[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]


                DOE MODERNIZATION: THE OFFICE OF CYBER-
           SECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE

=======================================================================

                                HEARING

                               BEFORE THE

                         SUBCOMMITTEE ON ENERGY

                                 OF THE

                    COMMITTEE ON ENERGY AND COMMERCE
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           SEPTEMBER 27, 2018

                               __________

                           Serial No. 115-170

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


      Printed for the use of the Committee on Energy and Commerce

                        energycommerce.house.gov
                        
                               __________
                               

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
36-776 PDF                  WASHINGTON : 2019                     
          
--------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, [email protected].                                
                        


                    COMMITTEE ON ENERGY AND COMMERCE

                          GREG WALDEN, Oregon
                                 Chairman

JOE BARTON, Texas                    FRANK PALLONE, Jr., New Jersey
  Vice Chairman                        Ranking Member
FRED UPTON, Michigan                 BOBBY L. RUSH, Illinois
JOHN SHIMKUS, Illinois               ANNA G. ESHOO, California
MICHAEL C. BURGESS, Texas            ELIOT L. ENGEL, New York
MARSHA BLACKBURN, Tennessee          GENE GREEN, Texas
STEVE SCALISE, Louisiana             DIANA DeGETTE, Colorado
ROBERT E. LATTA, Ohio                MICHAEL F. DOYLE, Pennsylvania
CATHY McMORRIS RODGERS, Washington   JANICE D. SCHAKOWSKY, Illinois
GREGG HARPER, Mississippi            G.K. BUTTERFIELD, North Carolina
LEONARD LANCE, New Jersey            DORIS O. MATSUI, California
BRETT GUTHRIE, Kentucky              KATHY CASTOR, Florida
PETE OLSON, Texas                    JOHN P. SARBANES, Maryland
DAVID B. McKINLEY, West Virginia     JERRY McNERNEY, California
ADAM KINZINGER, Illinois             PETER WELCH, Vermont
H. MORGAN GRIFFITH, Virginia         BEN RAY LUJAN, New Mexico
GUS M. BILIRAKIS, Florida            PAUL TONKO, New York
BILL JOHNSON, Ohio                   YVETTE D. CLARKE, New York
BILLY LONG, Missouri                 DAVID LOEBSACK, Iowa
LARRY BUCSHON, Indiana               KURT SCHRADER, Oregon
BILL FLORES, Texas                   JOSEPH P. KENNEDY, III, 
SUSAN W. BROOKS, Indiana             Massachusetts
MARKWAYNE MULLIN, Oklahoma           TONY CARDENAS, California
RICHARD HUDSON, North Carolina       RAUL RUIZ, California
KEVIN CRAMER, North Dakota           SCOTT H. PETERS, California
TIM WALBERG, Michigan                DEBBIE DINGELL, Michigan
MIMI WALTERS, California
RYAN A. COSTELLO, Pennsylvania
EARL L. ``BUDDY'' CARTER, Georgia
JEFF DUNCAN, South Carolina

                                  (ii)
                         Subcommittee on Energy

                          FRED UPTON, Michigan
                                 Chairman
PETE OLSON, Texas                    BOBBY L. RUSH, Illinois
  Vice Chairman                        Ranking Member
JOE BARTON, Texas                    JERRY McNERNEY, California
JOHN SHIMKUS, Illinois               SCOTT H. PETERS, California
ROBERT E. LATTA, Ohio                GENE GREEN, Texas
GREGG HARPER, Mississippi            MICHAEL F. DOYLE, Pennsylvania
DAVID B. McKINLEY, West Virginia     KATHY CASTOR, Florida
ADAM KINZINGER, Illinois             JOHN P. SARBANES, Maryland
H. MORGAN GRIFFITH, Virginia         PETER WELCH, Vermont
BILL JOHNSON, Ohio                   PAUL TONKO, New York
BILLY LONG, Missouri                 DAVID LOEBSACK, Iowa
LARRY BUCSHON, Indiana               KURT SCHRADER, Oregon
BILL FLORES, Texas                   JOSEPH P. KENNEDY, III, 
MARKWAYNE MULLIN, Oklahoma               Massachusetts
RICHARD HUDSON, North Carolina       G.K. BUTTERFIELD, North Carolina
KEVIN CRAMER, North Dakota           FRANK PALLONE, Jr., New Jersey (ex 
TIM WALBERG, Michigan                    officio)
JEFF DUNCAN, South Carolina
GREG WALDEN, Oregon (ex officio)
                             
                             
                             C O N T E N T S

                              ----------                              
                                                                   Page
Hon. Fred Upton, a Representative in Congress from the State of 
  Michigan, opening statement....................................     1
    Prepared statement...........................................     3
Hon. Bobby L. Rush, a Representative in Congress from the State 
  of Illinois, opening statement.................................     4
    Prepared statement...........................................     5
Hon. Greg Walden, a Representative in Congress from the State of 
  Oregon, opening statement......................................     6
    Prepared statement...........................................     8
Hon. Frank Pallone, Jr., a Representative in Congress from the 
  State of New Jersey, opening statement.........................     9
    Prepared statement...........................................    10

                                Witness

Karen Evans, Assistant Secretary, Office of Cybersecurity, Energy 
  Security, and Emergency Response, Department of Energy.........    11
    Prepared statement...........................................    14
    Answers to submitted questions \1\...........................    58

                           Submitted Material

Report of the Office of Electricity Delivery and Energy 
  Reliability, Department of Energy, ``Multiyear Plan for Energy 
  Sector Cybersecurity,'' March 2018, submitted by Mr. Upton \2\
Letter of January 24, 2018, from Mr. Walden, et al., to Rick 
  Perry, Secretary, Department of Energy, submitted by Mr. Upton.    46
Letter of March 13, 2018, from Rick Perry, Secretary, Department 
  of Energy, to Mr. Walden, submitted by Mr. Upton...............    49
Letter of September 26, 2018, from American Public Power 
  Association, et al., to Hon. Paul D. Ryan, Speaker of the House 
  of Representatives, submitted by Mr. Upton.....................    56

----------
\1\ Ms. Evans did not answer submitted questions by the closing 
  of the record.
\2\ The information has been retained in committee files and also 
  is available at  https://docs.house.gov/Committee/Calendar/
  ByEvent.aspx?EventID
  =108725.

 
 DOE MODERNIZATION: THE OFFICE OF CYBERSECURITY, ENERGY SECURITY, AND 
                           EMERGENCY RESPONSE

                              ----------                              


                      THURSDAY, SEPTEMBER 27, 2018

                  House of Representatives,
                            Subcommittee on Energy,
                          Committee on Energy and Commerce,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:16 a.m., in 
room 2322, Rayburn House Office Building, Hon. Fred Upton 
(chairman of the subcommittee) presiding.
    Member present: Representatives Upton, Olson, Barton, 
Shimkus, Latta, McKinley, Griffith, Johnson, Long, Flores, 
Mullin, Hudson, Walberg, Duncan, Walden (ex officio), Rush, 
McNerney, Welch, Tonko, Schrader, Kennedy, and Pallone (ex 
officio).
    Staff present: Samantha Bopp, Staff Assistant; Kelly 
Collins, Legislative Clerk, Energy and Environment; Margaret 
Tucker Fogarty, Staff Assistant; Jordan Haverly, Policy 
Coordinator, Environment; Ryan Long, Deputy Staff Director; 
Mary Martin, Chief Counsel, Energy and Environment; Sarah 
Matthews, Press Secretary, Energy and Environment; Drew 
McDowell, Executive Assistant; Brandon Mooney, Deputy Chief 
Counsel, Energy; Brannon Rains, Staff Assistant; Mark Ratner, 
Policy Coordinator; Annelise Rickert, Counsel, Energy; Peter 
Spencer, Senior Professional Staff Member, Energy; Austin 
Stonebraker, Press Assistant; Madeline Vey, Policy Coordinator, 
Digital Commerce and Consumer Protection; Hamlin Wade, Special 
Advisor for External Affairs; Rick Kessler, Minority Senior 
Advisor and Staff Director, Energy and Environment; John 
Marshall, Minority Policy Coordinator; Alexander Ratner, 
Minority Policy Analyst; and Tuley Wright, Minority Policy 
Advisor, Energy and Environment.

   OPENING STATEMENT OF HON. FRED UPTON, A REPRESENTATIVE IN 
              CONGRESS FROM THE STATE OF MICHIGAN

    Mr. Upton. Good morning, everybody.
    Today's hearing will enable the subcommittee to consider 
the current setup and plans for the Department of Energy's new 
Office of Cybersecurity, Energy Security, and Emergency 
Response. So the CESER office, as we fondly call it, represents 
an important new element of the Department with a mission to 
carry out DOE's energy security and energy emergency functions 
more effectively.
    Throughout this Congress, we have identified key features 
of departmental modernization. These include the need for 
sufficient leadership and coordinated attention across the 
agency's many programs and operations to get ahead of the risks 
to our modern energy systems.
    To underscore this, we move through committee H.R. 5174, 
the Energy Emergency Leadership Act, which would establish 
permanent Assistant Secretary-level leadership over emergency 
response and cybersecurity functions. While enacting this into 
law takes time, I commend the Secretary of Energy for assigning 
this level of leadership under his authority and for creating 
the CESER office earlier this year.
    And we are reminded weekly of the urgency for getting this 
leadership structure up and running smoothly. The risks are 
varied and complex. We have devastating weather events and 
other natural hazards that can deprive communities of energy 
supplies. We are seeing increasing risk to our energy delivery 
systems by nation states intent on using cyber controls and 
vulnerabilities to threaten to leave regions of the Nation 
without power for perhaps weeks at a time. And the work to be 
better prepared for these risks and to be responsive when 
incidents occur is as urgent as ever.
    There are critical gaps. And we have learned over the past 
year that energy supplies through pipeline systems to power our 
bulk electric system may not fully be coordinated within the 
electric sector to prepare for or respond to cyber or other 
risks. So I cosponsored H.R. 5175 to help increase DOE's 
coordination with other agencies and stakeholders on this 
front.
    The pieces are, in fact, coming together for DOE to 
confront these risks, and we now have a Senate-confirmed head 
of the CESER office.
    And I am pleased to welcome you this morning.
    Assistant Secretary Karen Evans was sworn in about a month 
ago, but her background in government suggests that she brings 
some necessary skills to improve coordination across the agency 
and across the Federal Government.
    Prior to her recent work leading the U.S. Cyber Challenge, 
a private-public partnership to reduce the skills gap in 
cybersecurity, Ms. Evans served as the top information 
technology official at OMB during the Bush administration, 
effectively the Federal Government's chief information officer.
    Prior to that, she was the Chief Information Officer at 
DOE, so she knows the Department pretty well. And I would like 
to learn today what other pieces are necessary to ensure that 
the new office can fully carry out DOE's responsibilities.
    One important area concerns the Department's role as the 
specific agency for energy-related emergencies, including 
cybersecurity threats to our energy systems. It would be 
helpful to understand CESER's role in carrying out this 
responsibility and how the Assistant Secretary plans to work 
with other agencies, especially the Department of Homeland 
Security. What does DOE bring to the table to enhance the 
overall Federal effort to guard our energy systems against 
cyber attacks and provide the resources if those attacks are 
successful?
    In addition, what DOE is learning from recent natural 
disasters, and what additional steps it plans to take to more 
effectively respond to energy supply disruptions. We heard in 
an earlier hearing with the Under Secretary of Energy that the 
expectations for what DOE can do in emergency exceeds its 
authorities. Let's discuss what more DOE can do and work to see 
if we can address the authorities.
    Without question, DOE serves on the front lines in the 
Federal effort to assure critical energy infrastructure 
protection from all hazards. It provides the technological, 
operational, and informational expertise to assist stakeholders 
and other agencies. I want this hearing to help clarify just 
what DOE is doing to ensure that we can meet the critical 
mission.
    And with that, I yield to the ranking member of the 
subcommittee and my friend, Mr. Rush.
    [The prepared statement of Mr. Upton follows:]

                 Prepared statement of Hon. Fred Upton

    Today's hearing will enable the subcommittee to consider 
the current setup and plans for the Department of Energy's new 
Office of Cybersecurity, Energy Security, and Emergency 
Response.
    The CESER office, as we have come to call it, represents an 
important new element of the Department, with a mission to 
carry out DOE's energy security and energy emergency functions 
more effectively.
    Throughout this Congress, we have identified key features 
of Departmental modernization. These include the need for 
sufficient leadership and coordinated attention across the 
agency's many programs and operations to get ahead of the risks 
to our modern energy systems. To underscore this, we moved 
through committee H.R. 5174, The Energy Emergency Leadership 
Act, which would establish permanent assistant-secretary-level 
leadership over emergency response and cybersecurity functions.
    While enacting this into law takes time, I commend the 
Secretary of Energy for assigning this level of leadership, 
under his authority, and for creating the CESER office this 
year.
    We are reminded weekly of the urgency for getting this 
leadership structure up and running smoothly. The risks are 
varied and complex.
    We have devasting weather events and other natural hazards 
that can deprive communities of energy supplies. We are seeing 
increasing risks to our energy delivery systems by nation 
states, intent on using cyber controls and vulnerabilities to 
threaten to leave regions of the Nation without power.
    The work to be better prepared for these risks, and to be 
responsive when incidents occur is as urgent as ever. There are 
critical gaps. We have learned over the past year that energy 
supplies through pipeline systems to power our bulk electric 
system may not be fully coordinated within the electric sector 
to prepare for or respond to cyber or other risks. I sponsored 
H.R. 5175, to help increase DOE's coordination with other 
agencies and stakeholders on this front.
    The pieces are coming together for the Department to help 
DOE confront these risks. We now have a Senate confirmed head 
of the CESER office. And I'm pleased to welcome her this 
morning.
    Assistant Secretary Karen Evans was sworn in just 1 month 
ago, but her background in government suggests she brings some 
necessary skills to improve coordination across the agency, and 
across the Federal Government.
    Prior to her recent work leading the U.S. Cyber Challenge, 
a public private partnership to reduce the skills gap in 
cybersecurity, Ms. Evans served as the top information 
technology official at OMB during the Bush administration--
effectively the Federal Government's Chief Information Officer. 
Prior to that she was Chief Information Officer at DOE, so she 
knows the department.
    I'd like to learn today what other pieces are necessary to 
ensure the new Office can fully carry out DOE's 
responsibilities. One important area concerns the Department's 
role as a sector specific agency for energy-related 
emergencies, including cybersecurity threats to our energy 
systems.
    It would be helpful to understand CESER's role in carrying 
out this responsibility, and how the Assistant Secretary plans 
to work with other agencies, especially the Department of 
Homeland Security. What does DOE bring to the table to enhance 
the overall Federal effort to guard our energy systems against 
cyber attacks and provide the resources if those attacks are 
successful?
    In addition, what DOE is learning from recent natural 
disasters and what additional steps it plans to take to more 
effectively respond to energy supply disruptions? We heard in 
an earlier hearing with the Under Secretary of Energy that the 
expectations for what DOE can do in an emergency exceed its 
authorities. Let's discuss what more DOE can do, and work to 
see if we can address its authorities.
    Without question, DOE serves on the front lines in the 
Federal efforts to assure critical energy infrastructure 
protection, from all hazards. It provides the technological, 
operational, and informational expertise to assist stakeholders 
and other agencies. I'd like this hearing to help clarify just 
what DOE is doing to ensure it meets this critical mission.

 OPENING STATEMENT OF HON. BOBBY L. RUSH, A REPRESENTATIVE IN 
              CONGRESS FROM THE STATE OF ILLINOIS

    Mr. Rush. Well, thank you, Mr. Chairman. And I want to 
thank you for holding this important and timely hearing. And I 
want to join with you to welcome Assistant Secretary Evans to 
the Energy Subcommittee for the very first time.
    Mr. Chairman, the issue of cybersecurity is always a 
permanent component of our mindset among members of this 
subcommittee, as well as the mindset of the American public, as 
we have heard of many instances of cyber attacks and cyber 
probes both domestically and abroad over the past few years.
    As recently as April, we heard from the FERC Commissioners 
that our energy grid is constantly being attacked, almost 
daily, by state actors as well as by other entities who would 
try to do us harm.
    While we have not yet seen widespread outages due to cyber 
attacks on our electric grid, it is imperative that we take 
proactive steps to mitigate the risk of these attacks to the 
maximum extent possible.
    It is my hope, Mr. Chairman, and my expectation that 
installing Assistant Secretary Evans into her new role as head 
of the Office of Cybersecurity, Energy Security, and Emergency 
Response, or CESER, will go a long way in achieving that 
objective.
    As you know, Mr. Chairman, I have worked with my colleague 
Mr. Walberg of Michigan on a bill that codifies the work that 
DOE has already been conducting when we introduced H.R. 5174, 
the Energy Emergency Leadership Act, back in March. I want to 
acknowledge my friend Mr. Walberg for his leadership on this 
issue and convey my appreciation to all of my colleagues on 
both sides of the aisle for their support of the legislation 
that has passed through both the subcommittee and the full 
committee earlier this spring.
    As you know, Mr. Chairman, H.R. 5174 would basically codify 
this new position by amending Section 203(a) of the Department 
of Energy Organization Act and establishing the Assistant 
Secretary position responsible for cybersecurity and emergency 
response issues.
    The newly created Assistant Secretary will have 
jurisdiction over all energy emergency and security functions 
related to energy supply, infrastructure, and cybersecurity. 
This bill will also authorize the new Assistant Secretary to 
provide DOE technical assistance as well as support and 
response capabilities with respect to energy security risks to 
State, local, or Tribal governments upon request.
    Mr. Chairman, this legislation, along with the work that 
DOE is already doing, will go a long way in helping to protect 
the Nation's electric infrastructure from hackers who would 
attempt to disrupt our energy grid and cause untold harm to our 
economy, our daily lives, and to our overall national security.
    However, as a letter my office received yesterday, Mr. 
Chairman, from the American Public Power Association, the 
Edison Electric Institute, and the National Rural Electric 
Cooperative Association urges, we must act in a bipartisan way 
to get this bill and other legislation addressing cybersecurity 
concerns out of committee and onto the House floor in a timely 
manner.
    As policymakers, we all want to ensure that we are 
providing DOE and each of the agencies all of the authorities 
and resources that they need to comprehensively address the 
cyber threats that our Nation faces.
    So, Mr. Chairman, I look forward to this hearing. I look 
forward to Assistant Secretary Evans' feedback on this bill as 
well as some of her top priorities in her new position.
    With that, Mr. Chairman, I yield back the balance of my 
time.
    [The prepared statement of Mr. Rush follows:]

                Prepared statement of Hon. Bobby L. Rush

    Mr. Chairman, I want to thank you for holding this 
important and timely hearing, and I want to welcome Assistant 
Secretary Evans to the Energy Subcommittee for the first time.
    Mr. Chairman, the issue of cybersecurity is always 
prevalent in the minds of members of this subcommittee, as well 
as in the minds of the American public, as we have heard of 
many instances of cyber attacks and cyber probes, both 
domestically and abroad, over the past few years.
    Mr. Chairman, as recently as April we heard from the FERC 
Commissioners that our energy grid is constantly being 
attacked, almost daily, by state actors, as well as by other 
entities who would try to do us harm.
    While we have not yet seen widespread outages due to cyber 
attacks on our electric grid, it is imperative that we take 
proactive steps to mitigate the risk of these types of attacks, 
to the maximum extent possible.
    It is my hope and expectation that installing Assistant 
Secretary Evans into her new role as head of the Office of 
Cybersecurity, Energy Security, and Emergency Response, or 
CESER, will go a long way in achieving that objective.
    Mr. Chairman, as you know, I have worked with my colleague, 
Mr. Walberg of Michigan, on a bill to codify some of the work 
that DOE has already been conducting when we introduced H.R. 
5174, the Energy Emergency Leadership Act, back in March.
    I want to acknowledge Mr. Walberg for his leadership on 
this issue and convey my appreciation to all of my colleagues 
from both sides of the aisle for their support of the 
legislation as it passed through the both subcommittee and full 
committee earlier this spring.
    As you know, Mr. Chairman, H.R. 5174 would basically codify 
this new position by amending Section 203(a) of the Department 
of Energy Organization Act and establishing the Assistant 
Secretary position responsible for cybersecurity and emergency 
response issues.
    The newly created Assistant Secretary would have 
jurisdiction over all energy emergency and security functions 
related to energy supply, infrastructure, and cybersecurity.
    Mr. Chairman, this bill would also authorize the new 
Assistant Secretary to provide DOE technical assistance as well 
as support and response capabilities with respect to energy 
security risks to State, local, or Tribal governments upon 
request.
    Mr. Chairman, this legislation, along with the work that 
DOE is already doing, will go a long way in helping to protect 
the Nation's electric infrastructure from hackers who would 
attempt to disrupt our energy grid and cause untold harm to our 
economy, our daily lives, and to our overall national security.
    However, as the letter my office received yesterday from 
the American Public Power Association, the Edison Electric 
Institute, and the National Rural Electric Cooperative 
Association urges, we must act in a bipartisan way to get this 
bill and other legislation addressing cybersecurity concerns 
out of committee and onto the House floor in a timely manner.
    As policymakers, we all want to ensure that we are 
providing DOE and each of the agencies all of the authorities 
and resources that they need to comprehensively address the 
cyber threats that our Nation faces.
    So, I look forward to hearing from Assistant Secretary 
Evans on her feedback on this bill, as well as some of her top 
priorities in this new position.
    And with that, I yield back the balance of my time.

    Mr. Upton. Thank you.
    The gentleman's time has expired.
    The Chair would recognize the chair of the full committee, 
the gentleman from Oregon, Mr. Walden, for 5 minutes for an 
opening statement.

  OPENING STATEMENT OF HON. GREG WALDEN, A REPRESENTATIVE IN 
               CONGRESS FROM THE STATE OF OREGON

    Mr. Walden. Thank you very much, Mr. Chairman.
    Today's hearing is an important and timely opportunity to 
learn about Department of Energy's efforts to protect our 
Nation's energy infrastructure against cyber threats and 
physical threats.
    Whether it is the constant cybersecurity attacks on our 
Nation's grid or the physical threats of emergencies such as 
hurricanes, it is DOE's job to ensure our critical energy 
infrastructure is secure from all hazards and that energy is 
delivered to consumers throughout all situations.
    Now, Secretary Perry has promised to strengthen the 
Department's cyber and energy security capabilities. And he 
followed through with the establishment of a new Office of 
Cybersecurity, Energy Security, and Emergency Response, known 
as CESER.
    I want to welcome our witness today: Assistant Secretary 
Karen Evans.
    Good to have you here.
    She was recently confirmed as head of the CESER office. I 
had the pleasure of speaking with the Secretary last week, when 
the administration released its National Cybersecurity 
Strategy.
    So it is good to have you here before the committee.
    Protecting our Nation's energy infrastructure is critical 
to maintaining so much of the American way of life. The 
reliable supply and delivery of energy is vital to our Nation's 
economy, our national security, and the public health and 
welfare of our citizens.
    With energy systems now massively digitized and 
interconnected, we know about the new threats and 
vulnerabilities that have emerged. So it is a whole-of-
government effort. But DOE, in particular, must be vigilant and 
prepared when it comes to ensuring energy access and delivery 
through cyber threats, physical threats, and emergencies.
    DOE has authority and responsibilities for the physical and 
cybersecurity of energy delivery systems based upon laws that 
Congress has passed and that the President has passed and 
Presidential directives. Congress provided DOE with a wide 
range of emergency response and cybersecurity authorities, 
beginning with Department of Energy Organization Act and most 
recently with the Fixing America's Surface Transportation Act.
    As the sector-specific agency for energy, Department of 
Energy has a crucial coordinating role to play in securing our 
energy infrastructure.
    And I know you know that.
    Under Assistant Secretary Evans' leadership, we understand 
that CESER will work to bolster energy-sector cybersecurity 
preparedness, coordinate cyber incident response and recovery, 
and accelerate research, development, and demonstration of more 
resilient energy delivery systems.
    When it comes to energy security and emergency response, 
this new office with analyze infrastructure vulnerabilities, it 
will recommend preventive measures, and help other agencies 
prepare for and respond to energy emergencies. CESER's ultimate 
mission is to mitigate the risk of energy disruptions. So this 
includes DOE conducting emergency energy operations during a 
declared emergency or a situation of national security.
    So, when it comes to research, when it comes to 
development, when it comes to the demonstration of more 
resilient energy delivery systems, Department of Energy's 
National Laboratories have incredible, tremendous capabilities 
that can be brought to bear.
    Earlier this year, I had the opportunity to visit DOE's 
Idaho National Lab, INL, which utilizes cybersecurity 
researchers in collaboration with a broad range of industries 
and vendors to develop mitigation techniques and tools. INL 
also has the unique capability to test cyber and physical 
security applications on a full-scale electric grid.
    And as you know, Madam Secretary, we were able to get some 
of those experts back here to give us on the committee a 
classified briefing about the threat and their ability to cope 
with it.
    Our Nation's energy infrastructure is largely privately 
owned and operated. Because of this, DOE works closely with 
energy-sector owners and operators to better detect risks and 
mitigate against them. Specifically, CESER collaborates with 
government and private-sector partners to develop technologies, 
tools, exercises, and other resources.
    One example of DOE's efforts to strengthen public-private 
partnerships is through its Clear Path IV regional exercise. In 
April of 2016, DOE hosted the Clear Path IV energy-focused 
disaster response exercise in my home State of Oregon. The 
exercise scenario consisted of a magnitude-9.0 earthquake and 
subsequent tsunami occurring along the 700-mile-long Cascadia 
Subduction Zone, which, of course, would cause catastrophic 
damage.
    This 2-day event in Portland and Washington, DC, included 
roughly 200 participants from Federal, State, and local 
governments as well as the electric sector and oil and gas 
industries. This exercise provided valuable insights and 
recommendations for the energy sector on the government and 
industry sides to help improve policies, plans, and procedures 
for energy emergencies.
    So today's hearing is of the utmost importance because the 
reliable and uninterrupted flow of energy impacts every aspect 
of our daily lives. So I look forward to hearing more about 
DOE's new CESER office and its role in overseeing 
cybersecurity, energy security, and emergency response for the 
energy sector.
    And, again, thank you for being here.
    And, as a caveat, we have another hearing going on 
downstairs, so I have to bounce back and forth between the two, 
as other members may have to do.
    And with that, Mr. Chairman, I yield back.
    [The prepared statement of Mr. Walden follows:]

                 Prepared statement of Hon. Greg Walden

    Today's hearing is an important and timely opportunity to 
learn more about the Department of Energy's efforts to protect 
our Nation's energy infrastructure against cyber threat and 
physical threats. Whether it is the constant cybersecurity 
attacks on our Nation's grid or the physical threats of 
emergencies such as hurricanes, it's DOE's job to ensure our 
critical energy infrastructure is secure from all hazards, and 
that energy is delivered to consumers throughout these 
situations.
    Secretary Perry promised to strengthen the Department's 
cyber and energy security capabilities, and he followed through 
with the establishment of a new office of Cybersecurity, Energy 
Security, and Emergency Response, known as CESER. I want to 
welcome our witness today, Assistant Secretary Karen Evans, who 
was recently confirmed as head of the CESER office. I had the 
pleasure of speaking with Assistant Secretary Evans last week 
when the administration released its National Cybersecurity 
Strategy. I look forward to hearing more from her on this new 
strategy and CESER's role in it.
    Protecting our Nation's energy infrastructure is critical 
to maintaining so much of the American way of life. The 
reliable supply and delivery of energy is vital to our Nation's 
economy, national security, and the public health and welfare 
of its citizens. With energy systems now massively digitized 
and interconnected, new threats and vulnerabilities have 
emerged. It's a whole of government effort, but DOE, in 
particular, must be vigilant and prepared when it comes to 
ensuring energy access and delivery through cyber threats, 
physical threats, and emergency situations.
    DOE has authority and responsibilities for the physical and 
cybersecurity of energy delivery systems based upon laws that 
Congress has passed and Presidential directives. Congress 
provided DOE with a wide range of emergency response and 
cybersecurity authorities, beginning with the Department of 
Energy Organization Act, and most recently with the Fixing 
America's Surface Transportation Act (FAST Act).
    As the sector-specific agency for the energy, DOE has a 
crucial coordinating role to play in securing our energy 
infrastructure. Under Assistant Secretary Evans' leadership, we 
understand that CESER will work to bolster energy sector 
cybersecurity preparedness, coordinate cyber incident response 
and recovery, and accelerate research, development, and 
demonstration of more resilient energy delivery systems. When 
it comes to energy security and emergency response, this new 
office will analyze infrastructure vulnerabilities, recommend 
preventative measures, and help other agencies prepare for and 
respond to energy emergencies. CESER's ultimate mission is to 
mitigate the risk of energy disruptions. This includes DOE 
conducting emergency energy operations during a declared 
emergency or situation of national security.
    When it comes to research, development, and demonstration 
of more resilient energy delivery systems, DOE's National 
Laboratories have tremendous capabilities that can be brought 
to bear. Earlier this year, I had the opportunity to visit 
DOE's Idaho National Lab (INL), which utilizes cybersecurity 
researchers in collaboration with a broad range of industries 
and vendors to develop mitigation techniques and tools. INL 
also has a unique capability to test cyber and physical 
security applications on a full-scale electric grid.
    Our Nation's energy infrastructure is largely privately 
owned and operated; because of this, DOE works closely with 
energy sector owners and operators to better detect risks and 
mitigate against them. Specifically, CESER collaborates with 
government and private sector partners to develop technologies, 
tools, exercises, and other resources.
    One example of DOE's efforts to strengthen public-private 
partnerships is through it's Clear Path IV regional exercise. 
In April 2016, DOE hosted the Clear Path IV energy-focused 
disaster response exercise in my home State of Oregon. The 
exercise scenario consisted of a magnitude 9.0 earthquake and 
subsequent tsunami occurring along the 700-mile long Cascadia 
Subduction Zone, causing catastrophic damage. This two-day 
event in Portland and Washington, DC, included roughly 200 
participants from Federal, State, and local governments as well 
as electric sector and oil and gas industries participants. 
This exercise provided valuable insights and recommendations 
for the energy sector--on the government and industry sides--to 
improve policies, plans, and procedures for energy emergencies.
    Today's hearing is of the utmost importance because the 
reliable and uninterrupted flow of energy impacts every aspect 
of our daily lives. I look forward to hearing more about DOE's 
new CESER office and its role in overseeing cybersecurity, 
energy security and emergency response for the energy sector.

    Mr. Upton. Thank you.
    The Chair would recognize the ranking member of the full 
committee, Mr. Pallone, for 5 minutes for an opening statement.

OPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE 
            IN CONGRESS FROM THE STATE OF NEW JERSEY

    Mr. Pallone. Thank you, Chairman Upton.
    I want to welcome Assistant Secretary Evans here today and 
thank the chairman for holding this important hearing. As a 
committee, we need a deeper analysis of cybersecurity issues at 
the Department of Energy so members can truly understand the 
challenges and threats facing our grid and the energy sector as 
a whole.
    I also continue to believe that the committee should hold a 
closed-door hearing to look at the cybersecurity risks to our 
electricity grid. There are classified aspects of this issue 
that can't be discussed at a public hearing like this, and 
members should have the opportunity to be briefed on this high-
level information in order to ensure we are adequately 
protecting the grid from threats.
    To date, the energy sector has done a good job of guarding 
consumers against losses caused by a cyber or physical attack. 
But make no mistake, the threats are out there.
    In December 2015, Russian state hackers successfully 
compromised Ukraine's electrical grid, shutting down multiple 
distribution centers and leaving more than 200,000 residents 
without power for their lights and heaters. It was a 
sophisticated and synchronized attack, and it stands as the 
only recognized cyber attack to successfully take down a power 
grid. And we owe it to the American people to ask whether 
anything about that attack could be replicated here, whether it 
be the electric system, the gas system or dams, or the railways 
that carry coal to power plants.
    Russia hacked the 2016 election, as we know, and it is 
clear that the Trump administration is not doing enough to 
prevent Russia from a repeat performance on election day this 
November.
    So what are we doing to prevent them from attacking our 
energy sector the way they did our electoral process just 2 
years ago? What are we doing to stop Russia from hacking our 
energy systems the way they hacked Ukraine's grid? And how can 
we make our energy sector more secure and utility workers more 
vigilant of cyber and physical security threats? And these are 
important questions that this committee must ask.
    So I am pleased we finally have an Assistant Secretary in 
place at DOE to oversee cyber threats to our electricity grid, 
but I am seriously concerned that the Trump administration does 
not have a senior official in the White House taking the lead 
on our Nation's cyber defense.
    In May, President Trump eliminated the job of National 
Cybersecurity Coordinator, and 4 months later, there is still 
no senior official in the administration coordinating a 
response to the Russian cyber attacks. While DOE's role in 
cybersecurity is clearly important, a national response to 
these coordinated attacks cannot be done agency by agency.
    And the administration must not use cyber threats to our 
Nation's grid as an excuse to abuse emergency authorities in 
the name of justifying subsidies to favored industries or 
companies. Too often, officials in this administration have 
touted the notion that the natural gas system is somehow 
unreliable or not able to fuel electricity production in as 
secure a manner as coal. And all forms of electric generation 
and their fuels are vulnerable to disruption, whether manmade 
or due to extreme whether and other natural events. Coal piles 
freeze, and trains derail. A dam with a line carrying power 
from a nuclear plant can be every bit as vulnerable as a 
natural gas pipeline or a wind turbine. And there are serious 
threats we should be looking to guard against. But we shouldn't 
be questioning the security of the system just to boost plants 
that are not economic in the marketplace.
    In early May, the committee passed four bipartisan bills to 
enhance the Department of Energy's authorities with regard to 
the cybersecurity of our Nation's energy infrastructure. This 
includes H.R. 5174, the Energy Emergency Leadership Act, 
sponsored by Ranking Member Rush and Representative Walberg. 
And this bill would formally authorize a DOE Assistant 
Secretary position with jurisdiction over all energy emergency 
and security functions related to energy supply, 
infrastructure, and cybersecurity.
    Mr. Chairman, I am disappointed that these four bipartisan 
bills have yet to receive consideration before the House, and I 
would like to work with you to pass these proposals before the 
end of the 115th Congress.
    So, again, I look forward to the discussion today, Mr. 
Chairman. I yield back.
    [The prepared statement of Mr. Pallone follows:]

             Prepared statement of Hon. Frank Pallone, Jr.

    I want to welcome Assistant Secretary Evans here today and 
thank the chairman for holding this important hearing.
    As a committee, we need a deeper analysis of cybersecurity 
issues at the Department of Energy so Members can truly 
understand the challenges and threats facing our grid and the 
energy sector as a whole. I also continue to believe that the 
committee should hold a closed-door hearing to look at the 
cybersecurity risks to our electricity grid. There are 
classified aspects of this issue that cannot be discussed in a 
public hearing like this, and Members deserve the opportunity 
to be briefed on this high-level information in order to ensure 
we are adequately protecting the grid from threats.
    To date, the energy sector has done a good job of guarding 
consumers against losses caused by a cyber or physical attack. 
But make no mistake: The threats are out there.
    In December 2015, Russian state hackers successfully 
compromised Ukraine's electric grid, shutting down multiple 
distribution centers and leaving more than 200,000 residents 
without power for their lights and heaters. It was a 
sophisticated and synchronized attack, and it stands as the 
only recognized cyber attack to successfully take down a power 
grid.
    We owe it to the American people to ask whether anything 
about that attack could be replicated here, whether it be the 
electric system, the gas system, on dams, or on the railways 
that carry coal to power plants. Russia hacked the 2016 
election, and it's clear that the Trump administration is not 
doing enough to prevent Russia from a repeat performance on 
election day this November. So, what are we doing to prevent 
them from attacking our energy sector the way they did our 
electoral process 2 years ago? What are we doing today to stop 
Russia from hacking our energy systems the way they hacked 
Ukraine's grid? How can we make our energy sector more secure 
and utility workers more vigilant of cyber and physical 
security threats? These are important questions that this 
committee must ask.
    I'm pleased we finally have an Assistant Secretary in place 
at DOE to oversee cyber threats to our electricity grid. But I 
am seriously concerned that the Trump administration does not 
have a senior official in the White House taking the lead on 
our Nation's cyber defense. In May, President Trump eliminated 
the job of national cybersecurity coordinator. Four months 
later, there is still no senior official in the administration 
coordinating a response to the Russian cyber attacks. While 
DOE's role in cybersecurity is clearly important, a national 
response to these coordinated attacks cannot be done agency by 
agency.
    And the administration must not use cyber threats to our 
Nation's grid as an excuse to abuse emergency authorities in 
the name of justifying subsidies to favored industries or 
companies. Too often, officials in this administration have 
touted the notion that the natural gas system is somehow 
unreliable or not able to fuel electricity production in as 
secure a manner as coal. All forms of electric generation and 
their fuels are vulnerable to disruption, whether manmade or 
due to extreme weather and other natural events. Coal piles 
freeze, trains derail. A dam or the line carrying power from a 
nuclear plant can be every bit as vulnerable as a natural gas 
pipeline or a wind turbine. There are serious threats we should 
be looking to guard against, but we shouldn't be questioning 
the security of the system just to boost plants that are not 
economic in the marketplace.
    In early May, the committee passed four bipartisan bills to 
enhance the Department of Energy's authorities with regard to 
the cybersecurity of our Nation's energy infrastructure. This 
includes H.R. 5174, the Energy Emergency Leadership Act, 
sponsored by Ranking Member Rush and Representative Wahlberg. 
This bill would formally authorize a DOE Assistant Secretary 
position with jurisdiction over all energy emergency and 
security functions related to energy supply, infrastructure, 
and cybersecurity. Mr. Chairman, I am disappointed that these 
four bipartisan bills have yet to receive consideration before 
the House. I would like to work with you to pass these 
proposals before the end of the 115th Congress.
    Again, I look forward to the discussion today and yield 
back.

    Mr. Upton. Thank you.
    The gentleman yields back.
    At this point, we are going to hear from our witness.
    We appreciate you sending your testimony up. It will be 
made part of the record in its entirety. And we will let you 
have 5 minutes to summarize it, at which point we will ask 
questions. Thank you. Thanks for being here this morning.

   STATEMENT OF KAREN EVANS, ASSISTANT SECRETARY, OFFICE OF 
    CYBERSECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE, 
                      DEPARTMENT OF ENERGY

    Ms. Evans. Thank you.
    Chairman Upton, Ranking Member Rush, and members of the 
committee, thank you for the opportunity to discuss the 
continuing threats facing our national energy infrastructure.
    Focusing on cybersecurity, energy security, and resilience 
of the Nation's energy systems is one of the Secretary's top 
priorities. By creating the Office of Cybersecurity, Energy 
Security, and Emergency Response, also known as CESER, the 
Secretary clearly demonstrated his priorities and his 
commitment to achieving the administration's goal of energy 
security and, more broadly, national security.
    Our Nation's energy infrastructure has become a primary 
target for hostile cyber actors, both state-sponsored and 
private groups. The frequency, scale, and sophistication of 
cyber threats have increased, and attacks can be much easier to 
launch. Cyber incidents have the potential to interrupt energy 
services, damage highly specialized equipment, and threaten 
human health and safety.
    The recent release of the President's National Cyber 
Strategy reflects the administration's commitment to protecting 
America from cyber threats. The Department of Energy plays a 
vital role in supporting the security of our Nation's critical 
energy infrastructure. As a result, energy cybersecurity and 
resilience has emerged as one of the Nation's most important 
security challenges, and fostering partnerships with public and 
private stakeholders will be of the utmost importance for me as 
the Assistant Secretary of CESER.
    Recently, CESER demonstrated the emergency response 
function through multiple weather events. The hurricanes 
activated our emergency response plan, while we also addressed 
the overpressurization of a Columbia Gas natural gas pipeline 
with the Oil and Natural Gas Subsector Coordinating Council 
that caused multiple explosions and fires at residential 
locations in Massachusetts.
    However, today, I would like to focus my testimony 
primarily on the cybersecurity function of the office and how 
CESER will meet the priorities of the administration and work 
in conjunction with our Federal agencies, State, local, and 
Tribal governments, our industry partners, and our National 
Laboratories.
    DOE's role in the energy-sector cybersecurity is 
established in statute and executive action. In 2015, Congress 
passed the Fixing America's Surface Transportation Act, 
specifically naming DOE as the sector-specific agency for 
cybersecurity for the energy sector.
    The creation of CESER elevates the Department's focus on 
the energy infrastructure protection and will enable a more 
coordinated preparedness and response to cyber and physical 
threats and natural disasters with the private sector as well 
as Federal, State, and local government partners. This includes 
electricity transmission and delivery, oil and natural gas 
infrastructure, and all forms of generation.
    The Secretary has conveyed that he has no higher priority 
than to support the national security of our Nation's critical 
energy infrastructure. The formation of the CESER office 
enhances the Department's ability to dedicate and focus 
attention on DOE's SSA responsibilities and will provide 
greater visibility, accountability, and flexibility to better 
protect our Nation's energy infrastructure and support asset 
owners, as well as the overall critical infrastructure response 
framework as overseen by the Department of Homeland Security.
    The energy sector, the core of the critical infrastructure 
partners, consists of the Energy Subsector Coordinating 
Council, the Oil and Natural Gas Subsector Coordinating 
Council, and the Energy Government Coordinating Council. The 
ESCC and the ONG SCC represent the interests of their 
respective industries. The EGCC is led by DOE and DHS and is 
where the interagency partners, States, and international 
partners come together to discuss important security and 
resilience issues for the energy sector. This forum ensures 
that we are working together in a whole-of-government response.
    I appreciate the opportunity to appear before this 
committee to discuss cybersecurity in the energy sector, and I 
applaud your leadership. I look forward to working with you and 
your respective staffs to continue to address cyber and 
physical security challenges.
    [The prepared statement of Ms. Evans follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    Mr. Upton. Thank you so much. You are one of the first 
witnesses that we have ever had that has yielded back some of 
her time. So thank you. It is a good week.
    So, as you know, pursuant to authorities that Congress 
provided in the FAST Act back in 2015, DOE is, in fact, the 
sector-specific agency for cyber for the energy sector. And as 
such, you all are responsible for coordinating with multiple 
Federal and State agencies and collaborating with critical 
infrastructure owners and operators on activities associated 
with identifying vulnerabilities and mitigating incidents that 
may impact the energy sector.
    And as I have listened to a number of different energy-
sector firms, they really do believe that there ought to be 
just one lead cop on the beat. So that is one of the things 
that we wanted to do when we, on a bipartisan basis, passed the 
FAST Act.
    Can you tell us some of the greatest challenges--as you all 
are coordinating with other agencies--Homeland Security, 
others--what difficulties have you had? Have you felt that it 
has gone pretty well? Do we need to do more? This is something 
that we want to make sure that you really are the cop on the 
beat.
    Ms. Evans. Thank you for the opportunity to answer that 
question. I would say that, based on my tenure to date, which--
I am going to remind everybody this is, like, my fourth week.
    Mr. Upton. Yes.
    Ms. Evans. So I have had the opportunity to actually 
experience this process firsthand, and I have really embraced 
the priority of the Secretary and all my leadership in the SSA 
role, which is providing that leadership and making sure that 
we are the lead person, as you said, the one focal point where 
the energy sector can come in.
    And so I had the opportunity to do that with the hurricanes 
that came through, and then at the same time we did have that 
natural gas pipe explosion. So I got to see all of it and was 
on the calls. And what has happened is, and the way that that 
works is, we are the lead on those calls when we talk.
    Now, it depends on which one we are talking about. So if we 
are talking about the ones that are being led by the energy 
sector, they lead that. And so the electricity subsector is led 
by industry, and we provide information into that, and we 
actively engage with them on that.
    Our staffs all work together. And every night during that 
hurricane response, we were on with the CEOs of the companies 
and providing them, from the government standpoint--and DHS was 
with us, and we had other partners in there as well, so that if 
questions were asked, we led that response coming from us, and 
DHS then had the opportunity to provide information from cross-
sector so that the energy sector could actually do what it 
needed to do once we moved into a response mode.
    So seeing it firsthand, seeing how it works, seeing that 
they took the lessons learned from last year, and they applied 
it to this year's response. There were specific things that 
happened last year, because of the way that this natural event 
went, the hurricane went, that it was a one-two type of punch--
the event would come and then the flooding--there was specific 
planning that was done with the industry partners that 
reflected those lessons learned. And we had the opportunity, 
because of the way these calls were done, that we could cross-
pollinate across the energy sector.
    So it worked well. Right now, I don't necessarily see any 
gaps, but like I said, I am going to work through this. I am 
excited to embrace this role. And should we see any gaps, I 
know I would work with DHS and the other Federal agencies, and 
we would come forward to our respective committees to ask for 
that assistance.
    Mr. Upton. So I know that, as we look at these disasters--
this committee sent a number of members on both sides of the 
aisle down to look at Puerto Rico and the Virgin Islands last 
year after that. And we had members from--obviously, Mr. 
Kennedy, who was here earlier, and I suspect he will come back, 
with the natural gas incident that they had up in 
Massachusetts. And we have members that, for sure, their 
districts were impacted by Florence in the last 2 weeks. I 
would imagine that Members reached out to you all. Certainly, 
their industry partners did.
    Any shortcomings that you see right away based on--had you 
known something, perhaps would you all have acted any 
differently?
    Ms. Evans. On this go-around, from what has happened?
    Mr. Upton. Yes, so far.
    Ms. Evans. So far, I would say that I have a team that is 
in place, that the Department has a team that is in place, and 
I have the honor to actually manage them, that know what they 
are doing in an emergency response situation. Their 
responsibilities, our responsibilities as ES-12, when we 
activate that response plan, they know exactly what they are 
supposed to do. And when we identify issues that come in 
through the industry--because they come in multiple ways. Just 
like you said, they will come in multiple ways. Our leadership 
would hear something. It comes in. There are multiple meetings 
that happen.
    But the way that the mechanism is set up right now, there 
is the ability to catch it at multiple levels so that it does 
not become an issue or that we at least have the appropriate 
agency working on what those authorities are.
    So, for example, in the recovery, one of the things that 
were being discussed was the ability to use drones. So 
everybody has them, but there are flight plans that have to be 
filed, right? And so there was a working group immediately 
established so our sector knew exactly what was going on in the 
other sector based on the interaction that happens across with 
the Emergency Response and the National Response Framework.
    So there are multiple levels that happen. Do communications 
break down? It probably will. And how we need to respond to 
that and then take that back in to improve it, that is what we 
are looking at.
    And I know that the lessons learned were done from Puerto 
Rico. And I have seen how they have actually applied those 
lessons learned through this response and heard those lessons 
actually being actually implemented by both industry and the 
government as we were going through the response this go-
around.
    Mr. Upton. Thank you.
    I yield to Mr. Rush.
    Mr. Rush. Thank you, Mr. Chairman.
    Assistant Secretary Evans, as I mentioned in my opening 
statement, Mr. Walberg and I introduced H.R. 5174, the Energy 
Emergency Leadership Act, earlier this spring. And our 
objective was to codify most of the work that the agency is 
currently undertaking and make sure that we have consistency 
moving forward regardless of which administration is in office.
    Are you familiar with the bill? And if so, do you have any 
feedback regarding any of its provisions?
    Ms. Evans. Yes, sir, I am familiar with the bill. And I 
think the feedback and my presence and the establishment of my 
office supports the idea of what is envisioned by congressional 
intent. So whatever gets passed by Congress, obviously, I would 
be responsible for implementing it.
    And so, I, again, am supportive of the leadership this 
committee shows and the support that this committee has and the 
trust that you have in Department of Energy and the Secretary 
to accomplish the mission for the energy sector.
    Mr. Rush. I understand, Madam Secretary, that in your 
previous position you worked as the director of the US Cyber 
Challenge, an organization that is dedicated to building up the 
cybersecurity workforce.
    From that experience and that perspective, do you have any 
concerns that you want to share with the committee regarding 
the Nation's workforce preparedness when it comes to 
cybersecurity or the threats to our electricity grid?
    Are we doing all that we can to ensure that we have a 
highly skilled, trained workforce, both presently and in the 
future, to address cybersecurity issues? And if not, what are 
some of the recommendations that you may want to share with us 
to make sure that we have the capability to address these 
important issues related to our Nation's security and that 
centers on the area of workforce development?
    Ms. Evans. I appreciate that question. It is a passion of 
mine, and I appreciate being able to talk more about 
cybersecurity workforce issues.
    So, as the President released the National Strategy for 
Cybersecurity, under pillar 2, it specifically talks about the 
cybersecurity workforce for America as a whole. And as you 
know, especially in DOE and its industry partners and in the--
all of this infrastructure is owned by private industry. So 
when we start looking at the workforce, one of the biggest 
things is making sure that the workforce has the basic skills 
that it needs and then, in this particular sector, the 
specialized skills as it relates to industrial control systems, 
SCADA systems, and understanding those.
    So there are a lot of initiatives that are under way that 
are out in private industry that can be leveraged. There is 
work that specifically DOE was doing, that we were watching 
from the outside and attempting to leverage that in.
    So there is a specific competition. I really believe that 
you can demonstrate this through competitions. And Congress did 
pass a workforce act that dealt with allowing to use 
competitions for people to leverage what they know and to be 
able to demonstrate it quickly. So CyberForce is a competition 
that DOE runs with the National Labs, and it is specifically 
focused on the industrial control systems and the SCADA 
systems.
    So I am really looking forward to really making that more 
robust and being able to expand that out for all of us to do. 
Right now, it is focused specifically on college students, but 
it needs to expand out more than that, because there are a lot 
of people that are in this workspace that need to have those 
skills. They need to be able to demonstrate those, and 
competitions are a way to be able to do that.
    So when you ask me if there are areas where you can 
improve, our education system and the STEM--and I know we are 
investing a lot in that--it does one level of knowledge. And 
what competitions do and what employers need to have and what 
the Federal Government as a whole needs to have is that the 
person, when they start on day one, have the ability to show 
how they would apply that knowledge.
    So if you think of it from a science degree, I go to 
lecture, but then I go to lab. So the competitions allow for 
that applied knowledge, so that if I am hiring somebody, I know 
they have the basic set of skills that I need to have, and now 
what I have to do is train them up for the delta in my industry 
or in my specific company or, in the case of the Federal 
Government or DOE, specifically in what we are doing as it 
relates to cyber emergency response type of capabilities.
    So there is a lot of promise, there is a lot of work that 
is happening in the universities. And I really view my job as 
not to duplicate that but to leverage a lot of the work that is 
happening nationally and be able to bring it into the 
Department of Energy as the sector-specific agency and be able 
to shine a light on that so that the industry as a whole will 
be able to take advantage of it.
    Mr. Rush. Thank you.
    I yield back, Mr. Chairman.
    Mr. Upton. Thank you.
    Mr. Latta?
    Mr. Latta. Well, thank you, Mr. Chairman.
    And, Assistant Secretary, thanks very much for being with 
us today. Appreciate your testimony today.
    You might be aware that I chair the Grid Innovation Caucus 
with my good friend, Mr. McNerney. And we have worked on 
several pieces of legislation together, and I would like to 
highlight one in particular, which is the CyberSense Act. And 
this legislation requires the Department of Energy to establish 
a voluntary CyberSense program to identify and promote 
cybersecure products intended in the bulk-power system. And the 
bulk-power system includes facilities and control systems 
necessary for operating an interconnected electric energy 
transmission network.
    Would you talk about the work you are already doing on this 
front and how voluntary programs like this one can help open 
lines of communications between the private sector and the DOE?
    Ms. Evans. Thank you for the opportunity to talk about our 
program, called CyTRICS. It is the Cyber Testing for Resilience 
and Industrial Control Systems. And it is a pilot project to do 
some of the work and what you intend in that area. And it is to 
test component parts that go into operational technology that 
is used throughout the energy sector. So we are now starting 
the pilot.
    There are a lot of challenges as we start going through 
this that aren't necessarily the technical challenges but 
making sure that we have the voluntary participation from our 
industry partners as we go through this. We already have some 
companies that have volunteered to have their products tested.
    What we then have to say and how we have to work this out 
would be: What do we do with those results of the testing? How 
are we going to share that? How does that fit into an overall 
risk management framework? How we would roll it up into what we 
are doing with the C2M2 maturity model that we have so that 
those results, along with a lot of the other pieces that we are 
putting together, that a company will be able to look at that 
and say, OK, here are the products, here are the risks, here is 
what I have to do to mitigate that risk.
    And then the information from these pilots will feed our 
other research and development efforts so that we can then 
refine them based on the results that we are getting.
    So we really are looking forward and we really are excited 
about this particular project that we are looking at, because 
we know that there could be a lot of risks associated with all 
these different products that are coming into the energy 
sector, and so we have to make sure that we are aware of what 
those risks are as we are implementing them.
    Mr. Latta. Well, you talk about trying to get more 
volunteers in there. How can we encourage more companies to 
really want to volunteer to be part of that program then?
    Ms. Evans. Well, so they could reach out to our office, in 
particular, and I am happy--they can come through the sector 
coordinating councils that they have, because most of them are 
actively participating in that, and they can volunteer through 
that as well.
    And as we identify and work through the challenges that we 
have, the idea is then to have a framework. The whole purpose 
of my office is to take this research and then be able to 
operationalize it and to be able to take it out into industry 
so that they can actually use the results of the research and 
be able to implement it.
    And so the more that we can learn about what types of 
anomalies there might be from different companies, the faster 
we will be able to develop that framework, and then the faster 
it will be able to be implemented and out in the 
infrastructure.
    Mr. Latta. OK.
    Well, through this committee's efforts, DOE was established 
in statute as the lead sector-specific agency for cybersecurity 
for the energy sector. This new mandate was included in the 
FAST Act of 2015.
    While the lead sector-specific agency mandate is new, DOE 
has been engaged in this work for many years. What makes DOE 
equipped to serve as the lead agency?
    Ms. Evans. Well, thank you for that question.
    And I would like to say that it is the expertise of the 
Department as a whole, as well as the ability to leverage the 
knowledge that is out in the National Labs. And so those are 
some of the smartest people in the world, and that they work on 
multiple problem sets as it relates to the energy sector, they 
are always thinking about what is over the horizon, what is 
next, and also trying to fix what is actually happening today.
    So I believe that the way that the Secretary's priorities 
are set up, the experience that is there at DOE, and then 
leveraging what is happening in the National Labs, that is why 
you trust us to be the sector-specific agency in this area, and 
that is why we are providing that leadership.
    Mr. Latta. Well, thank you very much.
    And, Mr. Chairman, my time is about to expire, and I yield 
back.
    Mr. Olson [presiding]. Thank you.
    The Chair now calls upon the gentleman from California, Mr. 
McNerney, for 5 minutes, sir.
    Mr. McNerney. I want to thank the chairman for that.
    Mr. Olson. You are welcome. We will see if the Astros beat 
the Dodgers again this year. So----
    Mr. McNerney. We will see.
    Ms. Evans, I thank you for testifying. And you have only 
been there a month, so I understand that that presents 
challenges.
    And I want to follow up on my colleague Bob Latta's comment 
about the Grid Innovation Caucus. And the purpose of that is 
really to educate Members of Congress about the challenges and 
opportunities in the grid, but also to put forth legislation.
    Bob mentioned one. I am also going to mention H.R. 5240, 
the Enhancing Grid Security Through Public-Private Partnerships 
Act, that provides cybersecurity training to electric utilities 
and promotes sharing best practices and data collection in the 
electric sector.
    Now, in conversations with utility executives, I have heard 
that there is a big bottleneck in sharing information, security 
information, with the utilities because their security people 
don't have security clearances, and it is taking them a year, 
year and a half, to get those clearances.
    Do you have a plan to expedite the clearances of utility 
executives and utility security people so that we can get 
information to them on a timely basis?
    Ms. Evans. Well, I appreciate that question on security 
clearances. And I am going to answer it a little bit 
differently versus saying that I am going to expedite out the 
clearance process. Those of you that are involved in that know 
that that can be quite the challenge, if I were to agree to try 
to expedite that.
    What I really am trying to do and what the vision of this 
office is is to take information that is informed by 
intelligence, threat intelligence types of things, things that 
are classified, overlay it on what is here, and then take it so 
that it can be actionable out by the utilities.
    So you don't necessarily have to have the classified 
background behind it. A lot of times, especially when you are 
working out there--and I come from an ops background--you 
really want to know what you are supposed to do; the why can 
come a little later on. A lot of times, you have to respond 
immediately in a situation. You want to know what the actions 
are that you need to take. That doesn't necessarily have to be 
classified.
    And that is what I view my office as being able to reach 
out, share that information with our partners, and be able to 
give them the actions that they need to take that is informed 
by the government-as-a-whole approach.
    Mr. McNerney. OK. That sounds good. How far along are you 
in that process?
    Ms. Evans. I actually have some things I hope within the 
next 120 days that I will be able to share with industry 
directly that they can start taking some action. There are some 
things I am doing that they should be implemented here shortly, 
and I think that they will be surprised when they see it. And 
there are some basic things that they can do now in basic 
hygiene that, when they see the visualization of that, they are 
going to be surprised.
    Mr. McNerney. Well, I look forward to hearing from the 
executives and utility people----
    Ms. Evans. Yes. OK.
    Mr. McNerney [continuing]. What they think of the plan, and 
I will be glad to share that with you.
    Ms. Evans. That would be awesome. I am looking forward to 
working with you on that.
    Mr. McNerney. Now, how does CESER monitor or plan to 
monitor cyber attacks?
    Ms. Evans. So there are several different things that are 
already under way that CESER is looking at, as far as the 
infrastructure. The vision that we have for this office, 
several of the tools that are already in place, several of the 
projects that they already have--which I am sure you are 
familiar with CRISP. Also included in my testimony we talked 
about CYOTE, that particular project.
    The way that we look at how we are going to do this is, for 
example, in the operational technology world, you know exactly 
how things are supposed to respond. So the idea is to manage by 
exception. So, as you pick up exceptions, then working and 
putting together a model, you can put sensitivities to that, 
and that would then show anomalous behavior.
    Based on then feeding it with information that is coming 
from multiple areas, especially intelligence, we will be able 
to tell if that is something that is just--so we talked about 
the supply chain and all these other types of equipment. We 
will be able to tell by the data if something is actually 
happening, if somebody is in the network or if it is an 
equipment malfunction, or what is actually happening, by 
overlaying this data.
    Are we there now? No. We have several of these pieces in 
place that are----
    Mr. McNerney. So you are basically using big data and 
algorithms, or will be. So that is----
    Ms. Evans. We will be. That is why there are different 
pieces----
    Mr. McNerney. Again, I will look forward to hearing more 
about that.
    And I have time for one more question. You may not have 
time to answer it. Do you feel confident that our utilities are 
adequately prepared and protected from Russian and North Korean 
cyber attacks to prevent massive blackouts or credible enough 
threats of massive blackouts to make our Nation vulnerable to 
cyber blackmail?
    Ms. Evans. So, since you asked me do I feel confident, the 
answer would be no.
    Mr. McNerney. Thank you.
    I yield back.
    Mr. Olson. Thank you.
    The Chair now calls upon the gentleman from Secretary 
Evans' home State of West Virginia, Mr. McKinley, 5 minutes, 
sir.
    Mr. McKinley. Thank you, Mr. Chairman.
    And I would be remiss if we didn't go back and remind the 
chairman, when she was being introduced, that she is a good 
West Virginia native and graduated WVU and is a staunch 
Mountaineer fan.
    Ms. Evans. Yes, I am.
    Mr. McKinley. So thank you. Thank you for coming here to 
this.
    I am curious about a few things primarily dealing with the 
reliability, because the question you just heard from 
Congressman McNerney about the capability of meeting the 
challenges we face. And the President has been wrestling with 
202(c) or Defense Procurement Act as a way of addressing that.
    Can you give me an update on maybe what is happening in 
that arena, for everyone to understand that we may be having 
quite a few power plants shut down prematurely without having 
202(c) or the Defense Procurement. So if you could give me a 
little update, if you could?
    Ms. Evans. I actually can. Thank you for that question. 
Secretary Perry was speaking yesterday about this exact issue. 
And what he said was that he does not have anything new to 
update at this time, that this is still a policy that is being 
reviewed by the White House.
    Mr. McKinley. OK. But building off that--and we talked 
about the ISO New England, the problems they are having there 
in getting power, not only the importing--as you are probably 
familiar, that they are importing from Canada 73 gigawatts of 
power into New England.
    Do you dispute that number? Or do you think that number 
is--that is the number that has been published, 73 gigawatts. 
That is essentially--for people to understand what that means, 
that is about 100 power plants that don't exist in New England, 
as we rely on importing power from Canada.
    Is that about correct, the 73 gigawatts?
    Ms. Evans. I don't have the exact numbers in front of me. I 
am happy to take that question back and----
    Mr. McKinley. If you would, please.
    Ms. Evans. Yes.
    Mr. McKinley. Because, we are trying to be energy-
independent. And we have a section of the country that has some 
issues about being able to meet the challenges, whether that is 
from hacking or internally. So we are depending on now 
importing.
    So let me ask another question, then, with that 
dependability. And McNerney was just talking about Russia. 
Isn't it accurate that New England was getting its natural gas 
this past winter from Russia? From an LNG tanker that was in 
Boston Harbor?
    Ms. Evans. I don't know the answer to that question, sir, 
and I would be happy to take that back as well.
    Mr. McKinley. Well, I have the answer.
    Ms. Evans. OK. There you go.
    Mr. McKinley. So, yes, the answer is yes----
    Ms. Evans. OK.
    Mr. McKinley [continuing]. It was.
    And so it is a matter--if we are going to be energy-
independent and we are going to make sure that we have the 
power necessary for that New England area, we have two issues: 
Are we going to continue to import gas from Russia, and are we 
going to import power from Canada?
    So that is why I think it is so important that the White 
House and others move on this 202(c) or Defense Procurement Act 
to protect our grid system. Because I think we--reports we have 
had from National Energy Technology Lab, NETL, have indicated 
we are prematurely shutting down too many of our coal-fired 
power plants, and we are headed into a blackout, possibly this 
winter, as a result of it.
    Do you have anything to update us on alternative measures 
that might prevent that from happening?
    Ms. Evans. No, sir, I don't. But I will take back your 
concern and elevate it to my leadership so that they know 
exactly what the issues are that you are bringing up so that I 
can make sure I can feed into the policy process.
    Mr. McKinley. If you would, please, pass that on----
    Ms. Evans. Yes, sir.
    Mr. McKinley [continuing]. To Secretary Perry, and tell him 
where it is coming from.
    Ms. Evans. Yes, sir, I will.
    Mr. McKinley. Thank you.
    I yield back.
    Mr. Olson. Thank you.
    The Chair wants to remind my dear friend from West 
Virginia, our witness, Secretary Evans, this weekend the 
Mountaineers are going to Lubbock, Texas, to play the Texas 
Tech Red Raiders. And my warning is, they have got this symbol; 
it is called ``guns up.'' They score a touchdown, they get 
their guns up. You all are going to see a lot of guns up in 60 
minutes in Lubbock, Texas.
    The Chair now calls----
    Ms. Evans. As you know, I am really constraining myself not 
to respond to that, but that is OK.
    Mr. Olson. It is football in Texas. Feel free to fire back.
    Ms. Evans. No, that is OK. But we are Big 12. It is good. 
It is all good. It is OK. We are doing well. Our team is doing 
well.
    Mr. McKinley. Where are they ranked? What, 25th?
    Mr. Olson. Twenty-five versus 12. Get your guns up.
    The Chair now calls upon the gentleman from South Carolina, 
Mr. Duncan, for 5 minutes of questions.
    Mr. Duncan. Go, Tigers.
    Secretary Evans, I first want to thank you for your 
response to Hurricane Florence. I know there were over a 
million power outages across the Carolinas, and you and your 
team were extremely responsive both during the preparation and 
restoration process. Duke Energy serves much of my district, 
and I have heard from them many positive things about your 
engagement. So I want to applaud you on that.
    I also want to thank you, both you and Secretary Perry, for 
your leadership in creating the new CESER program. Protecting 
the grid against cyber and EMP attacks should be a priority. 
Many Americans fear the potential of an attack given the 
volatility of players such as Iran, Russia, and North Korea.
    Over 5 years ago, the U.S. DOE and the industry, with 
industry matching over 80 percent of the funds, established at 
Clemson University perhaps the world's largest, most capable 
electric grid emulator. This 20-megavolt-ampere facility, 
called the Duke Energy eGRID, is providing a platform for 
innovating and validating and testing multimegawatt electric 
grid components in real grid conditions without the risk to the 
grid.
    This capability is needed to facilitate the rapid 
introduction of new technologies into our Nation's electrical 
infrastructure. It is also a prime example of public-private 
partnership working to develop advanced technologies to protect 
against evolving threats.
    The folks at Clemson worked closely with the utilities. 
Duke is a partner. They worked close with industry, National 
Labs, and other universities and the DOE to accelerate the 
marketing of new technologies.
    Are you familiar with the eGRID down there in Charleston?
    Ms. Evans. Yes.
    Mr. Duncan. Have you visited that in North Charleston?
    Ms. Evans. Not yet.
    Mr. Duncan. OK. I want to invite you to do that. And I 
invited Secretary Perry as well.
    I am concerned with the grid being able to withstand 
attacks such as an EMP or cyber attacks, supply-chain attacks. 
And I realize you just started at the DOE, but I am interested 
to know how the DOE plans to address these important critical 
issues.
    Ms. Evans. I appreciate the opportunity to answer that 
question.
    I am in the process of looking at many of the things that 
are in place. This office was set up specifically to deal with 
those concerns. And Congress has given us that authority, as 
the sector-specific agency, to really embrace that and to go 
full-force into that.
    My office, in conjunction with other offices within DOE, 
really are looking at how do we need to do that, what are the 
right investments as we are going forward, what is the right 
research and development as we are doing that. There are many 
projects that are already in place with the National Labs. It 
is my intention to leverage those results and implement them.
    And so I am of the mindset that my office is about the 
implementation and working with industry to get it implemented 
and then distributed through industry so that they can benefit 
from the results of all that research and make sure that it is 
actionable so that it can go out there so that the grid and our 
energy sector is resilient and then can withstand--the 
Secretary has told me that his highest priority and his biggest 
concern is that, when a natural disaster is happening, that we 
would also have some type of disruption in the technology and 
that we would be able to discern between the two if they are 
related or if it is our adversaries taking advantage.
    And that is what I really look at as the highest priority, 
to be able to implement that technology and be able to provide 
that information up through the appropriate mechanisms so that 
the Secretary and DHS and the administration is properly 
informed so that they can make those decisions.
    Mr. Duncan. I used to serve on the Homeland Security 
Committee, and since I have been in Congress, there have been 
several attempted attacks on transfer stations, substations, 
different things. We have gotten lucky, in that supposed 
attackers didn't realize diesel fuel didn't explode, et cetera.
    Those type of physical attacks on our electric grid are 
very difficult to predict and protect against. We can't monitor 
every substation and what not. What sort of work is DOE doing 
in that regard?
    And we know all about the cyber stuff, but these are 
physical attacks. It would just take a simple explosive device 
and--so have you all thought about that? And what, working with 
Homeland Security, are you doing about it?
    Ms. Evans. So the short answer is yes. And the ISER group 
that is in my responsibility does exercises. And so we heard a 
little bit about the Clear Path IV exercise. The idea is to 
develop different scenarios around those so that, as it is 
being executed, what are the responses, have we thought about 
everything.
    And so, when you do those exercises--and there are 
exercises coming up, like Liberty Eclipse, and there are things 
we are doing with NERC, as the GridEx. Those exercises, they 
inform the ability to actually respond. So the idea is, OK, we 
all have a plan, but you want to exercise the plan before you 
actually have to do the plan and respond to the plan.
    So that is what that group does. The idea is to expand out 
those exercises. And as we hit the basics, then it is to 
continue to expand those out so that those lessons learned are 
there in the response plan and that we share that. That is 
exactly why we do the exercises with State, local, and our 
government partners, as well as industry.
    And that was the uniqueness of that Clear Path IV, was that 
industry was involved in that, and it was done out in 
Washington State. Because it is one thing if you do it in DC; 
it is another thing if you are doing it across the country and 
involving all the State and local partners as well as the 
industry. Because those lessons learned, the communications, 
the issues that you brought up earlier, if we see gaps, we 
don't want to be in the actual incident when we are identifying 
gaps that we need your help with.
    Mr. Duncan. All right.
    Well, my time has expired, but I will remind the committee 
that things that can affect our grid system can be both manmade 
and natural, so hardening the grid is important.
    With that, I yield back.
    Mr. Olson. Thank you.
    The Chair now calls upon the gentleman from New York, Mr. 
Tonko, for 5 minutes.
    Mr. Tonko. Thank you, Mr. Chair.
    And, Assistant Secretary Evans, congratulations on your 
confirmation, and welcome to the committee, and thank you for 
your testimony.
    Obviously, we have not faced the full consequences of a 
cyber attack on the grid yet, but we do continue to experience 
major electricity outages and energy disruptions due to natural 
disasters. I want to ask about what you see as the mission and 
role of your office in the future.
    There has been a lot of emphasis on cybersecurity today, 
and rightfully so, but it is my understanding that the office 
is also responsible for emergency response, including those 
from natural disasters. Is that indeed correct?
    Ms. Evans. Yes, sir.
    Mr. Tonko. And earlier this Congress, Assistant Secretary 
Walker of the Office of Electricity, testified about the work 
being done by his office in the wake of Hurricane Maria in 
Puerto Rico. Now, has CESER played a role in the Maria response 
or preparation against future energy disruptions in Puerto Rico 
over this past year?
    Ms. Evans. Thank you for the question. And before the CESER 
office actually was formed, a lot of the functions that we are 
talking about as the exercise capability that we have as well 
as the emergency response capability all belonged and were all 
in one office, which was where Secretary Walker is, in the 
Office of Electricity. When CESER was formed, those moved over. 
So my office has cybersecurity, energy security, and emergency 
response.
    So in the case of Puerto Rico and Maria, my office is 
responsible for the activities that happen when we activate our 
emergency response, the RES-12 under the National Response 
Framework. So, for example, this go-around with the hurricanes, 
it is my office that goes and mans down in FEMA, that goes out 
to the regions. We have very specific response capabilities, 
incident response capabilities that we do in natural disasters.
    When we move into the recovery phase, and that is what is 
happening right now down in Puerto Rico, Assistant Secretary 
Walker continues that effort. He was just down there for the 
anniversary, was looking at everything that is there, and he is 
involved in the recovery aspect.
    So when you look at how our offices work together and where 
that separation is, we do the emergency incident response type 
of capability. We are down there. We are embedded with the 
States. We work with FEMA. We are over at the national center 
there, and all the information goes up. When it shifts, where 
we are right now, that is when it then shifts back to Assistant 
Secretary Walker's office.
    Mr. Tonko. OK. Thank you.
    And I know that earlier there were questions about 
Hurricane Florence. So in this cross-pollination between the 
two offices, have there been lessons learned or experiences 
from Maria from the Puerto Rico experience that helped or 
influenced your responses in some way with Florence?
    Ms. Evans. I would say that based on the way that Assistant 
Secretary Walker handled that, he has been instrumental in 
bringing up the CESER office. And his interactions of what he 
has done and how I have been able to be brought up to speed so 
fast is based on those lessons learned of where they clearly 
see the delineation between the two offices.
    So, again, this is a secretarial priority. Assistant 
Secretary Walker and I really have worked that out. We continue 
to work it out. But his office is very strategic in looking at 
how you are doing different things; and then my office, it 
feeds directly into my office for lessons learned impact, and 
then we implement from a tactical standpoint.
    Mr. Tonko. Thank you.
    Robust cybersecurity requires significant financial 
resources and new and advanced technologies. But we know there 
are many small utilities with limited resources that might not 
have the same technical capacity as their larger components. 
Does DOE have a plan, a technical assistance program or funding 
available to assist these smaller utilities such as a public 
power authority, a small public power authority, or a rural 
cooperative?
    Ms. Evans. I would like to take that question for the 
record because I am unaware of the specifics, but--and I would 
like to get back to you on that specific question.
    Mr. Tonko. If you would, please. That would be very 
helpful, because they obviously could be impacted by some very 
severe disasters, and that assistance would play a major role 
in their responsiveness.
    So thank you again for your response to the questions.
    Mr. Olson. Thank you.
    The Chair now calls upon himself for 5 minutes.
    And, again, welcome, Secretary Evans. I can assure you 
there will be no talk about football, Texas Tech versus West 
Virginia this Saturday. I won't talk much about cybersecurity. 
That is important, but I do want to focus on natural disasters 
and specifically hurricanes.
    As you know, my home State of Texas is a cornerstone of 
America's energy production and security. The Greater Houston 
is a cornerstone of this cornerstone. We produce the bulk of 
the oil that is refined and used here in America, and we also 
have a launching port through the number one exporting port in 
America, the Port of Houston, for this energy to head overseas 
and change the world.
    Hurricane Harvey hit us 13 months ago, hit us twice. It 
wasn't a windstorm. It wasn't a storm surge. It was a rain 
event, almost 4 feet over all of southeast Texas in less than 2 
days.
    I know your organization is new. You have been on the job 
for 4 weeks, but could you talk about what you have all learned 
with Harvey, Maria, Irma, and now Florence, what those lessons 
are? And also, after a storm, do you all do some after-action 
reporting and include all the players, the State, the 
government there in the State, the counties, the cities, the 
first responders, and private parties who are involved in the 
recovery from these storms? What is your sort of plan there, 
what you have learned so far?
    Ms. Evans. Thank you for the question. It is my 
understanding that after-action reports are done. After-action 
reports were done after last year's Harvey, and I do know that 
a lot of the lessons learned were specifically discussed on the 
coordinating calls with our industry partners.
    And it was highlighted very early on, specifically, about 
that this was going to be a one-two punch very similar to 
Harvey, and that they were more concerned about the flooding 
and the aftereffects of the hurricane. And so the utilities as 
they were on the calls, because of those lessons learned, did 
preposition over 40,000 workers before the flooding happened 
because they knew what would happen about the roads and how 
things would be. And so that happened.
    Additionally what happened because of things that happened 
there that they applied this year is there were things that 
dealt with, once the power company went in, they were looking 
at one set of power lines, and the telecommunications companies 
then would go in and they would cut lines because they weren't 
sensitive.
    So what happened this year in this particular case is that 
information was conveyed. This was lessons learned. So the 
utility companies told exactly the telecommunications companies 
where they were going, what the plans were so the 
telecommunications companies could follow right behind the 
utility companies. So as the power came up, communications came 
up. That was a direct lessons learned from Harvey last year.
    Mr. Olson. Well, thanks, I have a question.
    You also brought up drones in a hurricane, natural disaster 
early in this hearing. Drones played a big role in Harvey as 
the storm hit, quick recovery. For example, the mayor of 
Missouri City wanted to fly a drone over--he had heard a levee 
was having problems with a bubble in a big subdivision. It was 
about to burst. There were rumors it didn't, but he was 
concerned. He couldn't fly his drone because it was--airspace 
was controlled by the Coast Guard. It took him 1 day with this 
levee about to break maybe and flood all these homes to finally 
be able to fly his drones.
    So my question, I know it is not your jurisdiction per se, 
what is your role in these drones over these disasters? What is 
DOE's role here? Can they help out Missouri City and have them 
fly those drones quickly to save people in need in a time of 
crisis?
    Ms. Evans. So as the sector-specific agency, when 
especially that was discussed as another lessons learned that 
happened from last year, that the drones would be critical, and 
then there is a lot of information that we have from our own 
modeling that we share with utilities companies.
    But that issue was raised early, and because the 
coordinating councils are cochaired with our industry partner--
our industry partners as well as our government partners, as 
that issue is raised, we have a mechanism then to feed it back 
in before it becomes a crisis. So the things that you are 
talking about, there was a working group already established--
--
    Mr. Olson. Great.
    Ms. Evans [continuing]. Before the incident happened so 
that they could get approval and be able to use the drones for 
the recovery mechanism.
    Mr. Olson. The final question is about reliability and 
emerging threats. In Texas, we have had some blackouts in the 
past. The big year was 2011. That February we had rolling 
blackouts because of two power plants in Dallas area had some 
water pipes frozen, had to have rolling blackouts. That same 
August, this extreme heat wave, same thing happened across the 
State.
    As you know, when blackouts happen, even rolling blackouts 
for a short amount of time, people are exposed to death 
situations, mostly senior citizens and young kids who can't 
handle extreme heat or extreme cold, and we have to take this 
very seriously.
    I know they are expecting a thing called the GridEx 
exercise. Could you talk about your work with industry and NERC 
on preparing for a grid emergency like we had in Texas in 2011?
    Ms. Evans. I appreciate the question. I know that we have 
the GridEx exercise. Again, that information feeds back into 
what DOE does, what--any gaps that they would see in DOE's 
ability as the sector-specific agency to be able to deal with 
that. I am actually getting ready to go out to the NERC event 
and what they are doing with GridEx again this year, so I will 
be there. I will have firsthand out at that group.
    Mr. Olson. Great.
    Ms. Evans. But there are other things that DOE does that 
feeds back into what NERC does too as the Electricity ISAC, and 
so there are tools that we have, there is modeling that we do. 
We have eagle eye that looks at everything. We also then have 
the CRISP program that feeds that.
    The idea in the long run is to be able to start putting 
more of this data together so that it can go out through the 
Energy ISAC that NERC does manage so that they can get that 
information then down to the utilities. So as you are looking 
at natural disasters or other types of things, again, I am 
getting back to we have to give them actionable information 
that they can share through their partners so that they can 
take the appropriate actions.
    Mr. Olson. Thank you. My time is expired. Enjoy your time 
watching the football game from Lubbock, Texas.
    Ms. Evans. Thank you.
    Mr. Olson. The Chair now calls upon the gentleman from 
Ohio, Mr. Johnson, for 5 minutes.
    Mr. Johnson. Thank you, Mr. Chair.
    And, Assistant Secretary Evans, thanks for being with us 
today. Let me try to dodge my colleague here to make eye 
contact with you.
    Decisions made by different agencies across the Federal 
spectrum can impact our electric grid and specifically impact 
how our grid operators, generators, and grid-related devices 
effectively perform and communicate with one another. For 
instance, the electric utility industry has added and is 
continuing to add data and networks along its infrastructure to 
bolster its reliability.
    This continual addition of new technologies and 
communications networks can fall into multiple agencies across 
the Federal Government and commission jurisdictions, some of 
which are not typically involved in the oversight of our 
electric grid. So that is why I am interested in the Tri-Sector 
Executive Working Group, which is meant to manage risk across 
energy, telecommunication, and financial sectors. Can you tell 
me a bit more about this work?
    Ms. Evans. Yes, sir. I appreciate the question on the Tri-
Sector Working Group. We just held our first meeting all 
together last week. And so the idea behind that, that was a 
recommendation that came from the President's working group on 
that on infrastructure and recognized the complexity of those 
three and the interdependency.
    So from a Federal Government standpoint, you have 
Department of Transportation, Department of Energy, and 
Department of Homeland Security representing that. And then we 
have the utilities, which is also the same group that is 
leading our Electric Subsector Coordinating Council; and then 
you have the financial sector, which is also the ISAC for that, 
which is then JPMorgan is the lead on that as well; and then 
you have Telecom, which was AT&T.
    So we were there. The idea is really to, OK, we need to 
know what is critical in those areas for what is the basic 
types of operations we are talking about, the modeling of what 
it is going to take for the North American grid so that we can 
deal with these issues and where are the interdependencies, and 
then utilize that from the government approach back. And, 
again, that gets back to our original question, if we see that 
there are any gaps in those authorities, then we will raise 
those through the appropriate policy mechanism and go to our 
respective committees.
    Mr. Johnson. OK. Do you believe further communication 
between different facets of the Federal Government are needed 
to ensure that our grid is secure, especially as utilities 
increasingly look at their own communication networks to add 
security and up to the second situation on awareness over their 
infrastructure?
    Ms. Evans. I appreciate that question. And as we continue 
to do this work and as we continue to improve the modeling that 
we are doing, I am sure we are going to show interdependencies. 
I believe that the framework that is in place right now allows 
us--especially with the President's release of the National 
Cyber Strategy--allows us the mechanism if we were to identify 
those as we do the work to bring those up accordingly through 
the administration and be able to identify those policy gaps.
    Mr. Johnson. OK. In December 2016, the Department of Energy 
and the National Association of State Energy Officials 
cosponsored Liberty Eclipse----
    Ms. Evans. Yes.
    Mr. Johnson [continuing]. A regional energy assurance 
exercise to promote State and local level preparedness and 
resilience for future energy emergencies stemming from a cyber 
incident. So, Ms. Evans, why are exercises such as Liberty 
Eclipse beneficial for coordination between Federal, State, and 
local governments?
    Ms. Evans. I find that the exercises are critical. As I 
mentioned earlier, we believe, when we put together a plan, 
that we have identified what all the contingencies are. But 
when you put together a plan, you don't know what you don't 
know until you actually exercise the plan. And the emergency 
when it is happening is not the time to exercise the plan.
    And so these exercises, Liberty Eclipse, which we are 
getting ready to do another exercise on that, identify any gaps 
that are the issues that you are raising right now, either 
between the Federal Government going across or down with our 
State and local partners or across with industry.
    Mr. Johnson. Were there any lessons learned from that 
exercise, and have any of them rendered any improvements?
    Ms. Evans. There were lessons learned, and it is my 
understanding that those lessons learned, the plans have been 
updated, and they are now going to be exercised again in this 
next exercise of Liberty Eclipse to see if they were adequately 
addressed and if any new gaps or any other new lessons need to 
be applied and updated as we go forward. So that is happening 
in this next exercise that we are doing of Liberty Eclipse at 
the end of October.
    Mr. Johnson. Great. All right. Well, thank you.
    Mr Chairman, I yield back.
    Mr. Olson. Thank you.
    The Chair now calls upon the gentleman from Oklahoma, Mr. 
Mullin, for 5 minutes.
    Mr. Mullin. The great State of Oklahoma. Great State.
    Mr. Olson. A good State, not the greatest.
    Mr. Mullin. Thank you, Mr. Chairman.
    And, Ms. Evans, thank you so much for being here. It is 
always impressive when you see individuals come in here well 
informed and knowing the issues, so thank you for taking the 
time to get here.
    Recently, there was a tragic explosion in my district at a 
drilling rig, and I am pretty sure you are aware of it. A 
question that I have is--which I really don't like the acronym 
CESER, but I guess that is how you pronounce it--what role does 
CESER have in assisting the U.S. Chemical and Hazard 
Investigation Board in their investigation and response?
    Ms. Evans. So it is my understanding that as a sector-
specific agency and the way that we roll things down in an 
emergency response, that we would provide information to the 
appropriate agency and the appropriate board.
    Mr. Mullin. What kind of information are you providing for 
them?
    Ms. Evans. What comes up through the channel, if there are 
concerns that come directly from the industry, if there are 
types of information. I do not have the specifics on that one, 
but I do have the specifics, well, like, for example, when the 
Massachusetts one came up. And that is it comes up through us, 
but Department of Transportation is actually on the call. So 
they then share the information of what they are working with 
with their board, and they share it out with the other group, 
this is the initial findings, this is what we have at this 
point.
    If there is anything that we need to do from an energy 
sector role, then what we have to do is raise it back, and we 
either share it with our sector or I have to raise it up to my 
management if a policy decision needs to be made.
    Mr. Mullin. Do you share that information with the public, 
if there is reason to be sharing, or is that someone else is 
sharing that information?
    Ms. Evans. As a sector-specific agency, we share 
information with our appropriate sector. Depending on how that 
investigation is done, so like in the case of the Massachusetts 
one, Transportation would then share that because they would be 
the appropriate agency to share the information with the 
public.
    Mr. Mullin. So you are assisting the Transportation----
    Ms. Evans. Yes. And so the other thing that I have learned 
through this is is that the biggest thing that all of us have 
done in this sector is making sure that the information is 
shared so that there is unity of message so that we all have 
the same information----
    Mr. Mullin. Right.
    Ms. Evans [continuing]. So that that way we are not saying 
different things from a different vantage point but that the 
information is consistent.
    Mr. Mullin. So who is coordinating that response and that 
information, the flow of information? Who is gathering it and 
putting it in the right hands? Is Transportation leading that 
too?
    Ms. Evans. In the case of what happens here in the energy 
sector, they have associations, and as it relates to what 
happens and they send it out through industry, we share the 
information with them and then their industry associations then 
distribute it.
    In the case of the Federal Government, if Transportation is 
the lead, we would feed into the Transportation type of 
information that would go up and then that secretary would be 
the accountable person.
    Mr. Mullin. Does that information flow freely or is that 
only when they specifically ask for the information?
    Ms. Evans. Based on my experience and based on the way that 
I am going to work this office, the information will flow 
freely.
    Mr. Mullin. Freely. So you will have a point of contact?
    Ms. Evans. Absolutely. I already have contacts now.
    Mr. Mullin. OK. Great.
    As far as the briefings, because we do understand between 
cyber attacks and vulnerability of our electrical grid and just 
the oil and gas industry in itself, how often do you brief 
industry as far as security issues? Do you plan on briefing 
them, and if so, traditionally how often does that briefing 
take place?
    Ms. Evans. It is my understanding the way that the 
information flows specifically about what you are asking is is 
that we as DOE provide information--and this is the question 
that was asked earlier about our relationship with NERC. And so 
NERC is directly tied into a lot of the tools in the modeling 
and the CRISP project that we were talking about. That 
information then informs the ISAC, and so they get that. They 
are tied directly into that platform, and so we are providing 
that information to them on a daily basis. Based on that 
information, they then distribute it down to the energy sector 
through the ISAC, and that is what the ISAC mechanism is set up 
for.
    Mr. Mullin. Are you doing specific classified briefings 
with industry when it comes to this?
    Ms. Evans. I would have to take that back for the record 
and find out what is the history associated with what types of 
briefings that we have done as a sector-specific agency with 
them.
    Mr. Mullin. Appreciate it. I am out of time. Thank you so 
much for being here. Appreciate it.
    Mr. Olson. Thank you.
    The Chair now calls upon the gentleman from the great State 
of Michigan, Mr. Walberg, for 5 minutes.
    Oh, I am sorry. Mr. Kennedy slipped in behind me. I'm 
sorry, Mr. Walberg.
    The great State of Massachusetts, Mr. Kennedy, for 5 
minutes.
    Mr. Kennedy. Thank you very much, Mr. Olson.
    Madam Secretary, thanks for being here. I am going to build 
a little bit off of my colleague Mr. Mullin's questions, 
probably not surprisingly, with regards to emergency response.
    I am from Massachusetts. There has been an awful lot going 
on there in the past couple of weeks. I know you touched on it 
briefly or it was touched on a little bit earlier in the 
testimony, and I wanted to drill down on this a little bit.
    So understanding that circumstances evolving and ongoing, 
but we had an overpressurized pipe result in rupture over 80 
explosions, people that are still displaced from their homes, 
and gas that is apparently not going to get fully restored to 
the area until potentially mid-November, trying to figure out 
what happened. And it would be helpful for me to get a sense as 
to what oversight role you play in this, what the status of the 
investigation is, and what update you can give me to start.
    Ms. Evans. Thank you for that question. And what did happen 
with that and what is our role as a sector-specific agency, so 
we share this, this is through the energy sector, the energy 
government sector, so we are partners with the Department of 
Transportation as well as the Department of Homeland Security 
on this.
    I can say, in that specific incident, because we have the 
emergency response piece, my staff called me within an hour of 
being notified of that. The Oil and Natural Gas Subsector 
Coordinating Council was also scheduled.
    So within an hour of that, Department of Transportation and 
PHMSA in particular was also on the call because they are the 
industry part, the government part. We were all on the call. 
And they were sharing information as they were getting it with 
the electric sector right afterward, because we had a call with 
them also because they all wanted to know what was going on.
    So as that investigation continues through this mechanism 
is how the information is then shared out with the community. 
But Department of Transportation is the lead in this particular 
case.
    Mr. Kennedy. And fair to say, ma'am, just so I understand 
it, that your role in that is then focused on the emergency 
response for the immediate triage?
    Ms. Evans. Yes.
    Mr. Kennedy. And so how is it, though, to the best that you 
can explain, understanding that is not the focus of the hearing 
but focus for me, how is it that this happens? How is it that 
firefighters are responding to all these explosions? There is a 
well-publicized case, one firefighter going out, putting out a 
fire while his own home explodes.
    How is it that--why does it take so long? I understand that 
this had to be done manually from Columbia Gas, an alert that 
had to take place to then have somebody actually dispatch a 
human being down to try to alleviate the overpressurized pump. 
Is that typical? Is that how this should operate? Are there 
going to be regulations that come in? Would you suggest 
additional regulations to make sure something like this--we can 
up the preventive measures on this? How should we be thinking 
about an appropriate response?
    Ms. Evans. So what happens in this particular case--and I 
appreciate the question because I--there are a lot of moving 
parts to the question that you just asked. So the industry, the 
company would have a response plan. That response plan is 
also--then there is a local response plan as well as then a 
State response plan. And I know this sounds like there are a 
lot of layers, but the communications does flow up pretty fast.
    And so my office, as an emergency response piece, is 
directly tied into the State and local governments. And so we 
do get notified. There is a notification that happens when 
these things happen, and then people's response plans go into 
play. And so everybody's response plan is then executed.
    So I think that that is the focus of what everybody was 
asking for, do we see gaps when they happen. And I think that 
is what is still being investigated, and that is what you are 
trying to understand right now is were those adequate plans, 
and if not, are there gaps, and then they have to feed back 
into the process that we have, because if you need a Federal 
response, it has to come up so that we can be able to respond.
    Mr. Kennedy. And I appreciate that. I am also wondering if 
the scope of the regulation is such where an accident like this 
can happen, right, and understanding the--we are still trying 
to investigate exactly what happened and how, but that there 
are going to be people that are without their homes in 
Greater--or without heat and hot water in their homes in 
Greater Boston through mid November if this is done on 
schedule, should we allow that? Is that a permissible response 
to say, it is OK for folks to be dislocated from their homes 
for 6 to 8 weeks?
    And if not, why--if the company was actually in compliance 
with the regulatory environment that--the existing regulatory 
environment, why is that part acceptable? Because I have got 
two little kids under three. This doesn't affect me, but I 
would imagine that for a family trying to heat their home with 
space heaters, that some of these homes that is not even 
adequate, for 2 months becomes a real challenge.
    And Columbia might be doing the best they can to replace 
hundreds of miles of pipeline, but something fell through the 
cracks here in a pretty big way without yet a conversation as 
to how do we make sure that such an incident like this, the 
consequences are going to be mitigated in the future. And so 
that is what I would love to get your insight to where we 
should look and how we should focus.
    Ms. Evans. So I would like to say that until the 
investigation is completed, it is hard to address that 
question. But you are asking some broader-based questions that 
are about risk management and what is acceptable from a nation.
    So I am going to turn back to the administration's national 
strategy that they have dealing with critical infrastructure 
and in some of the things that have already been released by 
Department of Homeland Security, which is the risk management 
center.
    So a lot of the things that you are talking about fall 
under risk management and is it acceptable. There are things 
until this investigation--the results are actually out is that 
it is possible that the level of risk associated with the 
infrastructure there is not acceptable because of the 
consequences that the American people are now experiencing 
because of what happened there.
    That data and then our analysis is going to have to feed up 
through the policy process about what is the right risk 
management, is it going to take a regulatory change, is it a 
legislative change, is it an investment, and that is going to 
be a policy decision, and that is the intent. And that is what 
my office is focused on being able to do is provide that type 
of information after this happens so that the right policy can 
be made so we can answer that question for you.
    Mr. Kennedy. Chairman, appreciate your patience.
    Look forward to working with you on this issue, Madam 
Secretary. Thank you.
    Mr. Olson. Thank you. I remind my friend too to please talk 
to FERC about pipelines as well because they are a big Federal 
agency. DOE has got a role, but FERC is a big one for 
pipelines.
    Mr. Kennedy. I am aware.
    Mr. Olson. Yes. I just want to make sure you talk to FERC.
    The Chair now calls upon the gentleman from Michigan, the 
great State of Michigan, Mr. Walberg, for 5 minutes.
    Mr. Walberg. Well, I thank you, Mr. Chairman. And thanks to 
the assistant secretary for being here.
    Workforce development has become a focus here, I think, in 
a very positive way in Congress, and having a well-trained, 
certified cybersecurity workforce is a key component to our 
overall cybersecurity strategy as a nation. However, 
recruitment and retention of cyber workers is a well-documented 
problem, challenge, frustration, especially in the public 
sector.
    What programs are in place that allow cyber workers in the 
Department to have professional development opportunities as 
well as enhanced skill sets, and what plans do you have to add 
to that preparation?
    Ms. Evans. I appreciate the question on workforce. This is 
a passion of mine. So I am in the process now of looking at 
what kind of training and what type of programs are actually 
available for my own staff to be able to go forward.
    I did mention the cyber force effort, that competition that 
is run by the national labs. That has a lot of promise to be 
expanded both internally as well as externally and continue to 
grow beyond the initial view of that, because a lot of what 
that is focused on is energy specific, and that is the baseline 
of skills that my team will have to have in order to be able to 
respond and be able to work with the industry.
    So there are a lot of nuances when you go through this. And 
when you use the term ``certified,'' that means a lot of 
different things to a lot of different people. I would say 
right now that what we are looking at within the Department of 
Energy is the national initiative for cybersecurity education, 
which is run by NIST, and making sure that our positions and 
how we are using that framework really aligns.
    And so I look at the structure of what we have. I am also 
looking with the chief information officer and what they have 
in place, because if they have training programs already in 
place, the idea is to leverage those as well.
    Mr. Walberg. Well, that is so important, and I appreciate 
that in talking with the private sector and their challenges in 
the energy industry with cyber. They have been appreciative of 
the relationship that has developed because of what we have 
done here of having public-private sharing back and forth 
together. But to keep the good people that have been trained 
and to stay in the public sector is so important as well, so I 
would encourage you, and thanks for your commitment to that.
    Ms. Evans, I would like to follow up on Mr. McNerney's 
question earlier on. You said you were not confident that the 
U.S. electric sector can prevent a state actor attack. Would 
you please elaborate on this a little bit further?
    Ms. Evans. For me to have a certain confidence level of 
that, I want to make sure that I am providing all the 
information that they need to have so that they can make sure 
that they have the proper defenses in place. I know based on my 
experience and the previous work that I have done and the 
workforce issues that you have brought up, there are a lot of 
opportunities for the utilities to improve.
    And I think a lot of things that are going forward, there 
are basic things that all of us have to do across multiple 
sectors as it relates to hygiene. So the more we integrate 
technology into what we are doing, the higher the risk it 
becomes. And I think it really does become a risk management 
type of approach, and the executives of those utilities as well 
as the workers need to understand what are the risks that they 
are bringing into their enterprise as they go forward.
    I think right now that that is the dialogue that is 
happening. I think DHS is showing the leadership with the risk 
management center so that that information can then perpetuate 
throughout the industry, and then what you are going to see is 
those interdependencies. Right now, that whole holistic 
approach is really not understood across the industry.
    Mr. Walberg. Thank you.
    When the Department of Energy was organized as a Cabinet 
agency in 1977, the largest energy security concerns were fuel 
supply disruptions, not electricity disruptions or 
cybersecurity. As you would expect, the Department's 
Organization Act reflected those concerns. Times have changed, 
and we should be thinking differently about energy security and 
emergency preparedness.
    In my bill with Ranking Member Rush, H.R. 5174, we specify 
functions to include emergency planning coordination and 
response. Could you talk about your work to elevate these 
functions in your new office?
    Ms. Evans. I appreciate the opportunity. I am happy to talk 
about that. I am currently, right now, looking at what we have 
in place, and we have, as I talked about earlier, the emergency 
response piece that we have, specifically associated with 
hurricanes, natural disasters is really robust.
    What I really want to look at is the exercises and then how 
do you continuously improve that to bring in other threat 
factors that we have been talking about, manmade disasters, 
cyber disasters, so that same robustness and the same 
responsibilities that we have as the sector-specific agency and 
in the National Response Framework as ESF-12 are broadened 
based on what you envision that this office and what the 
Department is responsible to do.
    So I am leaning forward into that. I am trying to redirect 
some of the activities that we have right now. I am looking at 
several of the investments that we have already made to make 
sure that they capture these other pieces so that we can make 
sure that we are operationalizing those for the Department.
    Mr. Walberg. We wish you well on that and would appreciate 
any involvement that we could have with you in identifying gaps 
and assisting in finding solutions to meet those needs.
    Ms. Evans. I would be happy to talk to your staff about 
what we are doing as we continue.
    Mr. Walberg. Thank you. I yield back.
    Mr. Olson. Thank you.
    The Chair now calls upon the gentleman from the 
Commonwealth of Virginia, Mr. Griffith, for 5 minutes.
    Mr. Griffith. Thank you very much, Mr. Chairman. Thank you 
for being here today.
    As we change our mix in our grid, we are becoming more and 
more reliant on natural gas, which means we have more and more 
natural gas pipelines running across the country which are 
subject to potential harm or attack. I do think that your 
agency is the right one to do it. The chairman mentioned a few 
minutes ago that people need to talk to FERC also, and we may 
need legislation to make sure that we have coordination going 
there.
    I personally think we have given too much power to FERC as 
a Congress, and we need to take some of that back anyway. But 
along those lines, I find it interesting, because I think it 
would be helpful in this if we looked at some of the new 
technologies.
    As a disclosure, I have a Corning facility in my district, 
and they were showing me a number of their products. They did 
not make this product in my district, but they have apparently 
got a fiber that they can put on top of a pipeline that can 
detect temperature change and vibrations that then shows you on 
a computer if somebody is driving a truck up near the pipeline, 
getting out of the truck, walking, starting to shovel. You can 
tell all of that from the vibrations. And if there is any kind 
of a leak, so you have got both the bad actor and then just the 
bad pipe issue, they can also--because the temperature changes 
and it can detect the temperature change, it can pick up a 
pinprick leak.
    And I am just wondering why we aren't asking at least on 
the new pipelines that we are putting in for natural gas that 
we don't have some kind of a technology like that so that we 
can observe if somebody's trying to do something untoward or 
observe if there is just an accident about to happen. I think 
it would behoove us to do some of that.
    Have you all looked at any of that or is that something you 
would be open to?
    Ms. Evans. I would be open to doing that. Based on my 
previous experience, I was a partner in a venture capital firm 
so I understand a lot of what you are talking about with the 
new technologies. I would say that trying to be a little 
disruptive that a lot of the models that are currently being 
looked at right now are from the center going out, kind of the 
command and control piece. And what you are really describing 
is from the outside in.
    Mr. Griffith. Yes.
    Ms. Evans. And so that is going to change the architecture. 
And I view that that is what my role is is to be able to say, 
hey, if we agree on this, here is an architecture that we are 
recommending so that we can then talk to industry about it.
    Based on that, and we are looking at it from a national 
security standpoint, it is my understanding the way this is 
supposed to work--so you guys can correct me here--is is that 
then that would feed into the FERC process, which then could 
then do and address some of the things that you are talking 
about, because we would show this is the modeling, this is how 
it works, here is a voluntary way that you can do it and can 
then be built into the standards process, which would then be 
overseen by FERC.
    Mr. Griffith. Well, and that may be, but I am not sure that 
they are completely on board with all of this, and so I would 
be more than happy to work with you all to see if we needed 
legislation to just say this is where we are going to go. You 
have to figure out first how you want to change that 
architecture, but it does seem to me that that is probably a 
better way to go instead of from the central office out, have 
the information coming in and----
    Ms. Evans. And I will be happy to brief you as we continue 
to do this work.
    Mr. Griffith. Yes, ma'am. And I appreciate that. I also 
should probably note that while I have seen this one product by 
one manufacturer, I am sure there are competing interests and I 
don't care which one gets picked. I just want to make sure--
because I have a lot of constituents right now with two 
pipelines coming through the area, one through my district, and 
one through the neighboring districts.
    There are a lot of people who were concerned about problems 
like we heard about from the Senator from Massachusetts and 
pumping stations, and they are worried about the safety of 
their communities and their homes, and it just seems like we 
probably could put their minds to ease.
    I know when I have talked about this technology with those 
folks, they said, if only they were doing that, I would feel a 
lot better about it. They would still probably have some 
reservations, but they would feel a lot better that 20 years 
from now they weren't going to have a major problem. I thank 
you.
    And I yield back.
    Mr. Olson. I thank the gentleman.
    And seeing there are no further members wishing to ask 
questions, I would like to thank Secretary Evans for joining us 
today. And I just want to remind you, if you go out to Texas 
Tech this Saturday or sometime in the future to watch a 
football game between the Red Raiders and the Mountaineers, 
enjoy Lubbock, Texas.
    Two things you should do out there: first of all, The Shack 
BBQ, The Shack BBQ, 2309 Frankford Avenue, Lubbock, Texas, the 
best barbecue in the Panhandle of Texas, much better than--
sorry--West Virginia barbecue, Virginia barbecue, North 
Carolina, Kansas City. We got the best.
    Also, if you want to see a real tornado, Texas Tech has 
this thing called the National Wind Institute. They have this 
machine that generates small tornados just to study a tornado. 
So it is kind of cool. Go see that tornado. Enjoy Lubbock, 
Texas. You have to go out there.
    Before we conclude, I would like to ask unanimous consent 
to submit for the record the following documents: a report from 
DOE's Office of Energy Delivery and Energy Reliability; number 
two, a letter from the committee to send to Secretary Perry; 
number three, response letter from DOE to the committee; number 
four, a letter to Speaker Ryan from EEI/NRECA, and American 
Public Power Association.
    Without objection?
    Mr. Rush. No objection.
    Mr. Olson. No objection. So ordered.
    [The information appears at the conclusion of the hearing. 
\1\]
---------------------------------------------------------------------------
    \1\ The report has been retained in committee files and also is 
available at https://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=108725.pdf.
---------------------------------------------------------------------------
    Mr. Rush. Mr. Chairman----
    Mr. Olson. Yes, sir.
    Mr. Rush. I just want to say this to Secretary Evans. It 
has really been refreshing to hear your testimony this morning. 
You certainly have an understanding and broad knowledge of all 
the areas, and you have taken the time to really answer in a 
very effective way the questions that the Members have. And I 
just wanted to ask you to don't get tainted by the politics. I 
thought you were a very refreshing witness, and we look forward 
to working with you.
    Ms. Evans. Thank you, sir. I look forward to working with 
you as well.
    Mr. Rush. Thank you.
    Mr. Olson. Thank you. Amen.
    In pursuit to committee rules, I remind Members that they 
have 10 business days to submit additional questions for the 
record. I would ask the witness to submit her response within 
10 business days upon receipt of those questions.
    Without objection, this subcommittee is adjourned.
    [Whereupon, at 11:59 a.m., the subcommittee was adjourned.]
    [Material submitted for inclusion in the record follows:]
    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
    
    [Ms. Evans did not answer submitted questions by the 
closing of the record.]
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]


                                 [all]