, ``North Korea Leader Kim Sets Five-Year Economic 
Plan, Vows Nuclear Restraint,'' Reuters, May 8, 2016, http://
www.reuters.com/article/us-northkorea-congress-idUSKCN0XY0QB.
    \2\ Nuclear Threat Initiative, The North Korean Missile Test 
Tracker, http://www.nti.org/analysis/articles/cns-north-korea-missile-
test-database/, accessed October 10, 2017.
---------------------------------------------------------------------------
    For many years under Kim Il-sung and Kim Jong-il, the nuclear 
weapons development process moved along at a deliberate pace. This 
offered opportunities for the United States to attempt to negotiate a 
halt to its progress through trade-offs and incentives. The nuclear 
tests in 2006 and 2009 acted as an inflection point in the 
international community's efforts to halt the nuclear program. Since 
Kim Jong-un has taken power, North Korea has conducted four tests, with 
the September 3, 2017 test having a yield of roughly 140 kilotons, or 
nearly ten times larger than the bomb dropped on Hiroshima.\3\
---------------------------------------------------------------------------
    \3\ Panda, Ankit, ``US Intelligence: North Korea's Sixth Test Was a 
140 Kiloton `Advanced Nuclear' Device'', The Diplomat, September 6, 
2017, https://thediplomat.com/2017/09/us-intelligence-north-koreas-
sixth-test-was-a-140-kiloton-advanced-nuclear-device/.
---------------------------------------------------------------------------
    These recent and successful ballistic missile and nuclear weapons 
tests suggest that North Korea is close to completing the development 
of a functional road-mobile ICBM capable of delivering a nuclear 
warhead to the continental United States. There are still several 
questions about the program ranging from ``how many ICBMs does Kim 
Jong-un plan to build'', to ``how will North Korea control and 
safeguard the arsenal'', and ``will North Korean behavior change''. We 
should remember that North Korea has been working at this for quite 
some time and while estimates range from 10 to 12 weapons to 30 to 60 
weapon, the important point is Kim Jong-un is beyond having a weapon he 
can brandish, but now has a growing stockpile and he will develop a 
doctrine to employ it.\4\ \5\ Not all weapons will use their most 
sophisticated designs, but it is almost a certainty that, if it 
chooses, North Korea can employ nuclear weapons today. This use could 
take multiple forms, such as defensively within North Korea or on 
short-range missiles against targets in South Korea or Japan or by 
cargo ship or plane to other locations within the surrounding region. 
North Korea could use whatever miniaturized warheads they have on 
intermediate range Hwasong-12 IRBMs capable of reaching Guam or on 
Hwasong-14 ICBMs capable of reaching the Continental United States. 
While the reliability, accuracy, and survivability upon reentry of the 
fully-mated system is questionable, North Korea could still mount and 
attempt to deliver such munitions in times of crisis.
---------------------------------------------------------------------------
    \4\ Deb Riechmann and Matthew Pennington, ``Here's Why It's Hard to 
Pin Down the Actual Size of North Korea's Nuclear Arsenal'', Time, 
August 18, 2017, http://time.com/4906219/north-korea-nuclear-weapons-
how-many/.
    \5\ Shane Smith, ``North Korea's Nuclear Futures Series: North 
Korea's Evolving Nuclear Strategy'', AUGUST 2015, http://
www.38north.org/2015/08/nukefuture082415/.
---------------------------------------------------------------------------
                                chemical
    North Korea maintains a large, operationally-ready stockpile of 
persistent and non-persistent chemical warfare agents capable of 
delivery via artillery, rockets, missiles, and aerial bombs. The 
program probably consists of the traditional chemical warfare agents 
mustard, lewisite, and both G-series and V-series nerve agents and fits 
the profile of a warfighting chemical weapons program intended for 
defensive and offensive employment along the demilitarized zone and 
against U.S. and ROK airbases and seaports to halt or slow down the 
flow of reinforcements and logistics.\6\ \7\ The geography of the 
Korean peninsula allows for a strategic employment of chemical weapons 
against unprotected civilians by long-range artillery in the Kaesong 
Heights against the 25 million people in Seoul and by ballistic 
missiles further north against other South Korean cities, such as 
Busan. This type of chemical weapons use by North Korea during a 
conflict in Northeast Asia would almost assuredly result in casualties 
to some of the 140,000 American citizens living in the Republic of 
Korea. These casualties would be not only U.S. Service Members, but 
also family members, Americans working abroad and traveling as 
tourists. The total number of civilians the United States could be 
required to evacuate could swell to 230,000, with some being 
potentially chemical casualties requiring transportation to the United 
States for long-term care. While the military would do everything 
possible to prevent the unintentional transfer of contaminated 
materials to the United States, there will be a need for close 
coordination with Customs and Border Protection, the Environmental 
Protection Agency, and State regulators.
---------------------------------------------------------------------------
    \6\ ``North Korea: Chemical Program,'' Nuclear Threat Initiative, 
Last modified December 2015, http://www.nti.org/learn/countries/north-
korea/chemical/.
    \7\ Emma Chanlett-Avery et. al, ``North Korea: U.S. Relations, 
Nuclear Diplomacy, and Internal Situation,'' Congressional Research 
Service, January 15, 2016, pg. 13.
---------------------------------------------------------------------------
    Of particular interest to the Departments of Homeland Security, 
Commerce, State, and Justice is the latest development regarding North 
Korea's chemical weapons program--and most brazen proof of the 
program's existence: The use of VX nerve agent to assassinate Kim Jong-
nam in Kuala Lumpur, Malaysia on February 13, 2017. This attack 
indicates a willingness to use chemical weapons in unconventional ways 
and an ability to transport chemical agents across borders without 
being caught.\8\ North Korea has a long-established history of using 
front companies and their embassies to proliferate conventional arms, 
drugs, and counterfeit money. North Korea could use these same 
connections to transport chemical weapons through the Middle East, 
Africa, or South America to agents in the U.S. homeland or to sell 
chemical weapons to violent extremists who could then attack American 
interests globally. While North Korea's goal presumably would be to 
achieve a greater impact than a single assassination, they would not be 
able to achieve an attack in any way close to the scale of massed 
artillery fire into Seoul; however, they could still disrupt daily 
American life, and create mass panic and fear.
---------------------------------------------------------------------------
    \8\ Executive Council Decision (EC-84/DEC.8), Organization for the 
Prohibition of Chemical Weapons (OPCW), March 9, 2017, https://
www.opcw.org/fileadmin/OPCW/EC/84/en/ec84dec08_e_.pdf.
---------------------------------------------------------------------------
                               biological
    We know far less about North Korea's biological weapons program. 
Even though it is a member of the Biological and Toxins Weapons 
Convention, it is believed to maintain the ability to conduct research 
and possibly produce some small amounts of biological agents.\9\ 
Attempts by North Korea to smuggle biological agents into the United 
States would be challenging. Unlike chemical weapons, where the chief 
concern of the smuggler is with the shipping container breaking or 
leaking, with biological pathogens the virus or bacteria must be kept 
alive during transportation. A viable biological agent dissemination 
method must also be available. Biological agents, particularly toxins, 
have proven useful in assassinations, but to date they have not proven 
to be effective, nor necessarily sought after, for large-scale attacks.
---------------------------------------------------------------------------
    \9\ North Korea: Biological Program, Nuclear Threat Initiative, 
December 2015, http://www.nti.org/learn/countries/north-korea/
biological/.
---------------------------------------------------------------------------
                     north korean rationale for wmd
    When considering the threat posed, it is important to understand 
why North Korea believes they need weapons of mass destruction. While 
no one possess reliable insight into what or how Kim Jong-un thinks, we 
can reasonably surmise that his primary objective remains--and will 
remain--his personal survival and the continued existence of a Kim-led 
regime. To that end, watching the demise of Saddam Hussain and Muammar 
Gaddafi could have led him to believe that he is more likely to remain 
in power by retaining an operational nuclear and chemical weapons 
capability to deter attack by the Republic of Korea and the United 
States. In order for North Korea to establish a deterrent, it must 
demonstrate a credible capability consisting of accurate and reliable 
missiles fitted with functional nuclear warheads. In the North Korean 
view, the fielding of this capability will change past rhetoric about 
attacking the United States into a real deterrent message. Therefore, 
we should not expect Kim Jong-un to halt his development until he feels 
he has adequate weapons systems to impose enough cost on the United 
States that we will not attempt a regime change. Since this is all 
about his perception of a U.S. threshold, he may have no realistic view 
of what size arsenal he needs. Therefore, it is difficult to predict 
how many nuclear weapons North Korea could eventually possess.
    Next, we know North Korea is intent on decoupling the United States 
from the Republic of Korea and ultimately breaking the U.S.-ROK 
alliance. Kim Jong-un likely believes that by placing our homeland at 
risk, the United States will abandon South Korea should a conflict 
arise, or at least be too pre-occupied with homeland defense to 
adequately reinforce the Korean peninsula. To support this effort, 
North Korea has released propaganda videos showing attacks against 
major U.S. cities and key military bases. They understand the military 
utility in preventing U.S. forces from reaching Korea and they believe 
that the U.S. Government is unwilling to trade Los Angeles or Seattle 
for Seoul. While there have been countless heinous acts committed by 
the Kim dynasty, in retrospect its foreign policy over the past 20 
years has proven to have a certain rationality. Kim Jong-il used 
provocations to garner international assistance and Kim Jong-un uses 
provocations to shore up domestic support. Both father and son believed 
they could manage the level of escalation and end the provocation cycle 
before crossing a threshold that would lead to war. From Kim Jong-un's 
perspective, he may believe possessing nuclear weapons raises the U.S. 
threshold for war and allows him political space to engage in greater 
provocative actions in the region. Therefore, it is very possible that 
the United States will face an even more emboldened and belligerent 
North Korea.
    Given these assumptions on North Korea's strategic aims and views 
on provocations, the challenge becomes, ``What will lead to North 
Korean WMD employment and what does this mean for homeland security? 
Will Kim Jong-un only use nuclear weapons in a first strike and if so 
what indications will we have that he is planning an attack? What will 
be Kim Jong-un's priority targets for nuclear weapons employment?'' 
Aspects of these answers are tied to how the United States reacts to 
the threat.
                   so what can the united states do?
    The U.S. approach must be multi-faceted and include global 
isolation of North Korea, a strengthened homeland, and a modern 
approach to deterrence. Beginning overseas, the United States economic 
links and military posture are essential to demonstrate to North Korea 
and our allies U.S. permanency as a trans-Pacific leader. While 
sanctions against North Korean elites are important to raising pressure 
inside Pyongyang, financial, diplomatic, and informational pressure 
must be applied to cut off potential licit and illicit trading partners 
around the world. The Kim regime provides ample evidence that the 
United States can use to influence all legitimate governments or 
businesses to choose to forego any commercial or political support of 
North Korea.
    Next, the United States must be prepared to protect all of our 
territory from a North Korean attack and respond should one occur. 
Ballistic missile defense is an important part of our overall strategy 
as it provides a layer of protection, but as with any shield, it is not 
perfect. The technological challenges associated with shooting down 
missiles in flight and the shear scope of trying to stay ahead of a 
rapidly-growing threat are enormous. This is an area that I know 
garners a lot of attention in both the House and Senate and I admit to 
not being an expert in this field, so I encourage you to meet with the 
right experts on what more can or should be done.
    Many of the actions the United States has taken domestically to 
prepare for the risks associated with a terrorist chemical or 
biological weapons attack would also help in the event of a covert 
attack by North Korea. However, we should continue to review and 
enhance our nuclear preparedness posture. For instance, our current 
preparedness planning assumes single small-scale terrorist devices; we 
should plan for and exercise responses to larger-scale attacks, perhaps 
with multiple nuclear weapons, that would quickly overwhelm our ability 
to manage the consequences of such a campaign. We saw how difficult it 
was to respond to the three hurricanes that recently struck U.S. 
territory only weeks apart. While it is easy to say, ``America can do 
anything'', I am not sure we have really grasped how difficult it would 
be to deal with three nuclear detonations on the homeland. This 
response would require a level of Federal, State, and local 
coordination never seen before. A different yet equally difficult 
response would be an attack against Guam or Hawaii. Responses to either 
of these islands would require immediate life-saving actions, short-
term relief efforts and long-term rebuilding. All three of those areas 
can easily be crippled by the realities of time, distance, and the 
limitation of moving most logistics by ship.
    As with past and current deterrence challenges, such as with the 
Soviet Union during the cold war and Russia and China today, the United 
States should take this threat seriously, but not overreact. We have to 
tailor our deterrent approach to the unique challenge North Korea poses 
with nuclear, chemical, and potentially biological weapons programs 
capable of being employed against U.S. vital interests both abroad and 
in the homeland. Global isolation, ballistic missile defense, and 
domestic preparedness are all vital to deterring North Korea. Kim Jong-
un must understand that any conflict with the United States or our 
allies will cost him the things he holds most valuable and that the 
United States will deny him the effects he seeks to achieve. Rather 
than seeing nuclear threats against the United States as a means to 
separate our alliances, he should see how it strengthens our alliances 
and our resolve. Such resolve is demonstrated not with words, but by 
deeds: Proper resourcing, training, and exercising of our response 
force; exercising our local, State, and National response frameworks; 
demonstrating our ballistic missile defenses; ensuring that our 
critical infrastructure is hardened against the effects of a nuclear 
attack; and finally possessing a ready, reliable, and survivable 
nuclear triad.
    Chairman Duncan, Ranking Member Correa, thank you for the 
opportunity to share my views with the subcommittee and I look forward 
to your questions.

    Mr. Perry. The Chair thanks Mr. Terrell.
    The Chair now recognizes Mr. Greene for an opening 
statement.

 STATEMENT OF JEFF GREENE, SENIOR DIRECTOR, GLOBAL GOVERNMENT 
            AFFAIRS AND POLICY, SYMANTEC CORPORATION

    Mr. Greene. Chairman Perry, Ranking Member Correa, thank 
you for the opportunity to be here today.
    We have been tracking the Lazarus Group, which the U.S. 
Government has linked to North Korea for over 5 years, and have 
watched as their targets have evolved and their technical 
skills have improved. Lazarus is different from other attack 
groups that have been linked to nation-states in several ways.
    First, their attacks are unusual both in the breadth of 
their targets and in the goals of the attack itself. Second, 
Lazarus shows little hesitation to engage in activity that 
other groups might take pause. Finally, Lazarus targets a 
variety of disparate industries, many simultaneously, and is 
very quick to move from target to target. Their technical 
capabilities have improved dramatically over the past few 
years, and we view them as above average in overall capability 
and actually expert in some areas. In particular, their skill 
to conducting reconnoissance operations, and the quality of the 
malware that they developed has improved dramatically in the 
past few years.
    The combination of this increased quality malware and new 
steps they have been taking in operational security will likely 
make it harder in the future to connect operations back to 
Lazarus.
    In other areas, though, Lazarus has made fairly simple 
mistakes that have at times hampered their ability to complete 
an operation. These are usually, however, relatively basic, and 
we don't expect to see them making the mistakes in the future, 
given their demonstrated adaptability.
    They have been connected to attacks in a wide variety of 
sectors from the entertainment industry, to critical 
infrastructure, to Government systems, to the financial sector 
and to the defense base. Unlike other groups that have been 
publicly connected to nation-states, Lazarus has attacked 
individual internet users en masse. Their methods run the 
gamut, and includes denial-of-service, highly targeted and 
sophisticated intrusions, destructive attacks, and the use of 
ransomware.
    You both mentioned in your opening statement the theft of 
$81 million dollars from the Bangladesh Central Bank in 2016, 
but that is only part of the story. They actually targeted as 
much as a billion dollars, and but for a fairly simple mistake 
might have gotten away with it. They exploited weaknesses in 
the bank's security to infiltrate the network and steal 
credentials and then initiated fraudulent transfers. This was a 
well-planned and sophisticated attack.
    To cover their tracks, they installed malware, which 
printed doctored confirmation receipts, so the folks in 
Bangladesh didn't know what was going on. The fraud was 
detected because they actually misspelled the names of the 
recipients of one of the fraudulent transfers, which led to 
inquiries.
    Another Lazarus connected attack is the WannaCry ransomware 
outbreak that happened in May. This was fairly significant. 
Within the first hours, the National Health Service in the 
United Kingdom was taken down and the Spanish telecom provider 
Telefonica was impacted. WannaCry itself was unique and 
dangerous because it propagated autonomously. It was the first 
ransomware as a worm that has had global impact.
    But while WannaCry was very good at infecting computers and 
encrypting data, it was really bad at collecting ransom. 
Because of some fairly simple coding errors, the attackers as 
yet do not appear to have actually collected the ransom that 
was paid by some of the victims.
    Finally, you both mentioned, I believe, the Sony attack. 
This is probably the best-known Lazarus incident out there. It 
was late 2014, they were hit with malware that disabled 
networks, destroyed data, and stole emails. Most of the media 
attention after this was focused on the salaries of respective 
movie stars and other salacious details. But from a 
cybersecurity standpoint, the big story here was the permanent 
destruction in the United States of a significant number of 
computers and servers. By one report, the attack impacted as 
much as three-quarters of Sony's systems in Sony Pictures' 
headquarters. The FBI, as you probably know, and the DNI 
attributed this attack to the North Korean government. Our 
technical analysis has linked Sony to numerous other attacks, 
including the Bangladesh bank heist, WannaCry ransomware, Dark 
Soul, which was destructive attacks in Korea in 2011, the 
Polish bank heist that Mr. Cilluffo mentioned.
    In sum, Lazarus is an aggressive and increasingly 
sophisticated attack group that has a demonstrated willingness 
to disrupt networks, steal money, and destroy computers and 
data. Unlike other major attack groups, which typically focus 
on one sector or even one industry, Lazarus has shown no such 
limitations. As a result, everyone has to assume that they 
could be a target of Lazarus and prepare accordingly.
    Thank you for the opportunity to be here, and I am happy to 
take any questions.
    [The prepared statement of Mr. Greene follows:]
                   Prepared Statement of Jeff Greene
                            October 12, 2017
    Chairman Perry, Chairman McCaul, Ranking Member Correa, Ranking 
Member Thompson, my name is Jeff Greene and I am the senior director, 
global government affairs and policy at Symantec. I am responsible for 
Symantec's global public policy agenda and government engagement 
strategy, and represent the company in key public policy initiatives 
and partnerships. I also serve as a member of the National Institute of 
Standards and Technology's (NIST) Information Security and Privacy 
Advisory Board (ISPAB), and recently supported the President's 
Commission on Enhancing National Cybersecurity. I have worked on the 
House and Senate Homeland Security Committees, and immediately prior to 
joining Symantec I served as senior counsel with the Senate committee 
focusing on cybersecurity and homeland defense issues.
    Symantec Corporation is the world's leading cybersecurity company, 
and has the largest civilian threat collection network in the world. 
Our Global Intelligence NetworkTM tracks over 700,000 global 
adversaries and is comprised of more than 98 million attack sensors, 
which record thousands of events every second. This network monitors 
over 175 million endpoints located in over 157 countries and 
territories. Additionally, we process more than 2 billion emails and 
over 2.4 billion web requests each day. We maintain nine Security 
Response Centers and six Security Operations Centers around the globe, 
and all of these resources combined give our analysts a unique view of 
the entire cyber threat landscape.
    Symantec has been tracking the Lazarus group for over 5 years, and 
we have watched as their targets have evolved and their technical 
skills have improved. Over the years we have linked numerous attacks to 
Lazarus, including the attack on Sony Pictures, the Bangladesh Central 
bank heist, and the recent WannaCry ransomware outbreak. The United 
States Government has publicly attributed the attack on Sony to the 
Democratic People's Republic of Korea.
    In my testimony I will provide an assessment of the Lazarus group's 
technical capabilities and provide an overview of several attacks that 
we have connected to them. As an initial matter, however, I want to 
offer a few high-level observations on Lazarus:
   First, their attacks are unusual both in the breadth of 
        their targets and the goals of their attacks.
   Second, Lazarus shows little hesitation to engage in 
        activity that might give other attack groups pause.
   Finally, Lazarus targets a variety of disparate sectors, 
        many simultaneously, and is very quick to move from target to 
        target.
    Lazarus' technical capabilities have improved dramatically in 
recent years, and we now view them as above-average in overall skills, 
and expert in some areas. In particular, Lazarus has shown excellent 
skills when conducting reconnaissance and researching operations, and 
over the past 3 to 4 years the quality of the malware they are 
producing has increased dramatically. Higher-quality malware is harder 
to detect, and this coupled with Lazarus' improving operational 
security steps could make it harder to connect future attacks with the 
group. The group is also a prolific developer of malware--while other 
highly sophisticated attack groups have a tendency to rely on a single 
malware family for a sustained campaign, Lazarus is more likely to use 
a unique (but less complex) piece of malware for each effort without 
concern for it being discovered within a shorter time frame so long as 
they achieve a specific end.
    In other areas, Lazarus has shown a lack of overall ability that 
has at time hampered its ability to complete an operation successfully. 
Specifically, the WannaCry attacks yielded no apparent financial gain 
because the collection component was not set up properly, and the 
attack on the Bangladesh Central Bank was discovered and halted due to 
a typographical error. Unfortunately, these are relatively simple 
errors to correct and given Lazarus' ability to adapt and improve in 
recent years they are unlikely to repeat them in future operations.
    Lazarus has been connected to attacks on a wide variety of 
sectors--from the entertainment industry to critical infrastructure to 
government systems to the financial sector. And unlike other groups 
that have been publicly connected to nation-states, Lazarus has 
attacked individual end-users of the internet. Lazarus' methods have 
also run the gamut, and include denial-of-service attacks, highly 
targeted (and highly sophisticated) intrusions, destructive attacks, 
and the use of ransomware. Below I will address three specific 
campaigns.
                     bangladesh central bank theft
    In early 2016, Lazarus stole $81 million from Bangladesh's central 
bank--and but for a typographical error might have made off with as 
much as $1 billion. They exploited weaknesses in the bank's security to 
infiltrate its network and steal its Society for Worldwide Interbank 
Financial Telecommunication (SWIFT) credentials, allowing them to 
initiate fraudulent transfers (it is important to recognize that SWIFT 
itself was not compromised; the attackers used stolen credentials to 
initiate fraudulent transactions).
    This was a well-planned, sophisticated attack: In order to cover 
their tracks, the attackers used malware to doctor the bank's printed 
confirmation messages to delay discovery of the transfers. They also 
began their attack at the start of a long weekend to reduce further the 
likelihood of a quick discovery. Once they obtained the bank's SWIFT 
credentials, the group made several transfer requests to the Federal 
Reserve Bank of New York for it to transfer the Bangladesh bank's 
money, primarily to locations in the Philippines and Sri Lanka. Four 
requests to transfer a total of $81 million to entities in the 
Philippines went through, but a request to transfer $20 million to a 
non-profit ``foundation'' in Sri Lanka raised suspicions because 
foundation's name was spelled incorrectly.
    The transfers were suspended and the fraud was uncovered when the 
Bangladeshi bank was asked for clarification on the Sri Lankan 
transfer. By then $81 million had been transferred, primarily into 
accounts related to casinos in the Philippines. One casino returned $15 
million to Bangladesh, but the rest had disappeared. The methods used 
in this attack--in particular the in-depth knowledge of the SWIFT 
systems and the steps taken to cover tracks--evidence Lazarus' growing 
technical skills.
    Our analysis of this attack found code sharing between the malware 
and other unique tools used by Lazarus in other attacks, including some 
in the financial sector. Additionally, some of the tools used in the 
attack are connected to Lazarus. We have also seen this malware 
deployed against banks in the Philippines and Vietnam.
                          wannacry ransomware
    Though the WannaCry outbreak became a global story on May 12, 2017, 
our analysis has revealed that an almost identical version of the 
ransomware was used in a small number of targeted attacks in February, 
March, and April of the same year. The key difference between the 
earlier versions of WannaCry and the one that became a global event was 
the method of propagation--the early version used stolen credentials to 
move through infected networks, while the May 12 version included the 
ability to self-propagate (known as a ``worm'') that led to its rapid 
spread.
    In fact, within hours of the first detection, the May 12 version 
disrupted Britain's National Health Service and Spanish telecom 
provider Telefonica. After a day, it had infected more than 230,000 
computers in over 150 countries. At that point the infection rate 
plummeted, largely through good luck--a security researcher in the 
United Kingdom had unknowingly triggered a kill switch when he 
registered a domain name he found within the code of the ransomware. 
This prevented the worm from moving laterally, greatly slowing the 
spread of the infection, effectively halting the initial outbreak and 
preventing it from becoming a significant event in the United States. 
Still, over the course of 3 days (May 12-15), we blocked WannaCry more 
than 22 million times on more than 300,000 devices. We were able to 
prevent WannaCry infections because we had already implemented 
protections for the underlying vulnerability.
    The May version of WannaCry was unique and dangerous because of how 
quickly it could spread. It was the first ransomware-as-a-worm that has 
had global impact; once on a system it propagated autonomously using 
the ``Eternal Blue'' vulnerability in the Windows Server Messaging 
Block (SMB) protocol. After gaining access to a computer, WannaCry 
installs a ransomware package that works in the same fashion as most 
modern crypto-ransomware: it finds and encrypts a range of files, then 
displays a ``ransom note'' demanding a payment in bitcoin (in this 
case, $300 the first week; $600 the second week).
    WannaCry spread largely to unpatched computers. Though Microsoft 
released a patch for the SMB vulnerability for Windows 7 and newer 
operating systems in March, unpatched systems and systems running XP or 
older operating systems were unprotected. After the WannaCry outbreak 
began, Microsoft released a patch for XP and earlier platforms.
    The May version of WannaCry was very effective at infecting 
computers and encrypting the data on them, but it also contained flaws 
that prevented the authors from collecting their ransom. Specifically, 
the ransomware was not coded correctly to allow the attackers to 
collect bitcoin payment from thousands of victims. Interestingly, the 
authors quickly recognized their error and released a corrected version 
13 hours after the outbreak began, but that version did not spread 
widely before the infection was largely halted.
    Our analysis found numerous links between WannaCry and known 
Lazarus operations. The ransomware shares some code with previous 
malware used by Lazarus as well as some custom tools connected to the 
group. Additionally, we found three pieces of malware linked to Lazarus 
on the network of the target of the very first WannaCry attack in 
February, at least one of which was used in the Sony Pictures attacks.
                      sony pictures entertainment
    In 2014, Sony was preparing for the holiday release of ``The 
Interview'', a film depicting the fictional assassination of North 
Korean leader Kim Jong-un. On November 24, Sony experienced a cyber 
attack that disabled its information technology network, destroyed 
data, and stole emails that were then leaked to the public in an effort 
to embarrass company officials.
    Individuals claiming to be the hackers then sent emails threatening 
``9/11-style'' terrorist attacks on theaters scheduled to show the 
film, leading some theaters to cancel screenings and for Sony to cancel 
its wide-spread release. Much of the media and public attention 
revolved around the free speech implications of the attack, as well as 
the release of salacious emails between Hollywood executives and 
celebrities as well as the salaries paid to different movie stars. But 
from a cybersecurity standpoint, the ``big'' story of the attacks was 
the permanent destruction of computers and data--by one report, 
impacting as much as three quarters of the computers and servers at 
Sony Pictures headquarters. Many were damaged by ``wiper'' malware 
known as ``Destover,'' a particularly destructive variant which erased 
all the data on the machines, damaging them beyond repair.\1\ The 
attacks reportedly had cascading effects that went well beyond the 
computers themselves--hampering essential administrative functions like 
employee payroll, insurance, and contracts. The destructive element of 
the Sony attack is what sets it apart from most cyber attacks.
---------------------------------------------------------------------------
    \1\ https://www.symantec.com/connect/blog/collaborative-operation-
blockbuster-lazarus.
---------------------------------------------------------------------------
    On December 19, the FBI and the Director of National Intelligence 
(DNI) attributed the cyber attacks to the North Korean government based 
on a number of factors, including technical analysis on the wiper 
malware which included similar codes, encryption algorithms, and 
deletion methods to previous attacks linked to the North Korean 
government. Further, the FBI observed significant overlap in the 
infrastructure used to conduct the Sony attack and previously known 
North Korean command and control infrastructure. Last, many of the 
tools and tactics used in the Sony attack had similarities to a cyber 
attack in March of 2013 against South Korean banks and media outlets, 
which was carried out by North Korea.\2\
---------------------------------------------------------------------------
    \2\ FBI National Press Office, ``Update on Sony Investigation,'' 
December 19, 2014 https://www.fbi.gov/news/pressrel/press-releases/
update-on-sony-investigation.
---------------------------------------------------------------------------
                               conclusion
    Lazarus is an aggressive and increasingly sophisticated attack 
group that has a demonstrated willingness to disrupt networks, steal 
money, and destroy computers and data. They learn from their mistakes 
and move rapidly from target to target. Unlike other major attack 
groups which typically focus on one sector or even one industry, 
Lazarus has no shown such limitations. This means that all industries 
and sectors, and all governments, have to assume that Lazarus may 
target them, and must prepare accordingly. Symantec continues to 
monitor Lazarus' activities and will continue to share information with 
our government partners as well as publish reports of the activity we 
observe. Thank you for the opportunity to testify, and I would be happy 
to take any questions that you may have.

    Mr. Perry. The Chair thanks the gentleman.
    Dr. Pry, the Chair now recognizes you for your opening 
statement.

 STATEMENT OF PETER VINCENT PRY, CHIEF OF STAFF, COMMISSION TO 
  ASSESS THE THREAT TO THE UNITED STATES FROM ELECTROMAGNETIC 
                          PULSE ATTACK

    Mr. Pry. Thank you for the opportunity to be here today to 
talk to you about the threat from North Korea, and 
particularly, the threat from electromagnetic pulse, EMP, which 
would result from the high-altitude detonation of a nuclear 
weapon. You know, generating an EMP, which is, in effect, a 
super energetic radio wave, you might think of it, or super 
lightening that would destroy electronic systems, including 
electric grids and all the critical infrastructures that 
support life in this country and that depend upon them.
    This threat has been described a couple of times in the 
beginning of this hearing as unlikely. I would recommend that 
we not use that term in reference to an EMP. Maybe a better 
word would be ``unknown.'' I suspect people will continue to 
describe an EMP threat as unlikely right up until the day 
before North Korea actually attacks us, just like we did with 
the 9/11 attack that, the day before it happened, would have 
been regarded as highly unlikely.
    What we do know is that North Korea has the capability to 
make an EMP attack right now, and does, right now, constitute 
an existential threat to the United States. They detonated a 
hydrogen bomb on September 2. The new estimated yield on it is 
250 kilotons. That single weapon could put an EMP field down 
out over, not just the United States, but all of North America 
that would cause the collapse of electric grids, 
transportation, communications, all the life-sustaining 
critical infrastructures.
    Now, it wouldn't be a temporary blackout either. You know, 
it would take--we might not never recover from it. You know, if 
we are not prepared to defend our electric grid now and put in 
place the measures, and if they were to strike us now when we 
are unprotected, millions of Americans would die. Look at what 
is happening in Puerto Rico now if you want to know what the 
consequences of an EMP attack would be. They have only been 
without electricity for a few weeks and many people are in fear 
of their lives, legitimately so. Imagine a Puerto Rico where 
there was no U.S. Government coming to the rescue, all right, 
and they were on their own for a year. You would have most of 
the population of that island perish, if we weren't there to 
come in and help them. That is what would happen to the United 
States in the event of a North Korean nuclear EMP attack, which 
they could do today, all right, and with a single weapon.
    The intelligence community. The EMP Commission has been 
virtually alone, I think, in having a more accurate estimate of 
the threat from North Korea than the intelligence community has 
over these years. This summer should have been a humbling 
experience, you know, for those who want to dismiss or minimize 
the North Korean threats. Just 6 months ago, you know, many 
people were arguing that North Korea only had as few as 6, 
perhaps as many as 30 nuclear weapons. Now the intelligence 
community estimates that they have got 60 nuclear weapons. All 
right? They weren't thought to have ICBMs that were capable of 
reaching the United States; maybe Alaska and Hawaii. Now we 
estimate that they can reach all of the United States.
    So the intelligence community hasn't had a good record on 
this. The EMP Commission though, on the other hand, has been 
right.
    Two days after that H bomb test, North Korea also released 
the technical report accurately describing the way a super EMP 
weapon would work. We think they probably have that too, which 
would generate EMP fields even more powerful than that of the H 
bomb that they successfully tested.
    When we think of nuclear weapons, in the United States we 
think, well, North Korea would never cross the nuclear line, 
because for us, that is a big, deep dark red line that we would 
very reluctantly cross. But the North Koreans don't think that 
way about EMP, nor does Russia or China or Iran. In their 
military doctrine, EMP is part of a cyber warfare, it is part 
of a combined armed cyber warfare campaign.
    The likelihood of a nuclear EMP attack is exactly the same 
as the likelihood of getting in a war with North Korea. If we 
get in a war with them, where they feel their regime is at 
risk, they will use everything within their power, including a 
nuclear EMP attack, to prevail.
    So how likely is a nuclear war with North Korea? It is not 
just up to us. It is also up to the North Koreans themselves, 
and they are entirely capable of miscalculation.
    Now, last, I'd like to just point in terms of what should 
we be doing. We are going in exactly the wrong direction in 
terms of our preparations for EMP. Just 2 weeks ago, a senior 
official at the Department of Homeland Security described the 
EMP threat as theoretical and something that we needed to study 
a lot longer. That is basically the plan that the U.S. 
Government is on now. The Department of Energy, the Department 
of Homeland Security, and the National labs want to spend 
millions of dollars continuing to study the EMP threat way out 
to 2020 and beyond, when the EMP Commission has already spent 
17 years studying the threat, has repeatedly told Congress this 
is a real threat here and now and we know how to protect 
against and it can be done cost-effectively. That is all true.
    I hope that a project called the Louisiana Project that the 
EMP Commission started with the Department of Homeland Security 
under Secretary Kelly will survive the death of the EMP 
Commission. In this project, we have been working with the 
State of Louisiana to prove that you can protect a State 
electric grid very cost-effectively. I think people will be 
surprised, if it is allowed to go forward, at how little it 
would cost, and it would provide a paradigm for all the other 
States to follow.
    Thank you so much for hearing me out.
    [The prepared statement of Mr. Pry follows:]
                Prepared Statement of Peter Vincent Pry
                            October 12, 2017
    During the Cold War, major efforts were undertaken by the 
Department of Defense to assure that the U.S. National command 
authority and U.S. strategic forces could survive and operate after an 
EMP attack. However, no major efforts were then thought necessary to 
protect critical National infrastructures, relying on nuclear 
deterrence to protect them. With the development of small nuclear 
arsenals and long-range missiles by new, radical U.S. adversaries, 
beginning with North Korea, the threat of a nuclear EMP attack against 
the United States becomes one of the few ways that such a country could 
inflict devastating damage to the United States. It is critical, 
therefore, that the U.S. National leadership address the EMP threat as 
a critical and existential issue, and give a high priority to assuring 
the leadership is engaged and the necessary steps are taken to protect 
the country from EMP.
    By way of background, the Commission to Assess the Threat to the 
United States from Electromagnetic Pulse (EMP) Attack was established 
by Congress in 2001 to advise the Congress, the President, Department 
of Defense, and other departments and agencies of the U.S. Government 
on the nuclear EMP threat to military systems and civilian critical 
infrastructures. The EMP Commission was re-established in 2015 with its 
charter broadened to include natural EMP from solar storms, all man-
made EMP threats, cyber attack, sabotage, and Combined-Arms Cyber 
Warfare. The EMP Commission charter gives it access to all relevant 
Classified and Unclassified data and the power to levy analysis upon 
the Department of Defense.
    On September 30, 2017, the Department of Defense, after withholding 
a significant part of the monies allocated by Congress to support the 
work of the EMP Commission for the entirety of 2016, terminated funding 
the EMP Commission. In the same month, North Korea detonated an H-Bomb 
that it plausibly describes as capable of ``super-powerful EMP'' attack 
and released a technical report ``The EMP Might of Nuclear Weapons'' 
accurately describing what Russia and China call a ``Super-EMP'' 
weapon.
    Neither the Department of Defense nor the Department of Homeland 
Security has asked Congress to continue the EMP Commission. The House 
version of the National Defense Authorization Act includes a provision 
that would replace the existing EMP Commission with new Commissioners. 
Yet the existing EMP Commission comprises the Nation's foremost experts 
who have been officially or unofficially continuously engaged trying to 
advance National EMP preparedness for 17 years.
    And today, as the EMP Commission has long warned, the Nation faces 
a potentially imminent and existential threat of nuclear EMP attack 
from North Korea. Recent events have proven the EMP Commission's 
critics wrong about other highly important aspects of the nuclear 
missile threat from North Korea:
   Just 6 months ago, most experts thought North Korea's 
        nuclear arsenal was primitive, some academics claiming it had 
        as few as 6 A-Bombs. Now the intelligence community reportedly 
        estimates North Korea has 60 nuclear weapons.
   Just 6 months ago, most experts thought North Korea's ICBMs 
        were fake, or if real could not strike the U.S. mainland. Now 
        the intelligence community reportedly estimates North Korea's 
        ICBMs can strike Denver and Chicago, and perhaps the entire 
        United States.
   Just 6 months ago, most experts thought North Korea was many 
        years away from an H-Bomb. Now it appears North Korea has H-
        Bombs comparable to sophisticated U.S. two-stage thermonuclear 
        weapons.
   Just 6 months ago, most experts claimed North Korean ICBMs 
        could not miniaturize an A-Bomb or design a reentry vehicle for 
        missile delivery. Now the intelligence community reportedly 
        assesses North Korea has miniaturized nuclear weapons, and has 
        developed reentry vehicles for missile delivery, including by 
        ICBMs that can strike the United States.\1\
---------------------------------------------------------------------------
    \1\ Joby Warwick, Ellen Nakashima, Anna Fifield, ``North Korea Is 
No Making Missile-Ready Nuclear Weapons, U.S. Analysts Say'' Washington 
Post, August 18, 2017; Michelle Ye Hee Lee, ``North Korean Nuclear Test 
May Have Been Twice As Strong As First Thought'' Washington Post, 
September 13, 2017; Jack Kim, Soyoung Kim, ``North Korea Says It Has 
Developed A More Advanced Hydrogen Bomb That Can Be Loaded Onto An 
ICBM'' Business Insider, September 2, 2017; NBC News, `` `A Big Hoax': 
Experts Say North Korea Showing Off Missiles That Can't Fly'' August 
15, 2013.
---------------------------------------------------------------------------
    After massive intelligence failures grossly underestimating North 
Korea's long-range missile capabilities, number of nuclear weapons, 
warhead miniaturization, and proximity to an H-Bomb, the biggest North 
Korean threat to the United States remains unacknowledged--nuclear EMP 
attack.
    North Korea confirmed the EMP Commission's assessment by testing an 
H-Bomb that could make a devastating EMP attack, and in its official 
public statement: ``The H-Bomb, the explosive power of which is 
adjustable from tens of kilotons to hundreds of kilotons, is a multi-
functional thermonuclear weapon with great destructive power which can 
be detonated even at high altitudes for super-powerful EMP attack 
according to strategic goals.''\2\
---------------------------------------------------------------------------
    \2\ Bill Gertz, ``Korea Nuclear Test Furthers EMP Bomb'' Washington 
Free Beacon, September 6, 2017.
---------------------------------------------------------------------------
    As noted earlier, Pyongyang also released a technical report 
accurately describing a ``Super-EMP'' weapon.\3\
---------------------------------------------------------------------------
    \3\ Ibid. Kim Song-won, Dean of Kim Chaek University of Technology 
``The EMP Might of Nuclear Weapons'' Rodong Sinmun, Pyongyang, 
September 4, 2017.
---------------------------------------------------------------------------
    Just 6 months ago, some academics dismissed EMP Commission warnings 
and even, literally, laughed on National Public Radio at the idea North 
Korea could make an EMP attack.
    primitive and ``super-emp'' nuclear weapons are both emp threats
    The EMP Commission finds that even primitive, low-yield nuclear 
weapons are such a significant EMP threat that rogue states, like North 
Korea, or terrorists may well prefer using a nuclear weapon for EMP 
attack, instead of destroying a city: ``Therefore, terrorists or state 
actors that possess relatively unsophisticated missiles armed with 
nuclear weapons may well calculate that, instead of destroying a city 
or military base, they may obtain the greatest political-military 
utility from one or a few such weapons by using them--or threatening 
their use--in an EMP attack.''\4\
---------------------------------------------------------------------------
    \4\ Commission to Assess the Threat to the United States from 
Electromagnetic Pulse (EMP) Attack, Executive Report, 2004, p. 2.
---------------------------------------------------------------------------
    The EMP Commission 2004 Report warns: ``Certain types of relatively 
low-yield nuclear weapons can be employed to generate potentially 
catastrophic EMP effects over wide geographic areas, and designs for 
variants of such weapons may have been illicitly trafficked for a 
quarter-century.''\5\
---------------------------------------------------------------------------
    \5\ Ibid.
---------------------------------------------------------------------------
    In 2004, two Russian generals, both EMP experts, warned the EMP 
Commission that the design for Russia's Super-EMP warhead, capable of 
generating high-intensity EMP fields over 100,000 volts per meter, was 
``accidentally'' transferred to North Korea. They also said that due to 
``brain drain,'' Russian scientists were in North Korea, as were 
Chinese and Pakistani scientists according to the Russians, helping 
with the North's missile and nuclear weapon programs. In 2009, South 
Korean military intelligence told their press that Russian scientists 
are in North Korea helping develop an EMP nuclear weapon. In 2013, a 
Chinese military commentator stated North Korea has Super-EMP nuclear 
weapons.\6\
---------------------------------------------------------------------------
    \6\ U.S. Senate, Hearing, Statement for the Record, Dr. Peter 
Vincent Pry, ``Foreign Views of Electromagnetic Pulse (EMP) Attack'' 
testimony on behalf of EMP Commission before the Subcommittee on 
Terrorism, Technology, and Homeland Security, Senate Committee on the 
Judiciary (Washington, DC: March 9, 2005); Kim Min-sek and Yoo Jee-ho, 
``Military Source Warns of North's EMP Bomb'' JoonAng Daily (September 
2, 2009); Li Daguang, ``North Korean Electromagnetic Attack Threatens 
South Korea's Information Warfare Capabilities'' Tzu Chin, No. 260 
(June 1, 2012) pp. 44-45.
---------------------------------------------------------------------------
    Super-EMP weapons are low-yield and designed to produce not a big 
kinetic explosion, but rather a high level of gamma rays, which 
generates the high-frequency E1 EMP that is most damaging to the 
broadest range of electronics. North Korean nuclear tests, including 
the first in 2006, whose occurrence was predicted to the EMP Commission 
2 years in advance by the two Russian EMP experts, mostly have yields 
consistent with the size of a Super-EMP weapon. The Russian generals' 
accurate prediction about when North Korea would perform its first 
nuclear test, and of a yield consistent with a Super-EMP weapon, 
indicates their warning about a North Korean Super-EMP weapon should be 
taken very seriously.
                       emp threat from satellites
    While most analysts are fixated on when in the future North Korea 
will develop highly reliable intercontinental missiles, guidance 
systems, and reentry vehicles capable of striking a U.S. city, the 
threat here and now from EMP is largely ignored. EMP attack does not 
require an accurate guidance system because the area of effect, having 
a radius of hundreds or thousands of kilometers, is so large. No 
reentry vehicle is needed because the warhead is detonated at high-
altitude, above the atmosphere. Missile reliability matters little 
because only one missile has to work to make an EMP attack against an 
entire Nation.
    North Korea could make an EMP attack against the United States by 
launching a short-range missile off a freighter or submarine or by 
lofting a warhead to 30 kilometers burst height by balloon. While such 
lower-altitude EMP attacks would not cover the whole U.S. mainland, as 
would an attack at higher-altitude (300 kilometers), even a balloon-
lofted warhead detonated at 30 kilometers altitude could blackout the 
Eastern Electric Power Grid that supports most of the population and 
generates 75 percent of U.S. electricity.
    Or an EMP attack might be made by a North Korean satellite, right 
now.
    A Super-EMP weapon could be relatively small and lightweight, and 
could fit inside North Korea's Kwangmyongsong-3 (KMS-3) and 
Kwangmyongsong-4 (KMS-4) satellites. These two satellites presently 
orbit over the United States, and over every other nation on Earth--
demonstrating, or posing, a potential EMP threat against the entire 
world.
    North Korea's KMS-3 and KMS-4 satellites were launched to the south 
on polar trajectories and passed over the United States on their first 
orbit. Pyongyang launched KMS-4 on February 7, 2017, shortly after its 
fourth illegal nuclear test on January 6, that began the present 
protracted nuclear crisis with North Korea.
    The south polar trajectory of KMS-3 and KMS-4 evades U.S. Ballistic 
Missile Early Warning Radars and National Missile Defenses, resembling 
a Russian secret weapon developed during the cold war, called the 
Fractional Orbital Bombardment System (FOBS) that would have used a 
nuclear-armed satellite to make a surprise EMP attack on the United 
States.\7\
---------------------------------------------------------------------------
    \7\ Miroslav Gyurosi, The Soviet Fractional Orbital Bombardment 
System Program, (January 2010) Technical Report APA-TR-2010-010.
---------------------------------------------------------------------------
    Ambassador Henry Cooper, former director of the U.S. Strategic 
Defense Initiative, and a preeminent expert on missile defenses and 
space weapons, has written numerous articles warning about the 
potential North Korean EMP threat from their satellites. For example, 
on September 20, 2016 Ambassador Cooper wrote:

U.S. ballistic missile defense (BMD) interceptors are designed to 
intercept a few North Korean ICBMs that approach the United States over 
the North Polar region. But current U.S. BMD systems are not arranged 
to defend against even a single ICBM that approaches the United States 
from over the South Polar region, which is the direction toward which 
North Korea launches its satellites . . . This is not a new idea. The 
Soviets pioneered and tested just such a specific capability decades 
ago--we call it a Fractional Orbital Bombardment System (FOBS) . . . 
So, North Korea doesn't need an ICBM to create this existential threat. 
It could use its demonstrated satellite launcher to carry a nuclear 
weapon over the South Polar region and detonate it . . . over the 
United States to create a high-altitude electromagnetic pulse (HEMP) . 
. . The result could be to shut down the U.S. electric power grid for 
an indefinite period, leading to the death within a year of up to 90 
percent of all Americans--as the EMP Commission testified over 8 years 
ago.\8\
---------------------------------------------------------------------------
    \8\ Ambassador Henry F. Cooper, ``Whistling Past The Graveyard . . 
. '' High Frontier (September 20, 2016) highfrontier.org/sept-20-2016-
whistling-past-the-graveyard/ See also: highfrontier.org/category/fobs. 
On up to 90 percent U.S. fatalities from an EMP attack, during a 
Congressional hearing, Rep. Roscoe Bartlett asked me if such high 
fatalities could result, and I responded: ``We don't have experience 
with losing the infrastructure in a country with 300 million people, 
most of whom don't live in a way that provides for their own food and 
other needs. We can go back to an era when people did live like that. 
That would be--10 percent would be 30 million people, and that is 
probably the range where we could survive as a basically rural 
economy.'' U.S. House of Representatives, Hearing, ``Threat Posed By 
Electromagnetic Pulse (EMP) Attack'' Committee on Armed Services 
(Washington, DC: July 10, 2008), p. 9.

    Former NASA rocket scientist James Oberg visited North Korea's 
Sohae space launch base, witnessed elaborate measures undertaken to 
conceal space launch payloads, and concludes in a 2017 article that the 
---------------------------------------------------------------------------
EMP threat from North Korea's satellites should be taken seriously:

`` . . . there have been fears expressed that North Korea might use a 
satellite to carry a small nuclear warhead into orbit and then detonate 
it over the United States for an EMP strike. These concerns seem 
extreme and require an astronomical scale of irrationality on the part 
of the regime. The most frightening aspect, I've come to realize, is 
that exactly such a scale of insanity is now evident in the rest of 
their `space program.' That doomsday scenario, it now seems, has been 
plausible enough to compel the United States to take active measures to 
insure that no North Korean satellite, unless thoroughly inspected 
before launch, be allowed to reach orbit and ever overfly the United 
States.''\9\
---------------------------------------------------------------------------
    \9\ Jim Oberg, Space Review (February 6, 2017) 
www.thespacereview.com/article/3164/1in a 2017 article.

    Kim Jong-un has threatened to reduce the United States to ``ashes'' 
with ``nuclear thunderbolts'' and threatened to retaliate for U.S. 
diplomatic and military pressure by ``ordering officials and scientists 
to complete preparations for a satellite launch as soon as possible'' 
amid ``the enemies' harsh sanctions and moves to stifle'' the 
North.\10\ North Korean press (for example in Rodong Sinmun; March 7, 
2016) asserts readiness for ``any form of war'' and includes their 
satellite with ``strengthening of the nuclear deterrent and legitimate 
artificial satellite launch, which are our fair and square self-
defensive choice.'' Moreover: ``The nuclear [weapons] we possess are, 
precisely, the country's sovereignty, right to live, and dignity. Our 
satellite that cleaves through space is the proud sign that unfolds the 
future of the most powerful state in the world.'' The same article, 
like many others, warns North Korea makes ``constant preparations so 
that we can fire the nuclear warheads, which have been deployed for 
actual warfare for the sake of national defense, at any moment!''
---------------------------------------------------------------------------
    \10\ Alex Lockie, ``North Korea Threatens `Nuclear Thunderbolts' As 
U.S. And China Finally Work Together'' American Military News (April 
14, 2017); Fox News, ``U.S. General: North Korea `Will' Develop Nuclear 
Capabilities To Hit America'' (September 20, 2016) www.foxnews.com/
world/2016/09/20/north-korea-says-successfully-ground-tests-new-rocket-
engine.html.
---------------------------------------------------------------------------
    An earlier generation immediately understood the alarming strategic 
significance of Sputnik in 1957, yet few today understand or even care 
about the strategic significance of North Korea's satellites, perhaps 
because of wide-spread ignorance about EMP.
                       addressing misinformation
    Misinformation about EMP abounds in the media, and even in many 
allegedly serious studies, from uninformed persons posturing as 
experts, who have no competency in EMP. False claims are often made 
that the EMP threat is ``not real'' but merely theoretical and greatly 
overblown.\11\
---------------------------------------------------------------------------
    \11\ See for example: Jeffrey Lewis, ``Would A North Korean Space 
Nuke Really Lay Waste to the U.S.?'' New Scientist, 
www.newscientist.com/article/2129618; Lewis quoted in Cheyenne 
MacDonald, ``A North Korean `Space Nuke' Wouldn't Lay Waste To 
America'' Daily Mail, May 3, 2017; Lewis interviewed by National Public 
Radio, ``The North Korean Electromagnetic Pulse Threat, Or Lack 
Thereof'' www.npr.org/2017/04/27/525833275; www.naturalnews.com/2017-
05-01-npr-laughs-hysterically-north-korean-emp-nuclear-attack.html.
---------------------------------------------------------------------------
    For example, one academic often quoted by the press claims that 
during the 1962 STARFISH PRIME high-altitude nuclear test, ``just one 
string of street lights failed in Honolulu'' and that this proved EMP 
is no threat.\12\ In fact, the EMP knocked-out 36 strings of street 
lights, caused a telecommunications microwave relay station to fail, 
burned out HF (High-Frequency) radio links (used for long-distance 
communications), set off burglar alarms, and caused other damage.\13\
---------------------------------------------------------------------------
    \12\ Ibid.
    \13\ Dr. William R. Graham, ``North Korean Nuclear EMP Attack: An 
Existential Threat'' 38 North, June 2, 2017.
---------------------------------------------------------------------------
    The Hawaiian Islands did not experience a catastrophic protracted 
blackout because they were on the far edge of the EMP field contour, 
where effects are weakest; are surrounded by an ocean, which mitigates 
EMP effects; and were still in an age dominated by vacuum tube 
electronics.
    STARFISH PRIME was not the only test of this kind. Russia in 1961-
62 also conducted a series of high-altitude nuclear bursts to test EMP 
effects over Kazakhstan, an industrialized area nearly as large as 
Western Europe.\14\ That test destroyed the Kazakh electric grid.\15\ 
Moreover, modern electronics, in part because they are designed to 
operate at much lower voltages, are much more vulnerable to EMP than 
the electronics of 1962 exposed to STARFISH PRIME and the Kazakh 
nuclear tests. A similar EMP event over the United States today would 
be an existential threat.\16\
---------------------------------------------------------------------------
    \14\ High-altitude EMP (HEMP), the phenomenon under discussion, 
results from the detonation of a nuclear weapon at high-altitude, 30 
kilometers or higher. All nuclear weapons, even a primitive Hiroshima-
type A-bomb, can produce levels of HEMP damaging to modern electronics 
over large geographic regions.
    \15\ According to Electric Infrastructure Security Council, Report: 
USSR Nuclear EMP Upper Atmosphere Kazakhstan Test 184, 
(www.eiscouncil.org/APP_Data/upload/a4ce4b06-1a77-44d-83eb-
842bb2a56fc6.pdf), citing research by Oak Ridge National Laboratory, a 
comparable EMP event over the United States today ``would likely damage 
about 365 large transformers in the U.S. power grid, leaving about 40 
percent of the U.S. population without electrical power for 4 to 10 
years.''
    \16\ EMP Commission Executive Report, op. cit., pp. 4-8.
---------------------------------------------------------------------------
    Another academic wrongly asserts that because EMP from atmospheric 
nuclear tests in Nevada did not blackout Las Vegas, therefore EMP is no 
threat. The nuclear tests he describes were all endo-atmospheric tests 
that do not generate appreciable EMP fields beyond a range of about 5 
miles. The high-altitude EMP (HEMP) threat of interest requires exo-
atmospheric detonation, at 30 kilometers altitude or above, and 
produces EMP out to ranges of hundreds to thousands of miles. Las Vegas 
was not affected by the Nevada tests because they were endo-atmospheric 
nuclear tests that generated no HEMP.\17\
---------------------------------------------------------------------------
    \17\ Jack Liu, ``A North Korean EMP Attack? . . . Unlikely'' 38 
North, May 5, 2017.
---------------------------------------------------------------------------
    The same academic also miscalculates that ``a 20-kiloton bomb 
detonated at optimum height would have a maximum EMP damage distance of 
20 kilometers'' in part, because he assumes ``15,000 volts/meter or 
higher'' in the E1 EMP component is necessary for damage. This figure 
is an extreme overestimate of system damage field thresholds. Damage 
and upset to electronic systems will happen from E1 EMP field strengths 
far below the academic's ``15,000 volts/meter or higher.'' A one meter 
wire connected to a semiconductor device, such as a mouse cord or 
interconnection cable, would place hundreds to thousands of volts on 
microelectronic devices out to ranges of hundreds of miles for low-
yield nuclear devices. Based on omission and other experience with many 
EMP tests, semiconductor junctions, operating at a few volts, will 
experience breakdown at a few volts over their operating point, 
allowing their power supply to destroy the junctions experiencing 
breakdown.\18\
---------------------------------------------------------------------------
    \18\ Ibid.
---------------------------------------------------------------------------
    The same academic and many other non-experts also ignore system 
upset as a vulnerability. Digital electronics can be upset by 
extraneous pulses of a few volts. For unmanned control systems present 
within the electric power grids, long-haul communication repeater 
stations, and gas pipelines, an electronic upset is tantamount to 
permanent damage. Temporary upset of electronics can also have 
catastrophic consequences for military operations. No electronics 
should be considered invulnerable to EMP unless hardened and tested to 
certify survivability. Some highly critical unprotected electronics 
have been upset or damaged in simulated EMP tests, not at ``15,000 
volts/meter or higher,'' but at threat levels far below 1,000 volts/
meter.\19\
---------------------------------------------------------------------------
    \19\ Ibid.
---------------------------------------------------------------------------
    The North Korean missile test on April 29, 2017, which apparently 
detonated at an altitude of 72 kilometers, the optimum height-of-burst 
for EMP attack by a 10 KT warhead, would create a potentially damaging 
EMP field spanning, not the academic's miscalculated 20 kilometers 
radius, but to about 930 kilometers radius [Kilometers Radius=110 
(Kilometers Burst Height to the 0.5 Power)].\20\
---------------------------------------------------------------------------
    \20\ Ibid.
---------------------------------------------------------------------------
    Therefore, even for a low-yield 10-20 kiloton weapon, the EMP field 
should be considered dangerous for unprotected U.S. systems. The EMP 
Commission 2004 Report warned against the U.S. military's increasing 
use of commercial-off-the-shelf-technology that is not protected 
against EMP: ``Our increasing dependence on advanced electronics 
systems results in the potential for an increased EMP vulnerability of 
our technologically advanced forces, and if unaddressed makes EMP 
employment by an adversary an attractive asymmetric option.''\21\
---------------------------------------------------------------------------
    \21\ EMP Commission, Executive Report, op. cit., p. 47.
---------------------------------------------------------------------------
  empirical basis for emp threat better established than cyber threat
    The empirical basis for the threat of an EMP attack to electric 
grids and other critical infrastructures is far deeper and broader than 
the data for cyber attacks or sabotage. The notion that a cyber attack 
or sabotage can plunge the United States into a protracted blackout--
while very real threats that warrant deep concern--are far more 
theoretical constructs than EMP attack.
    We know for certain that EMP will cause wide-spread damage of 
electronics and protracted black-out of unprotected electric grids and 
other critical infrastructures from such hard data as:
   The U.S. STARFISH PRIME high-altitude nuclear test in 1962 
        over Johnston Island that generated an EMP field over the 
        Hawaiian Islands, over 1,300 kilometers away, causing wide-
        spread damage to electronic systems.\22\
---------------------------------------------------------------------------
    \22\ Phil Plait, ``The 50th Anniversary of Starfish Prime: The Nuke 
That Shook The World'' Discover, July 9, 2012.
---------------------------------------------------------------------------
   Six Russian EMP tests 1961-1962 over Kazakhstan that with a 
        single weapon destroyed electric grids over an area larger than 
        Western Europe, proving this capability six times.\23\
---------------------------------------------------------------------------
    \23\ Jerry Emanuelson, ``Soviet Test 184: The 1962 Soviet Nuclear 
EMP Tests Over Kazakhstan'' Future Science, Undated; Vladimir M. 
Loborev, ``Up-to-Date State of the NEMP Problems and Topical Research 
Directions'' Electromagnetic Environments and Consequences: Proceedings 
of the European International Symposium on Electromagnetic 
Environments, EUROEM Conference, Bordeaux, France, 1994; V. N. 
Mikhailov, The Nuclear Tests of the USSR, Vol. 2, Institute of 
Strategic Stability, Rosatom.
---------------------------------------------------------------------------
   30 years (1962-1992) of U.S. underground nuclear testing 
        that included collecting data on EMP effects.
   Over 50 years of testing by EMP simulators, still on-going, 
        including by the Congressional EMP Commission (2001-2008) that 
        proved modern electronics are over 1 million times more 
        vulnerable to EMP than the electronics of 1962.\24\
---------------------------------------------------------------------------
    \24\ ``Electromagnetic Pulse: Threat to Critical Infrastructures'' 
Hearing before the Subcommittee on Cybersecurity, Infrastructure 
Protection, and Security Technologies, House Committee on Homeland 
Security, Washington, DC: May 8, 2014.
---------------------------------------------------------------------------
    Moreover, hard data proving the threat from nuclear EMP is 
available from natural EMP generated by geomagnetic storms, accidental 
damage caused by electromagnetic transients, and non-nuclear 
radiofrequency weapons (RF weapons). All of these produce field 
strengths much less powerful than nuclear EMP, and in the case of 
accidental electromagnetic transients and radiofrequency weapons, much 
more localized. There are many thousands of such cases.
    Many documented examples of successful attacks using RF weapons, 
and accidents involving electromagnetic transients, are described in 
the Department of Defense Pocket Guide for Security Procedures and 
Protocols for Mitigating Radio Frequency Threats (Technical Support 
Working Group, Directed Energy Technical Office, Dahlgren Naval Surface 
Warfare Center). A few examples:
   ``Radio Frequency Weapons were used in separate incidents 
        against the U.S. Embassy in Moscow to falsely set off alarms 
        and to induce a fire in a sensitive area.''
   ``In Kzlyar, Dagestan, Russia, Chechen rebel commander 
        Salman Raduyev disabled police radio communications using RF 
        transmitters during a raid.''
   ``In June 1999 in Bellingham, Washington, RF energy from a 
        radar induced a SCADA malfunction that caused a gas pipeline to 
        rupture and explode.''
   ``In 1999, a Robinson R-44 news helicopter nearly crashed 
        when it flew by a high-frequency broadcast antenna.''
   North Korea used a Radio Frequency Weapon, purchased from 
        Russia, to attack airliners and impose an ``electromagnetic 
        blockade'' on air traffic to Seoul, South Korea's capital. The 
        repeated attacks by RFW also disrupted communications and the 
        operation of automobiles in several South Korean cities in 
        December 2010; March 9, 2011; and April-May 2012.\25\
---------------------------------------------------------------------------
    \25\ ``Massive GPS Jamming Attack By North Korea'' GPSWORLD.COM, 
May 8, 2012.
---------------------------------------------------------------------------
                         vulnerabilities to emp
    When assessing the potential vulnerability of U.S. military forces 
and civilian critical infrastructures to EMP, it is necessary to be 
mindful of the complex interdependencies of these highly networked 
systems, because EMP upset and damage of a very small fraction of the 
total system can cause total system failure.\26\
---------------------------------------------------------------------------
    \26\ Report of the Commission to Assess the Threat to the United 
States from Electromagnetic Pulse (EMP) Attack, Critical National 
Infrastructures, 2008, passim.
---------------------------------------------------------------------------
    Real-world failures of electric grids from various causes indicate 
that a nuclear EMP attack would have catastrophic consequences. 
Significant and highly disruptive blackouts have been caused by single-
point failures cascading into system-wide failures, originating from 
damage comprising far less than 1 percent of the total system. For 
example:
   The Great Northeast Blackout of 2003--that put 50 million 
        people in the dark for a day, contributed to at least 11 
        deaths, and cost an estimated $6 billion--originated from a 
        single failure point when a power line contacted a tree branch, 
        damaging less than 0.0000001 (0.00001 percent) of the system.
   The New York City Blackout of 1977, that resulted in the 
        arrest of 4,500 looters and injury of 550 police officers, was 
        caused by a lightning strike on a substation that tripped two 
        circuit breakers.
   The Great Northeast Blackout of 1965, that affected 30 
        million people, happened because a protective relay on a 
        transmission line was improperly set.
   India's nation-wide blackout of July 30-31, 2012--the 
        largest blackout in history, affecting 670 million people, 9 
        percent of the world population--was caused by overload of a 
        single high-voltage power line.
   India's blackout of January 2, 2001--affecting 226 million 
        people--was caused by equipment failure at the Uttar Pradesh 
        substation.
   Indonesia's blackout of August 18, 2005--affecting 100 
        million people--was caused by overload of a high-voltage power 
        line.
   Brazil's blackout of March 11, 1999--affecting 97 million 
        people--was caused by a lightning strike on an EHV transformer 
        substation.
   Italy's blackout of September 28, 2003--affecting 55 million 
        people--was caused by overload of two high-voltage power lines.
   Germany, France, Italy, and Spain experienced partial 
        blackouts on November 4, 2006--affecting 10-15 million people--
        from accidental shutdown of a high-voltage power line.
   The San Francisco blackout in April 2017 was caused by the 
        failure of a single high-voltage breaker.
    In contrast to the above blackouts caused by single-point or small-
scale failures, a nuclear EMP attack would inflict massive wide-spread 
damage to the electric grid causing millions of failure points. With 
few exceptions, the U.S. National electric grid is unhardened and 
untested against nuclear EMP attack.
    In the event of a nuclear EMP attack on the United States, a wide-
spread protracted blackout is inevitable. This common-sense assessment 
is also supported by the Nation's best computer modeling:
   Modeling by the U.S. Federal Energy Regulatory Commission 
        (FERC) reportedly assesses that a terrorist attack that 
        destroys just 9 of 2,000 EHV transformers--merely 0.0045 (0.45 
        percent) of all EHV transformers in the U.S. National electric 
        grid--would be catastrophic damage, causing a protracted 
        Nation-wide blackout.
   Modeling by the Congressional EMP Commission assesses that a 
        terrorist nuclear EMP attack, using a primitive 10-kiloton 
        nuclear weapon, could destroy dozens of EHV transformers, 
        thousands of SCADAS and electronic systems, causing 
        catastrophic collapse and protracted blackout of the U.S. 
        Eastern Grid, putting at risk the lives of millions.\27\
---------------------------------------------------------------------------
    \27\ For the best Unclassified modeling assessment of likely damage 
to the U.S. National electric grid from nuclear EMP attack see: U.S. 
Federal Energy Regulatory Commission (FERC) Interagency Report, 
coordinated with the Department of Defense and Oak Ridge National 
Laboratory: Electromagnetic Pulse: Effects on the U.S. Power Grid, 
Executive Summary (2010); FERC Interagency Report by Edward Savage, 
James Gilbert and William Radasky, The Early Time (E1) High-Altitude 
Electromagnetic Pulse (HEMP) and Its Impact on the U.S. Power Grid 
(Meta-R-320) Metatech Corporation (January 2010); FERC Interagency 
Report by James Gilbert, John Kappenman, William Radasky, and Edward 
Savage, The Late-Time (E3) High-Altitude Electromagnetic Pulse (HEMP) 
and Its Impact on the U.S. Power Grid (Meta-R-321) Metatech Corporation 
(January 2010).
---------------------------------------------------------------------------
    Thus, even if North Korea has only primitive, low-yield nuclear 
weapons, and likewise if other States or terrorists acquire one or a 
few such weapons, and the capability to detonate them at 30 kilometers 
or higher-altitude over the United States, as the EMP Commission warned 
over a decade ago in its 2004 Report: ``The damage level could be 
sufficient to be catastrophic to the Nation, and our current 
vulnerability invites attack.''\28\
---------------------------------------------------------------------------
    \28\ EMP Commission Executive Report, op. cit., p. 1.
---------------------------------------------------------------------------
                          what is to be done?
    We recommend establishing an Executive Agent--a Cabinet Secretary 
designated by the President--with the authority, accountability, and 
resources, to manage U.S. National infrastructure protection and 
defense against EMP and the other existential threats described above. 
Current institutional authorities and responsibilities--Government, 
industry, regulatory agencies--are fragmented, incomplete, and unable 
to protect and defend against foreign hostile EMP threats or solar 
super-storms.
    We encourage the President to work with Congressional leaders to 
stand-up an ad hoc Joint Presidential-Congressional Commission, with 
its members charged with supporting the Nation's leadership and 
providing expertise, experience, and oversight to achieve, on an 
accelerated basis, the protection of critical National infrastructures. 
The U.S. Federal Energy Regulatory Commission (FERC) and North American 
Electric Reliability Corporation (NERC) have for nearly a decade been 
unable or unwilling to implement the EMP Commission's recommendations. 
A Presidential-Congressional Commission on Critical Infrastructure 
Protection could engage the Free World's preeminent experts on EMP and 
Combined-Arms Cyber Warfare to serve the entire Government in a manner 
akin to the Atomic Energy Commission of the 1947-74 period, advising 
the administration's actions to attain most quickly and most cost-
effectively the protection essential to long-term National survival and 
well-being. The United States should not remain in our current state of 
fatal vulnerability to well-known natural and man-made threats.
    We highly commend President Trump's new Executive Order 
``Strengthening the Cybersecurity of Federal Networks and Critical 
Infrastructure'' signed on May 11, 2017. We strongly recommend that 
implementation of cybersecurity for the electric grid and other 
critical infrastructures include EMP protection, since all-out cyber 
warfare as planned by Russia, China, North Korea, and Iran includes 
nuclear EMP attack. However, current institutional arrangements for 
protecting and improving the reliability of the electric grids and 
other critical infrastructures through the United States. FERC and the 
NERC are not designed to address major National security threats to the 
electric power grids and other National critical infrastructures. Using 
FERC and NERC to achieve this level of National security is beyond the 
purpose for which those organizations were created and has proven to be 
fundamentally unworkable. New institutional arrangements are needed to 
advance preparedness to survive EMP and related threats to our critical 
National infrastructures.
    We recommend that U.S. military forces and critical National 
infrastructures be protected from EMP as outlined in the EMP 
Commission's Classified reports and Unclassified reports provided in 
2004 and 2008. EMP protection of military systems and civilian/military 
critical National infrastructures can be achieved cost-effectively by a 
combination of operational procedures and physical hardening. It is not 
necessary to harden everything. Selective hardening of key critical 
nodes and equipment will suffice. Threat parameters are 200 kilovolts/
meter for E1 EMP and 85 volts/kilometer for E3 EMP. Critical National 
infrastructures are already adequately protected from E2 EMP, 
equivalent to lightning.
    We recommend, given the proximity and enormity of the threat from 
EMP and Combined-Arms Cyber Warfare, the President exercise leadership 
to implement immediate, mid-term, and long-term steps to deter and 
defeat this existential threat:
Immediately:
    We recommend that the President declare that EMP or cyber attacks 
that black out or threaten to black out the National electric grid 
constitute the use of weapons of mass destruction that justify 
preemptive and retaliatory responses by the United States using all 
possible means, including nuclear weapons. Some potential adversaries 
have the capability to produce a protracted Nation-wide blackout 
induced by EMP or Combined-Arms Cyber Warfare by the use of nuclear or 
non-nuclear means. A Defense Science Board study Resilient Military 
Systems and the Advanced Cyber Threat (January 2013) equates an all-out 
cyber-attack on the United States with the consequences of a nuclear 
attack, and concludes that a nuclear response is justified to deter or 
retaliate for cyber warfare that threatens the life of the Nation: 
``While the manifestation of a nuclear and cyber attack are very 
different, in the end, the existential impact to the United States is 
the same.''
    We recommend that the President issue an Executive Order, provided 
to the previous White House, titled ``Protecting the United States from 
Electromagnetic Pulse (EMP)''. Among many other provisions to protect 
the Nation from EMP on an emergency basis, the Executive Order would 
instantly mobilize a much-needed ``whole-of-Government solution'' to 
the EMP and combined-arms cyber threat: ``All U.S. Government 
Departments, Agencies, Offices, Councils, Boards, Commissions and other 
U.S. Government entities . . . shall take full and complete account of 
the EMP threat in forming policies and plans to protect United States 
critical infrastructures . . . '' Protecting the electric grids and 
other critical infrastructures from the worst threat--nuclear EMP 
attack--can, if carried out in a system-wide, integrated approach, help 
mitigate all lesser threats, including natural EMP, man-made non-
nuclear EMP, cyber attack, physical sabotage, and severe terrestrial 
weather.
    We recommend that the President direct the Secretary of Defense to 
include a Limited Nuclear Option for EMP attack among the U.S. nuclear 
strike plans, and immediately make targeting and fusing adjustments to 
some of the nuclear forces needed to implement a nuclear EMP attack 
capability.
    We recommend that the President direct the Secretary of Defense to 
use National technical means to ascertain if there is a nuclear weapon 
aboard North Korea's KMS-3 or KMS-4 satellites that orbit over the 
United States. If either or both of these satellites are nuclear-armed, 
they should be intercepted and destroyed over a broad ocean area where 
an EMP resulting from salvage-fusing will do the least damage to 
humanity.
    We recommend that the President direct the Secretary of Defense to 
post Aegis ships in the Gulf of Mexico and near the east and west 
coasts, to search for and be prepared to intercept missiles launched 
from freighters, submarines, or other platforms that might make a 
nuclear EMP attack on the United States. U.S. National Missile Defenses 
(NMD) are primarily located in Alaska and California and oriented for a 
missile attack coming at the United States from the north, and are not 
deployed to intercept a short-warning missile attack launched near the 
U.S. coasts.
    We recommend that the President direct the Secretary of Homeland 
Security to harden the FirstNet emergency communications system against 
EMP.
    We recommend that the President initiate training, evaluating, and 
``Red Teaming'' efforts to protect the United States and in the event 
of an EMP attack to respond, and periodically report the results of 
these efforts to the Congress.
Mid-Term:
    We recommend that the President direct the Secretary of Defense to 
deploy Aegis-ashore missile interceptors along the Gulf of Mexico coast 
to plug the hole in U.S. missile defenses. The United States has no 
Ballistic Missile Early Warning System radars or missile interceptors 
facing south, and is largely blind and defenseless from that direction, 
including to missiles launched from submarines or off ships, or from a 
nuclear-armed satellite orbiting on a south polar trajectory.
    We recommend that the President direct the Secretary of Defense to 
develop a space-surveillance program to detect if any satellites 
orbited over the United States are nuclear-armed, and develop space-
interception capabilities to defend against nuclear-armed satellites 
that might make an EMP attack.
    We recommend that the President direct the Nuclear Regulatory 
Commission to launch a crash program to harden the over 100 nuclear 
power reactors and their spent fuel storage facilities against nuclear 
EMP attack. Nuclear power reactors typically only have enough emergency 
power to cool reactor cores and spent fuel rods for a few days, after 
which they would ``go Fukushima'' spreading radioactivity over much of 
the United States.
Long-Term:
    We recommend that the President through his Executive Agent protect 
elements of the National electric grids, the keystone critical 
infrastructure upon which all other critical infrastructures depend. 
Priority should be given to elements that are difficult and time-
consuming to replace. Such elements can be protected from EMP at very 
low cost relative to the costs of an EMP catastrophe, and paid for 
without Federal dollars by a slight increase in user electric rates. We 
recommend that a similar approach be taken to key elements of the 
National telecommunications infrastructure and other National critical 
infrastructures.
    We recommend the development and deployment of enhanced-EMP nuclear 
weapons and other means to deter adversary attack on the United States. 
Enhanced-EMP nuclear weapons, called by the Russians Super-EMP weapons, 
can be developed without nuclear testing.
    We recommend strengthening U.S. ballistic missile defenses--
including deployment of space-based defenses considered by the 
Strategic Defense Initiative--and that these be designed and postured 
to also protect the United States from EMP attack.

    Mr. Perry. The Chair thanks the gentleman.
    If you just hold, votes have just been called. I have got 
to try and figure out what we are going to do here quick.
    All right, folks, this is what we are going to do. Since 
the votes have been called, I am going to defer my questions, 
because I am going to come back. I am going to go to Mr. 
Duncan, Mr. Correa, and then to the other side. Then when the 
time is up, I am going to leave. We are going to vote, and then 
at least you know I am going to come back. If Mr. Higgins or 
anybody from--Ms. Barragan or anybody else from the other side 
wants to come back or anybody else on our side, you will have 
that option. I hope you guys can indulge us and stick around, 
but this is how things work here.
    So, with that, I will recognize Mr. Duncan.
    Mr. Duncan. I thank the Chairman for that. I thank the 
panel for being here. It has been very informative.
    Dr. Pry, I am going to skip North Korea for just a second. 
Because of your past experience with Russian arms treaty 
verification, could you just touch on how difficult it is in 
Iran, as a closed society and a closed government, for our arms 
treaty folks and the IAEA to actually do inspections there? 
Then I have got a follow-up question about EMPs. But I would 
love to get your take on that.
    Mr. Pry. Iran has actually--practically told us that they 
are cheating on the Iran nuclear deal. There is a military 
textbook called Passive Defense that is, you know, a major 
textbook taught at their general staff academies, that 
describes, in admiring terms, Soviet successful cheating on 
arms control treaties during the Cold War, and how they manage 
to fool us in terms of the number of weapons, the quality of 
their weapons, and that this would be a good paradigm to follow 
for Iran. I mean, it is there in black and white. Congressman 
Trent Franks has a copy of the book. Unfortunately, it is not 
Unclassified. It should be Unclassified, but it is For Official 
Use Only, and so it can only be used by, you know, U.S. 
Government officials.
    But in effect, they have told us in their military doctrine 
black and white, you know, that they plan to cheat on 
agreements in order to get nuclear weapons.
    In terms of the difficulty, I mean, I have written a number 
of articles on this. You know, at one of these military bases, 
there is a photograph that is actually available from 
Unclassified satellite imagery that shows four high-energy 
power lines, each one carrying about 750,000 volts, going down 
underground into a facility. Something is going on in one of 
those underground military facilities that require----
    Mr. Duncan. These are at the military installation?
    Mr. Pry. Yes, that the IAEA has never looked at, that they 
don't have an ability to investigate them. You know, that 
requires millions of volts of electricity. You know, that could 
be running uranium centrifuges that they have that have not 
been declared that could be running, something like the 
Krasnoyarsk-26. You asked about our Cold War experience. For 
example, the Soviet Union had a whole nuclear reactor secretly 
hidden underground at a place called Krasnoyarsk-26 so that 
they could cheat on arms control treaties and make plutonium 
and uranium for nuclear weapons, and tritium as well, you know, 
and cheat on the treaties.
    Something that needs to be declassified is the--under 
President Reagan there was a thing called the General Advisory 
Committee Report on Arms Control Compliance 1959--I think it 
was 1983-84, up to that point, which the State Department has 
never allowed to be declassified. It goes through all of the 
major arms control treaties we had with the Soviet Union, 
demonstrate how they cheated on virtually every one.
    So we have a long history of the bad guys cheating on these 
treaties. At least half the problem is our unwillingness to 
acknowledge that, you know, because there are interests in this 
town that are very much in favor of not wanting to face the 
reality that arms control doesn't work. Just like there were 
people, oh, around Neville Chamberlain before World War II that 
didn't want to acknowledge that the Nazis and the Japanese were 
cheating on the Washington Naval Treaty and other arms control 
agreements that existed before World War II.
    Mr. Duncan. Thank you for that.
    Thank you, Mr. Chairman.
    Mr. Perry. The Chair thanks the gentleman and the witness 
for their indulgence.
    The Chair now recognizes the Ranking Member, Mr. Correa.
    Mr. Correa. Thank you, Mr. Chairman.
    Mr. Ruggiero, very quickly, you talked about some of the 
things we can do, failed policies. The question to you and some 
of the others, have we ever gone after the bank accounts of 
North Korean generals, business folks? I mean, you hit them at 
the pocketbook at an individual level, that would get a 
reaction. Have we ever attempted to do that? Have we done that? 
If you lose a couple of billion dollars in a Swiss account, it 
may get your attention.
    Mr. Ruggiero. Certainly, that would be useful. I think on 
leadership funds there is a question of where that money is. I 
think you made a good recommendation there in terms of 
countries in Europe that have--bank secrecy is the best way to 
look at it.
    In 2005, the United States went after Banco Delta Asia in 
Macao, which was very successful. But since that time, more 
recently, we have started to go after North Koreans. The issue 
here is that in a lot of ways, this money is held in China, in 
Chinese banks, or in the name of Chinese companies, and that is 
why it is important now to go after Chinese companies----
    Mr. Correa. So we haven't done--essentially, lack the 
technology, the information, the knowledge, to figure out how 
to get that money?
    Mr. Ruggiero. Well, I would say we are starting to do that 
now. Since May, the Trump administration has taken six actions 
against China.
    Mr. Correa. If I may interrupt you. Nuke testing 11 years 
ago, rocket testing 20 years ago. If you figure, they are 
preparing for that even before that and it is just barely now 
that we are figuring this out.
    Mr. Ruggiero. Certainly.
    Mr. Correa. Very quickly, Dr. Pry, you talked about an EMP 
pulse not being theoretical, but essentially, a clear and 
present situation. Why haven't we reacted to it as a country? 
Is this a question of politics or is this a question of cost? 
If the answer is this is a threat here, we are going to go have 
to invest a lot of money to harden our systems.
    Mr. Pry. It isn't chiefly a question of cost. You can 
actually protect against EMP quite cost effectively. The EMP 
Commission estimated that for $2 billion, you know, we could 
protect the electric grid. You know, that is what we give away 
every year in foreign aid to Pakistan.
    I think it is a complex question as to why we haven't acted 
yet. Politics is mostly what it has to do with.
    The electric utilities in this country are not controlled 
by the Federal Government. You know, there are 3,000 
independent utilities. No agency of the U.S. Government, 
including the U.S. Federal Energy Regulatory Commission, has 
the legisla---has the authority, has the power to order them to 
protect the electric grid. They have spent vast amounts of 
money and huge effort lobbying against EMP, and not just EMP--
--
    Mr. Correa. But I would argue exactly that that is kind-of 
what we are going through with cybersecurity right now.
    Mr. Pry. Exactly, exactly.
    Mr. Correa. Private sector, some folks want to step up, 
some folks don't. Even the Federal Government, some folks--you 
know, agencies are there, some are not.
    Mr. Pry. The NERC has even opposed the tree branch threat. 
I mean, the great Northeast blackout of 2003 was caused when a 
tree branch hit a high-power voltage line in Ohio, and it put 
50 million Americans in the dark. FERC begged them to come up 
with a plan to avoid the tree branch threat in the future, 
because we can't have 50 million Americans in the dark. It has 
taken them 10 years to come up with a better, improved----
    Mr. Correa. Thank you very much.
    Mr. Perry. The Chair thanks the gentleman.
    The Chair now recognizes Mr. Higgins.
    Mr. Higgins. Mr. Chairman, in the interest of time, I defer 
my questions till we return.
    Mr. Perry. Yes, sir.
    The Chair now recognizes Miss Rice.
    Miss Rice. Thank you, Mr. Chairman.
    This, I guess, is a question I would put to any of you on 
the panel. What effect would President Trump's anticipated act 
to decertify the Iran nuclear deal have on any potential 
diplomatic solution to the North Korea issue?
    Mr. Ruggiero. Well, I would just say that the North Koreans 
are not waiting by the phone to have a negotiated settlement. 
That would be the first. The second is that, from my 
perspective, it is the Iranians that are looking at North Korea 
and seeing their pathway to a nuclear weapon.
    The concern I have is that there are many people who are 
suggesting we should stay in the Iran deal, that are the same 
people that are saying we can accept the threat from North 
Korea right now and just deter them. I think that is the wrong 
message to Iran. I think that we have to, when we are looking 
at North Korea, we have to make sure that we underscore that 
our policy is denuclearization, so that the Iranians don't see 
that, in 20 years, they have a path to a nuclear weapon.
    Mr. Pry. If I could make a comment on this. You know, we 
have, this summer, been surprised by the advancement of the 
missile and nuclear weapons threat from North Korea. I think 
the next big surprise that is going to face us is Iran, because 
we have grossly underestimated the Iranian nuclear threat. If 
we want to read carefully the 2014 International Atomic Energy 
Agency report, while they did not come to the conclusion--the 
IAEA doesn't draw these conclusions, but members are our 
commission and former members of the Clinton and Reagan 
administration intelligence communities looked at that report. 
There are indicators, technological indicators, that Iran 
already has the bomb, and that they may have had the bomb since 
before 2003.
    Before 2003, there were actually manufacturing bridge wire 
detonators, neutron initiators, and they had conducted an 
implosion experiment. In the Manhattan Project during World War 
II when the United States was at that technological phase, we 
were 3 months from getting the atomic bomb. Now, these were 
things they were doing before 2003. What is going on in those 
military facilities? Personally, I think they have already got 
the bomb, and that we are going to be surprised just like we 
have been about North Korea.
    Miss Rice. Anyone else?
    Okay. Thank you.
    Mr. Perry. The gentlelady yields.
    The Chairman recognizes Ms. Barragan.
    Ms. Barragan. While I am looking for my questions, I just 
want to do a quick follow-up to that. I have read a lot of 
people who have opined on the Iran deal, and a lot of folks who 
did not support the deal are still coming out very publicly and 
saying, even though this is not the best deal, the manner in 
which the President wants to do it is not the way to do it, and 
that is a risk.
    Does anybody have any thoughts on the manner in which it is 
being done? I will just leave it at that.
    Mr. Pry. I would like to volunteer my opinion on this. You 
know, I think the biggest risk is remaining in the deal. I see 
it in the press. I see it in the defenders of the Iran nuclear 
deal describing it that at least it has constrained the nuclear 
threat from Iran, that it has contained the nuclear threat from 
Iran. That is not a fact. There is no evidence that it is 
contained. Then there is plenty of evidence that it hasn't 
contained the threat from Iran and that we have basically 
deluded ourselves in this deal into thinking that we have 
contained a threat that actually----
    Ms. Barragan. So I just want to respectfully--do you think 
the process in which the President is following is the right 
approach on this? Yes or no.
    Mr. Pry. I think anything that gets--yes. Anything that 
gets us out of that deal is going to be in interest of our 
survival.
    Ms. Barragan. Thank you.
    Okay. So I want to go ahead and follow up on--just in the 
last 10 days, between attacking the press and the First 
Amendment and blaming Puerto Ricans for the disaster caused by 
Hurricane Maria, the President tweeted the following in regards 
to North Korea: Our country has been unsuccessfully dealing 
with North Korea for 25 years, giving billions of dollars and 
getting nothing. Policy didn't work.
    Next tweet: Presidents and their administrations have been 
talking to North Korea for 25 years. Agreements made and 
massive amounts of money paid hasn't worked. Agreements 
violated before the ink was dry. Making fools of U.S. 
negotiators. Sorry, but only one thing will work.
    The President's next tweet: Just heard foreign minister of 
North Korea speak at U.N. If he echoes thoughts of little 
rocket man, they won't be around much longer.
    Last: We can't allow this dictatorship to threaten our 
Nation and our allies with unimaginable loss of life, he said 
at a meeting with top military officers.
    Finally: We will do what we must to prevent that from 
happening, and it will be done if necessary, believe me.
    Mr. Greene, how would you characterize this 
administration's North Korea strategy? What are the 
implications of the President's diplomacy by tweet foreign 
policy, especially considering the rift between the President 
and his Secretary of State, Rex Tillerson?
    Mr. Greene. So unfortune--so I am the cyber expert here, 
and unfortunately, I am not qualified to opine on the merits or 
lack thereof a diplomatic approach. So I apologize, I am not 
capable of responding on that.
    Ms. Barragan. Does anybody on the panel believe that the 
President's diplomacy by tweeting is the proper way to go? That 
is a yes or no.
    Mr. Pry. Yes.
    Ms. Barragan. Okay. Mr. Ruggiero.
    Mr. Ruggiero. I think that is tougher to answer via yes, 
no. There is a lot in there in terms of North Korea policy. I 
think the President is right when he talks about diplomacy has 
not worked with North Korea. I think that----
    Ms. Barragan. Don't you think there is a threat of us 
getting into a nuclear war because the President may tweet 
something to set off the other side?
    Mr. Ruggiero. Well, that was going to be my next point, 
which is, essentially, when you are talking about deterrence, 
it is important to telegraph to the other side what the 
consequence of an action will be. I think the United States and 
North Korea have done that, but on both sides it has gone too 
far. I think the evidence of miscalculation can happen.
    Ms. Barragan. Thank you. I have one more question for Mr. 
Greene.
    Mr. Perry. Can the gentlelady yield until we come back? We 
have got a minute to vote. I apologize, but I want to adjourn 
the committee at this time--recess--correction--the committee 
at this time.
    So a vote has been called on the House floor. The committee 
will recess until 10 minutes after the last vote.
    [Recess.]
    Mr. Perry. Thank you all for your indulgence and your 
patience. The Subcommittee on Oversight and Management 
Efficiency will come to order. So the Chair will now recognize 
himself for 5 minutes of questioning. Just be apprised we are 
back to the 5-minute schedule since we don't have votes 
impending.
    So let me see if I can get my head here in the game 
quickly. Mr. Cilluffo, 6,000 hackers employed in China and 
Southeast Asia. I want to talk to you about that a little bit 
and the indicators and the intelligence prep of the battlefield 
just to set your mind frame. So these hackers that are employed 
in China and Southeast Asia--and maybe I should also include 
Mr. Greene, because maybe this is some of this Lazarus--some of 
these Lazarus folks. I don't know. But do we--obviously, it is 
a little tougher for us to track these people in China. Do we 
track them at all? If not China, Southeast Asia seems like it 
would be a more opportune intelligence target for us. Do we 
track them? Do the host countries where they are operating know 
that they are there such that we could impose a sanction or 
some kind of financial penalty or some kind of penalty on that 
host country that is hosting these individuals? Is that a 
possibility?
    Mr. Cilluffo. Mr. Chairman, I think that is an excellent 
question.
    To clarify, the 6,000 is not exclusively those operating 
overseas, but a vast majority or many of them actually do. But 
I do think you raise a great question here, and that is finding 
levers and points of leverage that we can have with other--
including allies, by the way--where we can apply greater 
physical pressure in addition to cyber means. I mean, if you 
look at a photo, a satellite photo of the Koreas at night, I 
mean, South Korea is lit up like a Christmas tree; North Korea 
is dark. So there is very little connectivity there. So, 
obviously, when we look at some of our own capabilities and 
capacities, retaliation in kind is going to have minimal effect 
and impact because they don't have a whole lot to take down. 
So, when you start looking at these outposts that they do have, 
I think we do have opportunities to apply new means of 
pressure, and I do think that many of these countries are 
unwitting to some of these operatives. So I think that that is 
a path that should be pursued, and we should light them up.
    Mr. Perry. What about the indicators? When you say, you 
know, it is essentially IPB and that these are indicators, you 
talk about stand-alone, the broader campaign, and then 
indicators. For instance, keeping with Dr. Pry, if we are to 
be--and I think we should be--rightly concerned about EMP as a 
method--or any of the other things, but let's stick with EMP--
for example, would there be specific indicators in cyber that 
would clue us into impending testing, utilization, et cetera?
    Mr. Cilluffo. You know, I think Dr. Pry rightfully framed 
the issue that, at the end of the day, it is not the modality; 
it is the question of whether or not they get into the game. If 
they get into the game, they will come in wholesale if they 
feel threatened. So I think that the indicators are significant 
in terms of potential target selection. But I am not 
necessarily sure there would be any specific to EMP, other than 
they are going after the grid pretty--so, if there is one 
critical infrastructure that every other critical 
infrastructure is dependent upon, all the life-line sectors, it 
is electric; it is the grid. They could come at that through 
cyber means or, obviously, catastrophically through EMP 
attacks.
    Mr. Perry. I can see we are going to go to round two, so I 
am going to try and limit my comments here. But, Mr. Greene, I 
am going to get to you. So just hang on there a little bit, but 
I want to stay with Mr. Cilluffo just for continuity here.
    So you mentioned in your remarks the targeting of U.S. 
energy companies. Have they done that? Do we have the 
indicators that they have done--I mean, can we prove that at 
this point? That is known information to us?
    Mr. Cilluffo. This is now known information, yes. There 
have been actual reports put out by the information sharing and 
analysis centers for industrial control systems and for the 
energy sector in particular. There was a news report that just 
popped earlier this week specifically about a particular energy 
company that was breached. That is based on information that--
--
    Mr. Perry. It was breached by the North Koreans or we 
believe----
    Mr. Cilluffo. Allegedly that is what the attempt is. So I 
think that one thing to notify, to keep in mind, in addition to 
IPB--where it could signal targets, it could signal 
intentions--it is also worth noting: If you can exploit, you 
can also attack.
    Mr. Perry. Sure.
    Mr. Cilluffo. In other words, if you are in the system----
    Mr. Perry. Right.
    Mr. Cilluffo [continuing]. You are in the system. It all 
hinges around intentions, and if they have got a foothold in 
the system and their intention is to attack, they can also 
attack.
    Mr. Perry. All right. I am going to yield, and at this 
time, I will recognize the gentleman from Louisiana, Mr. 
Higgins.
    Mr. Higgins. Thank you, Mr. Chairman.
    Dr. Pry, my questions will be addressed at you, sir. So 
that you can get your head wrapped around where I am going with 
this, I am specifically going to be asking about North Korea's 
satellite program and their so-called space program and the 
KMS-4 satellite launch in February of this year.
    I have read your entire testimony. It is fascinating, quite 
informative. You refer to massive intelligence failures grossly 
underestimated North Korea's long-range missile capabilities, 
the number of nuclear weapons, warhead miniaturization, the 
development of an H-bomb, et cetera. Do you stand by that 
statement, sir?
    Mr. Pry. Oh, absolutely, as does Dr. Graham, the chairman 
of our commission.
    Mr. Higgins. Moving on. In 2004, you stated that two 
Russian generals, both EMP experts, warned the EMP Commission 
that the design for Russia's super EMP warhead, capable of 
generating high-intensity EMP fields, was transferred to North 
Korea. Not long after that, in 2006, North Korea nuclear tests 
indicated yields that were consistent with the size of a super 
EMP weapon. The timing and indicators of that illegal nuclear 
test were reflective of the warnings as stated by the two 
Russian experts. Is that correct?
    Mr. Pry. Yes, that is correct, sir.
    Mr. Higgins. A super EMP weapon, according to your 
testimony, can be relatively small and lightweight and can fit 
inside North Korea's KMS-3 or KMS-4 satellites. These two 
satellites--specifically, I am referring to KMS-4, because it 
was launched this year--presently orbit the United States and 
over every other nation on Earth through the southern polar 
trajectory. The south polar trajectory evades U.S. ballistic 
missile early warning radars and National missile defenses, 
which also resembles a Russian secret weapon developed during 
the Cold War similar to a super EMP weapon. Is that correct?
    Mr. Pry. Yes, that is correct.
    Mr. Higgins. Two experts cited in your testimony stated 
similar concerns, one confirming that current ballistic missile 
defense systems are not arranged to defend against even a 
single ICBM or satellite that approaches the United States from 
the south polar region. Another expert stated that North Korea 
might use a satellite to carry a small nuclear warhead into 
orbit and then detonate it over the United States for an EMP 
strike.
    Now, considering the fact that it appears that North Korea 
has had access to a design for a super EMP warhead for over a 
decade now, according to the Russian experts that were accurate 
in their predictions of North Korean nuclear tests 2 years 
later and the indicators of that test, that would suggest that 
it was a detonation of a super EMP device, would you concur 
that it is possible or even probable that KMS-4 is currently 
super EMP-armed?
    Mr. Pry. We are very concerned about that. You know, we 
don't know if they are nuclear armed or not, but we know Kim 
Jong-un is a high-risk player, and we think the threat is 
intolerable to pose an existential threat to our society that 
passes over the country several times a day and have 
recommended that the satellites be shot down over a broad ocean 
area, over the arctic region, so that, just in case they are 
salvage-fused for EMP, you know, they would go off over an area 
that would limit the damage to humanity. But, yes, we are very 
concerned about that.
    Mr. Higgins. Would you assess, sir, that the EMP threat is 
significant enough, that the existing EMP threat, specifically 
with regards to KMS-4, would you assess that that threat is 
significant enough to warrant legislation out of this body, as 
suggested through this subcommittee, mandating the hardening of 
our grid and the shielding of our grid, as you mentioned 
earlier in your testimony?
    Mr. Pry. Well, absolutely. Sir, even before the North 
Koreans launched these satellites, back in 2008, that was the 
recommendation of the EMP Commission because we feared exactly 
this kind of development. There are two satellites currently in 
orbit, one that was launched in 2012. They may launch them in 
the future. What they appear to be trying to do is create a 
constellation so that they will, in the near term, always have 
a satellite in close proximity to North America. You know, if 
we don't act to defend ourselves and/or take out those 
satellites, you know, eventually, we will be in a situation 
where we can't easily take the satellites out without the 
United States being at risk.
    Mr. Higgins. Thank you for your testimony.
    Mr. Chairman, thank you for indulging my time, and I yield 
back.
    Mr. Perry. The Chairman thanks the gentleman, deviates from 
protocol and, in the interest of time, recognizes the Ranking 
Member, Mr. Correa, for the beginning of the second round.
    Mr. Correa. Thank you.
    Question, Mr. Greene, in terms of cyber--North Korean cyber 
attack motivation undermining the United States, what is the 
higher probability, them going after our critical 
infrastructure or stealing intellectual property from us?
    Mr. Greene. So, with the Lazarus Group, which has been 
linked by the FBI to North Korea, it is hard to say because 
they have not shown any limitation to what they are willing to 
do. They have gone after critical infrastructure. They have 
gone after financial. They have gone after intellectual 
property.
    The recent report that Mr. Cilluffo was talking about is 
concerning because it shows this probing of the battlefield, 
initial efforts to try to get their way into electric systems. 
We had a report--not Lazarus, it was a different actor--just a 
couple of weeks ago about compromises of control systems at 
energy facilities. Previously, we had seen this actor working 
on the back-end management systems. In the 2 years after that, 
they moved on to the control systems. So there clearly is an 
effort.
    The group that was reported publicly this week has been 
consistent with the Lazarus Group. So to see them moving into 
the electric grid--and have public reporting on it--suggests to 
me a renewed interest there, which is worrisome. Depending upon 
what outcome they want, you are going to get a better 
geopolitical outcome by going after the grid than you are by 
going after intellectual property.
    Mr. Correa. So, following up on that train of thought, if 
you go after Sony, if you go after bank accounts, you may be 
doing it out of a hotel room in Japan or maybe somewhere in 
China or, now, based on the fact that the Russian state-owned 
company TransTelekom is now working with North Korea, I mean, 
you can have those kinds of thefts directly and indirectly. 
They are kind-of a little vague in terms of who did it and 
where the smoking gun is. But if you go after our power grid 
and you shut it down, that is a little more direct of an 
attack. I mean, that is kind-of a declaration here.
    Mr. Greene. If you are trying to track back, technically, 
you are looking at who is doing it; it is going to be the same 
technical means to see where the attack is coming from. You 
rarely see the last hop to an attack actually come from the bad 
actor's computer. They are going to compromise someone else's 
computer. A lot of the attacks that happen in the United States 
that are based from overseas, the attacking computer is 
actually in the United States, but it is compromised. It is a 
bot. So, from that standpoint, it could come from anywhere.
    Again, in terms of motivations, we have seen the Lazarus 
Group over the past couple years focus on financial gain. That 
temporally has coincided with when the sanctions have gotten 
worse. The ransomware WannaCry, there was some speculation as 
to whether they were really trying to get money out of 
WannaCry. There has been a fairly robust debate in the media 
circles that I spend my days in. But what we saw in WannaCry, 
it was originally miscoded to collect ransom. Within I believe 
it was 13 hours, they released a new version when they realized 
they weren't collecting ransom. So that suggests to me that 
that actually was an effort to get money. Again, that coincides 
with the increased new sanctions. The same thing with the 
attacks on the Bangladesh banks, the Polish bank heists. There 
has been an uptick in the effort to get money. But, at the same 
time, that was soon after the Sony attack.
    So I guess what I am saying, perhaps unartfully, is that 
this group works on multiple different attacks, multiple 
different goals.
    Mr. Correa. Let me flip around the question and ask you: 
You have seen those coordinated attacks coming. Has our 
response world-wide been a coordinated defense just like it was 
when we got the ransomware just recently where most of the 
world kind-of reacted very quickly? Do we have that kind of a 
coordinated response to North Korea? Are they part of that, you 
know, folks that we are looking at to make sure they don't 
surprise us with these kinds of attacks?
    Mr. Greene. So, with respect to their main actor, the 
Lazarus Group, yeah, there is pretty good coordination, public-
private partnership. The WannaCry response was probably the 
best public-private partnership I have ever seen. We were on 
the phone with DHS and the White House Friday night, throughout 
the weekend, connecting up our experts. They were sending us 
indicators of compromise for analysis. We were sending them 
back. So there is a growing ability to coordinate in cyber 
response. It is kind-of like the snowball going down the hill. 
Over the past 3 to----
    Mr. Correa. I would imagine the key to the coordinated 
cyber response is time. You have to do it almost instantly, 
within split seconds.
    Mr. Greene. Yeah. So, when I first heard reports of 
WannaCry, I confirmed with our experts that this was real. I 
shot out a couple emails to the White House, to DHS, and I got 
almost immediate responses. We had experts talking and 
exchanging in a matter of minutes. That was very strong.
    The concern I would have is that still is somewhat 
relationship-based. We need to have that happening not because 
these are folks that I know or they know me; there has to be 
something more structured in place.
    Mr. Correa. Thank you, Mr. Chair.
    Mr. Perry. The Chair thanks the gentleman.
    I am going to start the second round, which looks like it 
is going to be me. Are you leaving? You gotta go?
    Mr. Correa. No comment.
    Mr. Perry. Okay. All right. So it will just be us. We will 
have a good time together.
    Let me just start with Mr. Cilluffo and kind-of finish 
where we were headed there. The targeting of the United States 
energy companies and indicators, do you know whether we are--
we, the Federal Government, Homeland Security, and related 
agencies--are aware of the indicators and are monitoring the 
indicators developing that intelligence, so to speak?
    Mr. Cilluffo. You know, in general terms, Mr. Chairman, 
they are. We recently--the Federal Government recently stood up 
CTIIC, the Cyber Threat Integration and Intelligence Center, 
underneath the Office of the Director of National Intelligence, 
which is meant to provide the situational awareness of all the 
overseas intelligence we may have and kludging that and 
combining that with what we may have domestically.
    Mr. Perry. Who is collecting domestically?
    Mr. Cilluffo. So FBI would have different indicators, but 
the private sector, they are the owners and operators. They are 
the ones who have got better insights into their own critical 
infrastructures, into their data, and into particular breaches. 
So it really is--we talk public-private partnerships. I have 
been a little critical, saying ``long on nouns, short on 
verbs.'' We have been talking about it forever, admiring the 
problem. But we are starting to see some genuine solution sets 
there. I think this gets to the bigger set of questions. I 
mean, at the end of the day, the private sector is on the front 
lines of this battle. Very few companies went into business 
thinking they have to defend themselves against foreign 
militaries or foreign intelligence services. It is an unlevel 
playing field. So how can the Federal Government provide 
information, but at the flip side, the private sector provides 
some of those solution sets too. So it is in where the two come 
together that the magic is.
    Mr. Perry. Do you have recommendations in that regard 
regarding a governmental--for the homeland, in particular, 
understanding that the intelligence services, and maybe DOD is 
handling foreign threats. But for threats in the homeland, I am 
a little uncomfortable, quite honestly, feel like we are laid a 
little bare there just counting on the private sector, which, 
with all due respect, they are focused on their business and 
trying to make a living, right?
    Mr. Cilluffo. Absolutely.
    Mr. Perry. So this isn't supposed to be their primary 
focus, but it seems like it should be one of ours.
    Mr. Cilluffo. You know, and I think you should have a 
specific tiger team set up to deal with the North Korean threat 
in particular, because we talk about cyber and cyber 
deterrence--you don't deter cyber. You deter actors from 
engaging in certain activity, whether nuclear, cyber, or 
otherwise. So I do think there is an opportunity to build a 
team here specifically.
    Mr. Perry. There is nothing currently that you know of?
    Mr. Cilluffo. I may be unaware. Hopefully, there is some 
activity inside the Federal Government. But is it as whole and 
wholesome as it needs to be? Probably not.
    Mr. Perry. Okay. Fair enough.
    All right. Mr.--am I saying--is part of your name--I 
noticed Mr. Correa kind of kept some of it silent. Please tell 
me how you pronounce your name. I want to get it right.
    Mr. Ruggiero. Sure. Ruggiero.
    Mr. Perry. Ruggiero. Okay. Thank you.
    All right. So you talked about the Department must be 
publishing a vessel list regarding North Korea--saying we think 
they have 40, but you are saying it is up to 140. It seems to 
me a bit odd. So it might be out of place. You can walk me 
through it. Is this the Department of Homeland's 
responsibility? Should it be their responsibility? Under what 
kind of authority, I guess?
    Then I want to talk to you about this 180-day grace period 
regarding sanctions to get the list. So I am not sure I 
understand that fully. So if you can elaborate us on those two 
things.
    Mr. Ruggiero. Sure. In the sanctions law that was signed by 
the President, I believe in August, there are some authorities 
for the Department of Homeland Security probably would have to 
work with the Treasury Department in terms of vessel lists. The 
issue with North Korea now is it is easy to identify vessels 
that have the North Korea flag or the ones that visit North 
Korea. But they are very good at deceptive practices in the 
commercial and financial sphere where they use Chinese and Hong 
Kong and other front companies. We believe that that is some of 
what they are doing in the shipping sector, which makes it 
harder.
    Mr. Perry. Okay.
    Mr. Ruggiero. So that is where that delta comes from. That 
is why we use the phrase ``at least.'' There are other lists 
that are much higher than that. So, I think, you know, this is 
an area--my experience comes also on the Iran side, where we 
targeted Iran's shipping sector, and it was very successful. 
That is an area now that we are not doing enough on North 
Korea, and I think Homeland Security could help with that. They 
have some authorities that could be used.
    I think Treasury Department, State Department--and the 
point on the tiger team, we don't see that and the U.S. 
Government sort-of going at sanctions in this way. So I think 
there is some focus on it, but we need to have more.
    Mr. Perry. Okay. The 180 days, there is a prohibition or 
restriction regarding the sanctions regime?
    Mr. Ruggiero. That is the requirement when the Department 
of Homeland Security has to make some of these judgments in the 
law. So the point I was making is you can do it earlier than 
180 days.
    Mr. Perry. Okay. Do we know--and keeping with you, sir, you 
mentioned in your testimony the sale of nuclear materials. I 
don't know if we are talking about equipment, et cetera, and 
also chemical. Do you have any examples of those that we need 
to be aware of that we are maybe not aware of at least on the 
committee?
    Mr. Ruggiero. Well, in terms of nuclear, the biggest case 
was in 2007 when Israel destroyed a nuclear reactor in Syria. 
There has been, you know, rumors that North Korea exchanged 
nuclear material with Libya in that same time frame.
    On the chemical weapons side, I detail briefly in my 
testimony about the Syria connections, which are not linked to 
the more recent ones. But, you know, talking about chemical 
weapons, suits, and other items. I mean, these are 
relationships that are very strong between Syria and North 
Korea.
    Mr. Perry. So, at least there is a documented history, 
maybe it is not updated or maybe it is not current from a known 
fact standpoint, but that might just be because we don't know 
yet, we haven't found out?
    Mr. Ruggiero. My experience is, you know, as I said, North 
Korea will sell anything to anyone who is willing to pay.
    Mr. Perry. Sure.
    Mr. Ruggiero. You know, there was a time where we thought 
that nuclear was a line they were not willing to cross, and 
they proved that they are willing to do that.
    Mr. Perry. Okay. Excuse me just for one moment.
    Mr. Terrell, I know you have been--you are almost exhausted 
with your participation here. Blister and nerve agents, and I 
think the world--at least I do--fundamentally believes that VX 
was used on Kim Jong-un's half-brother in Malaysia. You know, I 
have got a little bit of military experience as well. My chief 
of staff is a chemical officer. With that, those eventualities 
were very concerning to anybody that has any idea what they are 
seeing there.
    Maybe the nerve--first, let me ask you this. I don't know 
what your background is. But I want to just get for the record, 
and I'd like to hear from you folks. Conventional artillery--
conventional--so I think we have assessed that the North 
Koreans have as many as 10,000 conventional tubes pointed at 
the 25 million people living in Seoul, 60-plus or -minus miles 
away, right? Nerve and blister agents or chemical agents are 
deliverable by conventional artillery, are they not?
    Mr. Terrell. Yes, sir. They are deliverable by conventional 
artillery, rockets, and short-range ballistic missiles.
    Mr. Perry. Sure. Do you know and can you comment on whether 
conventional artillery, rockets, missiles, et cetera, all 
require electronics or electricity to operate?
    Mr. Terrell. Not all of their tube artillery would.
    Mr. Perry. Right. So that is just pulling the lanyard, 
right----
    Mr. Terrell. Pulling the lanyard.
    Mr. Perry [continuing]. Downrange. Right. So that is a 
concern there.
    They have sufficient stockpiles, according to your 
testimony, or at least what I read. You didn't dispute.
    Mr. Terrell. South Korean ROK Minister of National Defense 
estimates between 2,500 and 5,000 metric tons.
    Mr. Perry. Right. Right. So that is certainly enough for a 
first round exchange, right?
    Mr. Terrell. Right.
    Mr. Perry. What about deliverable for a long distance? You 
have mentioned rocket or ballistic missiles. So this is 
literally something--let's just take VX. Deliverable by a 
ballistic missile over a large population or a large area?
    Mr. Terrell. So they could deliver VX or mustard blister 
agent by scuds. You know, most likely targets for those would 
be places like Busan----
    Mr. Perry. Right.
    Mr. Terrell [continuing]. Looking at stopping force flow 
into the theater.
    Mr. Perry. But we are not talking about--so, in your 
opinion, we are not talking about those being used against----
    Mr. Terrell [continuing]. By ICBM, no.
    Mr. Perry. Yeah. Not United States or United States 
territories, at least from that delivery system, right? If they 
chose to package that up, put it on a ship, put it on a plane, 
somehow deliver it to the West, and use some other 
methodology--as you know, VX is incredibly pervasive; it only 
takes a little bit to go a long way--they could use that if 
they so desired in some kind of attack----
    Mr. Terrell. Yes.
    Mr. Perry [continuing]. In the homeland or somewhere, one 
of our territories or one of our significant allies, right?
    Mr. Terrell. Correct. Yes.
    Mr. Perry. Okay. Mr. Greene, back to this Lazarus Group. Do 
you know how they were identified? Do we track them? How do we 
know--do they identify themselves? Do they claim responsibility 
for certain things? What is the story on these folks?
    Mr. Greene. So they don't claim responsibility. What we do 
is we see hundreds of attacks, thousands of attacks every day, 
and we classify them. We analyze them and are able to compare 
snippets of code, the techniques, code obfuscation, IP 
addresses, different techniques. We are able to group certain 
attacks. So, based on that, the first grouping that I am aware 
of is 2009; they were reported as being behind some denial-of-
service attacks.
    So, moving forward from that, what we see is code reuse or 
other techniques and other tools that are reused that are----
    Mr. Perry. That is how you identify them----
    Mr. Greene. Correct. Yeah.
    Mr. Perry. Do they call themselves the Lazarus Group, or is 
that our common terminology to describe----
    Mr. Greene. That is our name. There are other names for the 
same group. But, for us, it is a large group that encompasses 
virtually all of the activity that has been attributed to North 
Korea.
    Mr. Perry. Okay. Because you are attributing those actions 
to different techniques and the markers that you have already 
discussed, we don't know them by name, individual persons, or 
locations, or can we glean that at some point from the work 
that they are doing?
    Mr. Greene. It is getting harder. Oftentimes, you can 
determine back to a location. We can often find with some high 
level of confidence a city or even a time zone where something 
is coming from. But that is through a variety of means. 
Sometimes we can tell--you know, they leave timestamps when 
they compile a code. They work 9 to 5. A certain time zone, 
they take certain holidays off. They have gotten better at 
hiding that.
    What we as a technology company have a hard time doing is 
saying, who is sitting behind that computer? We may know that 
they are in a particular, you know, Eastern European country, 
but what you see is an overlap between sometimes you will have 
criminals working; sometimes criminals will work for the 
government; sometimes government workers will moonlight as 
criminals at night; sometimes you will have these so-called 
hacktivist groups that will work for the government or be duped 
into doing it. So we leave that to the intelligence community, 
that last mile, so to speak, of attribution of the intent. From 
a technical standpoint, not something we can peer into.
    Mr. Perry. Are these countries typically--these are 
probably countries--I don't know. Are they typically countries 
that are not necessarily openly hostile to the United States 
but not necessarily welcoming as allies in the fight against 
terrorism or otherwise? Can you characterize that either way?
    Mr. Greene. With the Lazarus Group, I would have to go 
back. I can get back to you. I am not sure how well we have 
defined the actual origination point of the attacks or the 
code. We are grouping them--we are relying, as I said, on the 
U.S. Government to tell us that this is a North Korean actor. 
What we can tell with a high level of certainty is that a 
certain set of attacks are the same. So, for instance, when 
WannaCry came out, we knew that it was--relatively quickly, had 
a high level of confidence that this was Lazarus. We didn't 
know through telemetry that it necessarily came from North 
Korea. But we knew that this was the same actors for a bunch of 
different reasons. That became more certain over time. So I 
don't know--and I could get back to you--that we can tell you 
specifically--actually, I am quite confident Lazarus--no one 
really knows who patient one was with the bad outbreak of 
Lazarus. That hadn't been resolved yet or even what the initial 
entry point was. But that is one that, as I said, spread 
autonomously on its own once it got launched.
    Mr. Perry. You are a private entity, and you report your 
findings and, I imagine, work with the Federal Government and 
various agencies, whether it is intelligence agencies or 
otherwise, regarding your findings, but you don't really know 
whether they go the last mile or not, or do they ever report 
that to you? Do you ever get any feedback regarding your inputs 
to know that they were ever resolved? Or how does that work?
    Mr. Greene. Split that in two. With respect to attribution 
to a nation-state, very rarely I can even think of where we 
didn't find out by picking up the paper--archaic--looking on-
line and seeing that the Government has now attributed X to Y 
country.
    We do get feedback on the quality of the work we do and the 
assistance we have provided. Again, going back to WannaCry, 
because it is fresh in my mind, we got a lot of quick feedback 
from the Government saying, okay, this was helpful, what do you 
think about that. That was United Kingdom also. We work with 
other countries as well. So we have a give-and-take on a 
technical level. But when it comes to--and we were sharing our 
thoughts on where we thought this was coming from in terms of a 
connection to Lazarus. But we didn't get a, ``You are right; we 
agree with you on that.'' We just pass that part along.
    Mr. Perry. You don't know whether Treasury or any other 
Federal Government agency has pursued these individuals for 
prosecution or the host countries for notification/apprehension 
or investigate--you don't know any of that, do you?
    Mr. Greene. Not with Lazarus. I know in other groups they 
have indicted Chinese hackers, Iranian hackers, extradited some 
from--I believe Ukraine, maybe Bulgaria. We know of some 
actions, and we assist in some law enforcement actions. But 
with respect to Lazarus, don't know of anything.
    Mr. Perry. Okay. We might ask you to comment further off 
the record in an effort to determine what can be done from your 
viewpoint. It is one thing to identify them. Right? But there 
is--in my mind, there is really--I mean, obviously there is a 
reason to identify them. But if you skip the next series of 
steps where you go get them or deter them through the host 
country that may even not--they might be victims, as well, 
right? But if we know and we don't take the next steps, I mean, 
that is pretty foolhardy. We have spent the energy, and the 
time, and the money, and then we are moving on to the next 
threat, right, which is coming momentarily.
    Mr. Greene. From our perspective as a company, looking to 
protect ourselves, our customers, we are more focused on the 
how than the who. The who sometimes informs defense.
    There is one thing that you might find interesting: There 
was a group of security companies that got together a couple 
years ago for something we called Operation Blockbuster, which 
was a joint effort to go after Lazarus, to try to degrade their 
efforts, sharing a lot of telemetry across different companies. 
So that is the kind of thing going to what Mr. Cilluffo was 
talking about. You see a lot of security companies. We are 
competitors, but we also are all working towards the same end. 
That was, to some degree, a success. It is the proverbial 
marathon, not the sprint, though.
    Mr. Perry. Sure. While you might be looking more at 
methodology than the--the what as opposed to the who--I think 
the Federal Government has to be looking at both.
    Mr. Greene. Sure.
    Mr. Perry [continuing]. We are glad that you are looking at 
the--and your expertise might be in the what. But we have to, I 
think, be interested in the who. You can't be, right? You are 
not a law enforcement agency----
    Mr. Greene. Right.
    Mr. Perry [continuing]. But the Federal Government is.
    Okay. Thank you.
    Dr. Pry, why did I write ``Louisiana projects'' on my 
notepad?
    Mr. Pry. Oh, probably because that is a project that the 
EMP Commission launched in cooperation with the Department of 
Homeland Security to develop a plan to protect the Louisiana 
electric grid. We don't know if it is going to survive the 
death of the EMP Commission. But, you know, our argument has 
been that we don't have to keep studying the problem for years 
and years, that we know how to protect the grid now. We can do 
it now. We can do it in a cost-effective way.
    The people of Louisiana, actually, they are the ones that 
took the initiative through their Louisiana Public Service 
Commission to ask Secretary Kelly, who was then the Secretary 
of Homeland Security, under SEPA, to help them come up with a 
plan to protect the Louisiana electric grid. DHS is currently 
doing that. It has already done some good work. But what we 
want to end up with is a detailed blueprint that they could 
actually implement, in a cost-effective way, that will to prove 
to those who disagree with the EMP Commission that we can do 
the job now, we can do it with the current technology, and it 
can be done cost-effectively.
    Mr. Perry. We don't have the detailed blueprint at this 
time?
    Mr. Pry. No, not yet. It is just the----
    Mr. Perry. What is it going to take to complete it?
    Mr. Pry. It is going to take some time, for one thing. 
Right now, the people who would normally be working on the plan 
are helping out in Puerto Rico right now. So that delayed it. 
Okay? But it will take--once they are over that and they can 
focus on this plan, it will take 3 to 4 months. They are 
willing--DHS has been putting $300k into it. It would have been 
good to have another $170,000. The EMP Commission was going to 
kick that in, but now we are out of business. So we weren't 
able to do that. But so for less than--it can probably be done 
for the $300k.
    Mr. Perry. So you said it is a matter of months, 
understanding and agreeing that we get past the situation, the 
disaster, in Puerto Rico, and getting those folks back in 
power, et cetera. So it is a matter of months there, and less 
than $200,000 or something like that. Why is the EMP Commission 
out of business?
    Mr. Pry. Well, we were scheduled legislatively--that is a 
good question and a complicated one. But under our charter--
commissions typically last about 18 months. All right? So we 
reached the end of our life, and nobody asked the Commission to 
be extended. The Department of Defense didn't. The Department 
of Homeland Security didn't. You know?
    Mr. Perry. Does that take legislative action, sir, as far 
as you know? Or is that something that can be done from a 
regulatory side?
    Mr. Pry. It would take legislative action to continue the 
EMP Commission, or it could be done by a Chairman of a 
committee. For example, Chairman Johnson, you know, has got the 
power, as the Chairman of the committee, to basically continue 
or establish a commission. Now, he wouldn't be able to pay for 
it on his own. He would have to have the cooperation of the 
Chairman of the Senate Appropriations Committee if it was to be 
funded. However, I can tell you the EMP Commissioners have been 
working for 17 years pro bono. Commissioners do not get paid. I 
haven't been mostly paid. So we are used to working for 
nothing.
    Mr. Perry. Okay.
    I, like Mr. Higgins, am concerned--I didn't realize Ms. 
Jackson Lee is here. So I am going to suspend my questions. But 
I am going to come back to you, Dr. Pry. But I am going to 
recognize Ms. Jackson Lee for her questions.
    Ms. Jackson Lee. Mr. Chairman, thank you very much. To the 
witnesses, thank you for yielding to me.
    This is a very important discussion. I wish I could spend 
the time that the Chairman has now spent. But I know that we 
will have a very extensive record. I appreciate you for that.
    Let me just go directly to Mr. Greene and pursue recent 
reports about North Korea's capacity for attacking the grid. We 
understand, those of us who have been on this committee--I have 
chaired the Transportation and Infrastructure Committee. I am 
on Cybersecurity. So I have seen all of the nuances of homeland 
security and National security, and we now have a new hurdle. I 
think one of the most difficult and challenging parts of the 
hurdle is that 85 percent-plus of our critical infrastructure 
is in the hands of the private sector. So what capacity does 
North Korea have in the attack on the critical infrastructure? 
What would be their inclination? I would suspect that they 
would say, ``Let me drop my other options, and this looks like 
this is either more fun or more devastating or far-reaching 
impact,'' or ``I can readily see how the impact is.'' What is 
your assessment on that? What is your assessment on our 
protection against it? What is your assessment on our steps to 
address something like that?
    Mr. Greene. So I would say the reports that came out in the 
past week have been about really the first steps of an 
operation to implicate the grid. The reports that I saw were by 
the group that we call Lazarus, spear-phishing emails, attempts 
to get a bridgehead on control systems--I am sorry, just any 
systems at these energy facilities. Most of the reports have 
said they have been unsuccessful. But, you know, cyber can be 
like seeing one bug in your house. Where there is one, there is 
usually a lot that you can't see. So that suggests to me that 
there is a lot of other activity going on.
    Cyber is one of those things where you really are subject 
to the weakest-link theory. Eventually, they are going to find 
a way onto some system. That goes, also, to your question about 
the preparation of the grid generally. There are a lot of 
companies that have taken significant steps in recent years. 
NERC did take a very long time to get some regulations out, but 
they are being followed. But the problem is you do have the 
over 3,000 different utilities that Dr. Pry mentioned, and you 
don't need to compromise the biggest to have some kind of 
impact.
    In terms of whether they are there yet, I haven't seen any 
evidence to suggest that they have actually gotten onto the 
control systems. We have seen that with other different actors 
but not yet with Lazarus. Doesn't mean they are not trying. 
Now, one thing that may be in our favor is 6,000 sounds like a 
big number of cyber warriors, so to speak, but it is not as big 
as some other countries. Control system knowledge, the ability 
to compromise control systems is fairly specialized. I don't 
know yea or nay whether they have that, very well could be 
trying to develop that. But there are a lot of hurdles they 
have to go through. But, as with the progress we have seen with 
nuclear and elsewhere, it is not going to stop them from 
trying. So I hope I answered the breadth of your questions.
    Ms. Jackson Lee. Do you think we are a year away, months 
away, years away, in terms of their capacity to hack a very, 
very vital network here in the United States? We are 
sophisticated. We are dependent on technology. Our power grid 
is in varying states of repair or disrepair, and our technology 
is questionable in light of the private-sector ownership as to 
whether the sufficient firewalls are there. You mentioned the 
concept of breaching someone's--I call the technological wall 
and that there is that kind of activity going on.
    So where do we need to be in terms of the government? I 
believe we should not be in a voluntary mode of getting the 
private sector to be required to document that their systems 
are secure. We don't have a requirement of secure 
documentation. To take down our grid is weaponry. So how far 
away are they from that?
    Mr. Greene. So I don't know the specifics of their 
capabilities, but I can draw an analogy to this group, 
Dragonfly Group, extremely sophisticated. We saw them take 
about 2 years to go from management systems, back-end systems, 
to control systems. We detected them on those systems earlier 
this year. So, depending upon their level of expertise, it 
could take them--it also depends upon, to some degree, on luck, 
if they find the right vulnerable system and the right human 
frailty, they could get on sooner. There is a level of 
understanding that it would take. Just being on the system 
wouldn't be enough. You have to have a certain level of 
knowledge of the energy grid generally.
    But one thing that we have seen Lazarus to be quite good at 
is that the reconnaissance element of the operation. So I 
suspect what we saw reported earlier this week is the 
proverbial tip of the iceberg of the efforts that have been 
going on.
    Ms. Jackson Lee. So you believe there is a will and they 
are making a way, meaning that they would be interested in 
doing this, this would be one of the elements that they would 
find attractive in terms of attack on the United States or any 
other country that they are at odds with?
    Mr. Greene. I think they are not alone in that. There are 
other major--likely nation-state actors looking to get on the--
a beachhead onto the systems. The question becomes, at that 
point--we talked about it--would be intent and the 
understanding of the implications of doing it.
    With respect to Dragonfly, we have reported that there are 
no technical limitations left for them to be able to cause 
impact, significant impact, to energy operators. The bridge 
they would have to cross is a willingness to do it, 
understanding the implications to themselves and their own 
economies and potential retaliation
    Ms. Jackson Lee. Do you think Russia would have any 
collaboration on this since they were engaged in power attacks 
in Ukraine?
    Mr. Greene. I just don't have any knowledge on that. I am 
sorry.
    Mr. Chairman, would you yield me a few more minutes? I 
appreciate it.
    Mr. Perry. Madam.
    Ms. Jackson Lee. Thank you.
    I see a head going on Dr. Cilluffo. Do I have it almost 
right?
    Mr. Cilluffo. Close enough. I have been called much worse.
    Ms. Jackson Lee. It is hard to read it from this distance.
    But this is something that I think I am beginning to 
believe that there are some elements of business choices and 
the respect we have for the capitalistic system that requires 
our very keen study. One of them is the infrastructure of cyber 
that is in the private sector and what firewalls that have an 
overwhelming impact. So I yield to you, and I want to go to Mr. 
Terrell. So I don't want to lose my--on another matter, Mr. 
Terrell.
    Yes.
    Mr. Cilluffo. Ms. Jackson Lee, I mean, thank you for the 
question. I think you raise an important point here. First, not 
all critical infrastructure is equally critical. When you get 
to the most critical, those that affect our so-called lifeline 
sectors, that affect public safety, National security, and 
economic security, the grid is at the top of the list. I don't 
care how robust everything else is, if you don't have power, it 
is kind of futile.
    Ms. Jackson Lee. There you are.
    Mr. Cilluffo. So, yes, they are a unique set of entities.
    On the Russia side, what they demonstrated both in 2015 and 
2016, a Rubicon was crossed in that case. So we all thought, 
coulda, shoulda, woulda, that these were potential threats. But 
in this case, they actually intended to signal a capability. 
Because they followed up the disruptive attacks with a digital 
telephony denial-of-service attack, basically an in-your-face 
``ha ha, we got ya'' response to the first attack.
    The reason I jumped into this fray was because, obviously, 
North Korea is dependent upon China for much of its support and 
the like. But you are slowly starting to see Russia fill that 
breach. In fact, it was a Russian company that just moved in to 
provide internet access service to North Korea--since the 
Chinese capabilities have been minimized--to have back-end 
capability. So I do think you have got a bigger set of issues 
here. There is quite a bit of chatter that Russia has been 
supporting and working--whether the State, or whether through 
its proxies, organized crime, hard to discern who is behind 
that clickety-clack of the keyboard. But there is a lot of 
interest there.
    This comes to a point, Mr. Chairman, you brought up 
earlier. One of the most vexing challenges is that you are--
there are digital safe havens. A vast majority of these bad 
actors are playing in China and Russia. We lack extradition 
treaties with both of those countries. The reality is, is we 
have to get more and more creative to be able to extradite them 
when they go to countries that the United States does have a 
cooperative relationship.
    So this issue, as complex it is vis-a-vis North Korea, the 
cyber issue also has to be seen--it can't be seen in isolation 
of all of these other matters, because it really is about the 
safe havens. Russia and China are there, and I think Russia is 
filling the breach that China has been abrogating in North 
Korea.
    Ms. Jackson Lee. He is giving me--I am not going to look in 
his direction because his gavel might be moving. So I am going 
to take his kindness. I am very glad he had this hearing.
    I think you should give us, maybe in writing, our marching 
orders. Don't think that I am asking you to be presumptuous. So 
you said safe havens. I would like to get maybe five points for 
the record. If you have five points that you can say quickly 
without explanation, the safe havens. You know, I am concerned 
about the vastness of the private sector in these critical 
areas that you have talked about. The firewall that we have, 
you know, it is in the private sector. We have voluntary--and 
if you call us, we can come. What more can we do that 
strengthens their protection, if, in fact, their own internal 
systems are not where they need to be? Because this is National 
security issues when another country hacks XYZ Corporation that 
is dealing with the power grid or dealing with the hospitals or 
dealing with research. It is very important.
    Mr. Cilluffo. Is that a QFR? Is that question for me to 
follow up on? Or are you looking for?
    Ms. Jackson Lee. Well, give me one because I am going to go 
to Professor----
    Mr. Cilluffo. Well, I--so this is not to the punt the 
issue----
    Ms. Jackson Lee. Give me----
    Mr. Cilluffo [continuing]. But, quite honestly, I don't 
think we are ever going to firewall our way out of this 
problem. By that I mean the initiative remains with the 
attacker. So, if you think of it in the traditional red-blue 
military kind of environment, we have to shape the environment 
so it is in our best interest to--so that is not to abrogate 
all the cybersecurity responsibilities, but the initiative will 
always be with the attacker. The attack surface is growing 
exponentially. Every day, the attack surface grows, and 
security still tends to be an afterthought. When we start 
thinking of the internet of things and the network devices that 
are coming on board, we are never going to simply be able to 
firewall our way out of this problem.
    I actually feel the private sector has been given an 
unfair--they are defending against nation-states. So we have to 
level that playing field. Without going into a totally 
different direction, I think we need to be a little more 
proactive in shaping the environment so it is in our best 
interests.
    Ms. Jackson Lee. Thank you. This needs to be pursued along 
other lines. I have probably a different view. But let me 
just--but I thank you for that view. The safe havens is 
something that we need to ascertain.
    Mr. Terrell, I want to get to the question of North Korea's 
danger to the homeland. Maybe get you to--first of all, let me 
say that I am a proponent of the non-nuclear agreement with 
Iran. You might offer to comment on the idea of--first of all, 
that doesn't mean that you do not look at the compliance and 
other elements that may need to be of concern. That is not a 
blanket. That is a vigilant on the other elements of Iran's 
terrorism, propping up Assad, and other things. But when you 
look to the agreement, you have to look to the four corners of 
it, whether or not there is compliance, whether there is 
access. All of those, at this point, have not been negated.
    But I think the point that I want to raise is, if you can 
ascertain--if you said it, please forgive me, but I would like 
to hear it--where North Korea is right now in their capacity. I 
don't want the news articles, they can get to Alaska, they can 
get here, wherever their head of government chooses to say on 
any given day. But your ascertaining his--where he is, where 
the country is, and the likelihood of his efforts, if you will, 
that would be helpful.
    Mr. Terrell. Yes, ma'am. You know, with respect to the 
difference between Iran and North Korea, just very quickly, we 
have to deal with every country and every threat in the unique 
situation that that threat exists in. So, you know, Iran 
doesn't match perfectly to North Korea. North Korea doesn't 
match perfectly to Russia. So, you know, approaching each one 
tailored to that threat is important.
    So where North Korea sits with their willingness and 
ability to attack the homeland today using nuclear or chemical 
weapons, you know, the nuclear program, he has an ability to 
employ nuclear weapons today. It is a matter of where can he 
employ them and when and why would he employ them. So, in 
understanding North Korean rationale, they are an extremely 
rational actor from their perspective. They do things that are 
in their national interests, in solidifying his security as the 
head of state, in solidifying his security within the region.
    This is--he has a population surrounding him that almost 
nobody remembers a time when the Kim family was not in charge. 
For 67 years, they have all been told everything that is wrong 
in North Korea is the Americans' fault.
    Ms. Jackson Lee. Uh-huh.
    Mr. Terrell. So, when pushed into a corner, he will have 
reason, from his perspective, he can create a rationality to 
attack, if he feels he needs to. He is going to try to deter us 
because he still has two operational regional objectives to try 
to accomplish. The family has always said unification of the 
Korean Peninsula is important. So can he do that in such a way 
where he can keep the United States from not supporting the 
Republic of Korea and not supporting Japan and keep Japan out 
of a war? Can he do this either--or, if he can't reunify 
initially, can he reach an actual peace treaty on the peninsula 
that solidifies his position? Because in solidifying his 
position with just a peace treaty, he can say, ``I have 
finished what my grandfather started,'' and he sets himself up 
for long-term control in North Korea, which is why the--a 
global campaign pressure or pressure campaign that cuts off 
funding from the outside, cuts out support, weakens that 
position.
    So the challenge becomes, you know, can he attack us? Yes. 
Can he attack us effectively yet? He is almost there.
    The North Koreans have also demonstrated they are not 
nearly as interested in the actual precision that we may be 
interested in. If he can attack Seattle, does he care if he can 
attack directly at and hit directly on top of the Space Needle? 
No. But if he can hit Seattle, he can hit Seattle. If he can 
hit the United States, he can hit the United States. So his 
threshold of use may be lower than ours. His threshold of 
accuracy will be lower than ours.
    So, you know, we may not be there tonight. We may be there 
next week, or we may be there next month. But we are at the 
point where he is going to have the ability to attack the 
United States and with an intent of killing Americans. You 
know, just hurting us a little bit isn't as important to him as 
it is killing us. In North Korea, they remember the U.S. 
bombing campaign during the Korean war was, if there is two 
bricks stacked on top of each other, the United States is going 
to destroy those two bricks. They are going to want to inflict 
as much damage as they possibly can if they attack.
    Mr. Perry. Will the gentlelady yield? I have got a hard 
stop.
    Ms. Jackson Lee. I would be happy to yield. Mr. Chairman, 
is he allowed to say his one action to stop that? I will be 
happy to yield back, Mr. Chairman.
    What is our action? What is our action? I believe if he 
sees other agreements being abandoned, we certainly don't have 
an opportunity of diplomacy. But go right ahead.
    Mr. Terrell. The overall means of dealing with North Korea 
today, we are at this point where we have to continue the 
campaign pressure or the pressure campaign. We have to 
demonstrate our resolve. We have to be able to talk to them.
    It may not actually end up being a negotiated solution. But 
over, you know, the entire course of the Cold War, in 
deterrence with Russia, we talked to the Russians. We talked to 
the Soviets. They understood our message. We understood their 
message.
    We have to have those means of being able to talk to the 
North Koreans so we can have an effective deterrent while we 
get to a solution that hopefully does not include going to war.
    Mr. Perry. The Chair thanks the gentleman.
    The Chair thanks the gentlelady.
    Ms. Jackson Lee. Mr. Chairman, you have been generous with 
your time. Thank you.
    Mr. Perry. Dr. Pry, I just want to finish up here with you, 
if I could. I, too, like Mr. Higgins, am concerned and 
interested in the satellite array and the capabilities 
therewith that North Korea has. Can they potentially launch on 
EMP device from one of those satellites? Is it something that 
is launched from the satellite? Does the satellite come out of 
orbit? Does the satellite deploy something? How does that work?
    Mr. Pry. We are concerned because the satellites, the 
orbit, the trajectory, the purpose of this, resembles this 
secret weapon the Soviets came up with during the Cold War 
called the Fractional Orbital Bombardment System. Basically, 
the satellite has a nuclear weapon inside of it. You orbit the 
satellite so it is at the optimum altitude already for putting 
an EMP field----
    Mr. Perry. You are saying it is currently there right now?
    Mr. Pry. Yeah, it is. It passes over us several times a day 
at that place. All you have to do is detonate it when it 
arrives. Because we don't have ballistic missile early warning 
radars facing south, we don't have interceptors facing south, 
we are blind, defenseless from that direction, which is why it 
is on a south polar orbit.
    Now they have got two of them there. I find it--we might 
have actually seen a dry run of a North Korean total 
information warfare operation back during the 2013 nuclear 
crisis we had with North Korea after their third nuclear test. 
That was on April 16, 2013. You know, it coincided with lots of 
cyber activity attacks from North Korea. But that was the day 
of the Metcalf transformer shooting. Okay? We don't know who 
did that. But when the people that train the U.S. Navy SEALs 
went in there, they said they thought this was a nation-state 
operation. This was done the way the SEALs would have done it 
in terms of all their techniques. On that very day is the day 
the KMS-2 passed over Washington, DC, and New York City. So you 
had events that threatened the western grid and the eastern 
grid simultaneously on that day. We don't know if it was North 
Korea that did Metcalf. But for sure that was their satellite 
passing over Washington, DC, and the New York City corridor.
    Mr. Perry. So the two satellites they have right now, 
they--apparently, one at least passes over New York City--the 
East Coast, New York City, Washington, DC, and the other one?
    Mr. Pry. Well, they actually--every time they do an orbit, 
they pass other another 90 miles to the east. So there are 
times----
    Mr. Perry. I see.
    Mr. Pry [continuing]. When it is right over the center of 
the United States and then passes over the eastern----
    Mr. Perry. And there are times, apparently, that there are 
none or potentially none----
    Mr. Pry. Yes. That is----
    Mr. Perry [continuing]. Over the United States? But your 
testimony indicates that they would like to fill the array so 
that there is ever one present?
    Mr. Pry. Right. I mean, it used to be that, basically, you 
would have to wait 90 minutes. All right? Now, it is 45 
minutes.
    Mr. Perry. We don't know what is in the satellite?
    Mr. Pry. No, we don't. According to the North Koreans' 
official position, it is an Earth observation satellite for 
peaceful purposes. But then Kim Jong-un and North Korean press 
have actually included it in their descriptions as part of 
their nuclear deterrent. There are quotations from them to that 
effect in the----
    Mr. Perry. When you say a deterrent, they might say: Well, 
look, we are just photographing sites where nuclear armaments 
in the United States might be launched from to see if there is 
any activity, and, thus, it is a deterrent.
    I mean, right? They could say that.
    Mr. Pry. Of course, they could say that. They have also 
described it as a peaceful, you know, satellite. But why they 
would be interested in, I mean, the health of the forests in 
North America is, you know, open to question.
    Mr. Perry. Right. I suspect they would consider disruption, 
removal, whatever you want to call it, of that satellite or any 
of those satellites as an act of aggression and war.
    Mr. Pry. Sure. But the satellites are illegal in the first 
place. They were not supposed to have been launching 
satellites, which is part--and not on that trajectory.
    Mr. Perry. So what is the recourse for nation-states or 
nations that launch satellites in violation of whatever 
sanction or whatever U.N. requirements, whatever requirements 
are that make them illegal? What is the remedy?
    Mr. Pry. I think the only remedy for that is going to be to 
shoot those satellites down.
    Mr. Perry. Why hasn't that been done already?
    Mr. Pry. I don't know. I don't know why it hasn't been 
done.
    Mr. Perry. Gentlemen, you have been very gracious with your 
time. We appreciate your testimony more than you can imagine. 
We appreciate your diligence in being here and waiting the 
extra time for the vote and then staying after. We probably 
will have some due-outs for at least some of you, I know I 
will, and maybe we will see you again. We hope we have better 
news or at least improved news the next time we get together.
    At this time, the Chair thanks the witnesses for their 
valuable testimony and the Members for their questions. Members 
may have some additional questions for the witnesses, and we 
will ask you to respond to these in writing.
    Pursuant to committee rule VII(D), the hearing record will 
remain open for 10 days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 4:48 p.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

       Questions From Chairman Scott Perry for Frank J. Cilluffo
    Question 1a. As the owners and operators of critical 
infrastructure, the private sector is placed in a unique position to 
maintain and operate their business while at the same time trying to 
defend themselves against potential, unwanted attacks from foreign 
militaries or foreign intelligence services.
    What type of public-private partnerships can be put in place to 
assist private industry, who you labeled as ``on the front lines of 
this battle,'' in thwarting attacks?
    Answer. Response was not received at the time of publication.
    Question 1b. Additionally, during the hearing, you mentioned 
setting up a ``tiger team'' to specifically deal with the North Korean 
threat. Can you elaborate on this point? Who would comprise this team 
and what agency would lead this effort?
    Answer. Response was not received at the time of publication.
     Questions From Honorable John Ratcliffe for Frank J. Cilluffo
    Question 1. Some nations outsource their malicious cyber work. They 
hire hackers using covert means or otherwise distance themselves from 
the actual hack. These ``hackers-for-hire'' make attributing attacks to 
particular nations difficult. Do the North Korean's use similar tactics 
when conducting their cyber campaigns or are they more overt in their 
tactics?
    Answer. Response was not received at the time of publication.
    Question 2. What are the kinds of things experts look for when 
attributing particular cyber attacks to North Korea? Does their cyber 
activity have unique characteristics--technical or otherwise?
    Answer. Response was not received at the time of publication.
    Question 3. What can we do to deter North Korean cyber actors?
    Answer. Response was not received at the time of publication.
          Questions From Chairman Scott Perry for Jeff Greene
    Question 1a. During the hearing, you discussed the coordinated 
response to the Wannacry ransomware attack which occurred in May 2017. 
You stated: ``The Wannacry response was probably the best public-
private partnership I have ever seen.'' However, you also stated that 
you remain concerned that a response of that type was somewhat 
relationship-based and needs to be more structured.
    What type of formalized process of information sharing between 
government and industry to you suggest?
    Answer. Response was not received at the time of publication.
    Question 1b. Which Government agency should lead this effort?
    Answer. Response was not received at the time of publication.
        Questions From Honorable John Ratcliffe for Jeff Greene
    Question 1. Some nations outsource their malicious cyber work. They 
hire hackers using covert means or otherwise distance themselves from 
the actual hack. These ``hackers-for-hire'' make attributing attacks to 
particular nations difficult. Do the North Koreans use similar tactics 
when conducting their cyber campaigns or are they more overt in their 
tactics?
    Answer. Response was not received at the time of publication.
    Question 2. What are the kinds of things experts look for when 
attributing particular cyber attacks to North Korea? Does their cyber 
activity have unique characteristics--technical or otherwise?
    Answer. Response was not received at the time of publication.
    Question 3. What can we do to deter North Korean cyber actors?
    Answer. Response was not received at the time of publication.
       Questions From Honorable Jeff Duncan for Peter Vincent Pry
    Question 1. If an EMP attack were to occur, what electronic 
components or systems would sustain the most damage? Do you know if any 
attempt has been made to protect these systems?
    Answer. All electronic components and systems would be at risk in 
an EMP attack. Long-line and large systems and their electronic 
components--for example, the 99 operating U.S. nuclear power reactors 
and their on-site stored spent fuel cooling systems, power grids, 
telecommunications, pipelines (gas, oil, chemical, water etc.)--would 
be most at risk because they would collect and could be damaged by both 
high-frequency (E1) and low-frequency (E3) EMP. Supervisory Control And 
Data Acquisition Systems (SCADAS) are among the most vulnerable and 
most important electronic systems. SCADAS numbering in the millions 
make possible our modern electronic society, running everything from 
electric grids to traffic lights. While there are some cases where 
utilities and industry have voluntarily protected some of their SCADAS 
and other critical electronics from EMP, on the whole the critical 
National infrastructures are unprotected.
    Question 2. The Congressional EMP Commission recently terminated. 
How do you think this will impact the Department of Homeland Security 
as they move forward in EMP preparedness, especially in light of North 
Korea?
    Answer. Termination of the EMP Commission will halt and reverse 
progress being made toward National EMP preparedness, despite the clear 
and present danger of an EMP attack from North Korea. For example, the 
Louisiana Project, started and supported by the EMP Commission, is 
likely to be killed by DHS, now that the EMP Commission is terminated. 
In this project DHS is working with the Louisiana Public Service 
Commission to develop a plan to protect the Louisiana electric grid--to 
prove that cost-effective EMP protection can be accomplished now, 
pioneering a pathway toward EMP preparedness for all the States. The 
Louisiana Project is justified by and is an example of implementation 
of the Critical Infrastructure Protection Act (CIPA). Yet the recently 
established DHS EMP Task Force, that owes a report to Congress in 
December on CIPA implementation, was not even aware of the Louisiana 
Project, and showed no interest in the Louisiana Project. Obama-
holdovers and bureaucrats at DHS who have most obstructed progress 
toward National EMP preparedness have been promoted by the current 
administration, while those most committed to EMP preparedness are an 
endangered species. DHS and DOE are still following the Obama 
administration's policy on EMP--let the North American Electric 
Reliability Corporation (NERC) and the electric power industry drive 
the bus. Let the National labs takeover the EMP problem to be used as a 
cash cow to milk for millions of dollars in unnecessary and erroneous 
studies, that will justify NERC inaction on EMP.
    Question 3. Why would North Korea strike the United States with an 
EMP attack instead of a more traditional bomb, if they have the 
capabilities for both?
    Answer. A traditional bomb can be used to make an EMP attack or 
blast a city, and North Korea might well do both. Indeed, in order to 
blast U.S. cities, North Korea would have to penetrate U.S. National 
Missile Defenses, which could be facilitated by a precursor nuclear EMP 
attack. North Korea might also salvage-fuse warheads aimed at U.S. 
cities so that, if they are intercepted, they detonate for EMP attack. 
Compared to traditional use of a nuclear weapon for blasting a city, 
nuclear EMP attack is easier to execute and would be more effective at 
damaging the Nation's life-sustaining critical infrastructures and 
capabilities Nation-wide that are essential for military power 
projection. Unlike blasting a city, EMP attack does not require a 
reentry vehicle to penetrate the atmosphere or an accurate guidance 
system. Unlike blasting a city, a single nuclear weapon used for EMP 
can attack the whole Nation.

                                 [all]