b'<html>\n<title> - DOE MODERNIZATION: THE OFFICE OF CYBERSECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE</title>\n<body><pre>[House Hearing, 115 Congress]\n[From the U.S. Government Publishing Office]\n\n\n                DOE MODERNIZATION: THE OFFICE OF CYBER-\n           SECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                         SUBCOMMITTEE ON ENERGY\n\n                                 OF THE\n\n                    COMMITTEE ON ENERGY AND COMMERCE\n                        HOUSE OF REPRESENTATIVES\n\n                     ONE HUNDRED FIFTEENTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                           SEPTEMBER 27, 2018\n\n                               __________\n\n                           Serial No. 115-170\n\n[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]\n\n\n      Printed for the use of the Committee on Energy and Commerce\n\n                        energycommerce.house.gov\n                        \n                               __________\n                               \n\n                    U.S. GOVERNMENT PUBLISHING OFFICE                    \n36-776 PDF                  WASHINGTON : 2019                     \n          \n--------------------------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Publishing Office, \nhttp://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,\nU.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).\nE-mail, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5a2a351a392f292e323f362a7439353774">[email&#160;protected]</a>                                \n                        \n\n\n                    COMMITTEE ON ENERGY AND COMMERCE\n\n                          GREG WALDEN, Oregon\n                                 Chairman\n\nJOE BARTON, Texas                    FRANK PALLONE, Jr., New Jersey\n  Vice Chairman                        Ranking Member\nFRED UPTON, Michigan                 BOBBY L. RUSH, Illinois\nJOHN SHIMKUS, Illinois               ANNA G. ESHOO, California\nMICHAEL C. BURGESS, Texas            ELIOT L. ENGEL, New York\nMARSHA BLACKBURN, Tennessee          GENE GREEN, Texas\nSTEVE SCALISE, Louisiana             DIANA DeGETTE, Colorado\nROBERT E. LATTA, Ohio                MICHAEL F. DOYLE, Pennsylvania\nCATHY McMORRIS RODGERS, Washington   JANICE D. SCHAKOWSKY, Illinois\nGREGG HARPER, Mississippi            G.K. BUTTERFIELD, North Carolina\nLEONARD LANCE, New Jersey            DORIS O. MATSUI, California\nBRETT GUTHRIE, Kentucky              KATHY CASTOR, Florida\nPETE OLSON, Texas                    JOHN P. SARBANES, Maryland\nDAVID B. McKINLEY, West Virginia     JERRY McNERNEY, California\nADAM KINZINGER, Illinois             PETER WELCH, Vermont\nH. MORGAN GRIFFITH, Virginia         BEN RAY LUJAN, New Mexico\nGUS M. BILIRAKIS, Florida            PAUL TONKO, New York\nBILL JOHNSON, Ohio                   YVETTE D. CLARKE, New York\nBILLY LONG, Missouri                 DAVID LOEBSACK, Iowa\nLARRY BUCSHON, Indiana               KURT SCHRADER, Oregon\nBILL FLORES, Texas                   JOSEPH P. KENNEDY, III, \nSUSAN W. BROOKS, Indiana             Massachusetts\nMARKWAYNE MULLIN, Oklahoma           TONY CARDENAS, California\nRICHARD HUDSON, North Carolina       RAUL RUIZ, California\nKEVIN CRAMER, North Dakota           SCOTT H. PETERS, California\nTIM WALBERG, Michigan                DEBBIE DINGELL, Michigan\nMIMI WALTERS, California\nRYAN A. COSTELLO, Pennsylvania\nEARL L. ``BUDDY\'\' CARTER, Georgia\nJEFF DUNCAN, South Carolina\n\n                                  (ii)\n                         Subcommittee on Energy\n\n                          FRED UPTON, Michigan\n                                 Chairman\nPETE OLSON, Texas                    BOBBY L. RUSH, Illinois\n  Vice Chairman                        Ranking Member\nJOE BARTON, Texas                    JERRY McNERNEY, California\nJOHN SHIMKUS, Illinois               SCOTT H. PETERS, California\nROBERT E. LATTA, Ohio                GENE GREEN, Texas\nGREGG HARPER, Mississippi            MICHAEL F. DOYLE, Pennsylvania\nDAVID B. McKINLEY, West Virginia     KATHY CASTOR, Florida\nADAM KINZINGER, Illinois             JOHN P. SARBANES, Maryland\nH. MORGAN GRIFFITH, Virginia         PETER WELCH, Vermont\nBILL JOHNSON, Ohio                   PAUL TONKO, New York\nBILLY LONG, Missouri                 DAVID LOEBSACK, Iowa\nLARRY BUCSHON, Indiana               KURT SCHRADER, Oregon\nBILL FLORES, Texas                   JOSEPH P. KENNEDY, III, \nMARKWAYNE MULLIN, Oklahoma               Massachusetts\nRICHARD HUDSON, North Carolina       G.K. BUTTERFIELD, North Carolina\nKEVIN CRAMER, North Dakota           FRANK PALLONE, Jr., New Jersey (ex \nTIM WALBERG, Michigan                    officio)\nJEFF DUNCAN, South Carolina\nGREG WALDEN, Oregon (ex officio)\n                             \n                             \n                             C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nHon. Fred Upton, a Representative in Congress from the State of \n  Michigan, opening statement....................................     1\n    Prepared statement...........................................     3\nHon. Bobby L. Rush, a Representative in Congress from the State \n  of Illinois, opening statement.................................     4\n    Prepared statement...........................................     5\nHon. Greg Walden, a Representative in Congress from the State of \n  Oregon, opening statement......................................     6\n    Prepared statement...........................................     8\nHon. Frank Pallone, Jr., a Representative in Congress from the \n  State of New Jersey, opening statement.........................     9\n    Prepared statement...........................................    10\n\n                                Witness\n\nKaren Evans, Assistant Secretary, Office of Cybersecurity, Energy \n  Security, and Emergency Response, Department of Energy.........    11\n    Prepared statement...........................................    14\n    Answers to submitted questions \\1\\...........................    58\n\n                           Submitted Material\n\nReport of the Office of Electricity Delivery and Energy \n  Reliability, Department of Energy, ``Multiyear Plan for Energy \n  Sector Cybersecurity,\'\' March 2018, submitted by Mr. Upton \\2\\\nLetter of January 24, 2018, from Mr. Walden, et al., to Rick \n  Perry, Secretary, Department of Energy, submitted by Mr. Upton.    46\nLetter of March 13, 2018, from Rick Perry, Secretary, Department \n  of Energy, to Mr. Walden, submitted by Mr. Upton...............    49\nLetter of September 26, 2018, from American Public Power \n  Association, et al., to Hon. Paul D. Ryan, Speaker of the House \n  of Representatives, submitted by Mr. Upton.....................    56\n\n----------\n\\1\\ Ms. Evans did not answer submitted questions by the closing \n  of the record.\n\\2\\ The information has been retained in committee files and also \n  is available at  https://docs.house.gov/Committee/Calendar/\n  ByEvent.aspx?EventID\n  =108725.\n\n \n DOE MODERNIZATION: THE OFFICE OF CYBERSECURITY, ENERGY SECURITY, AND \n                           EMERGENCY RESPONSE\n\n                              ----------                              \n\n\n                      THURSDAY, SEPTEMBER 27, 2018\n\n                  House of Representatives,\n                            Subcommittee on Energy,\n                          Committee on Energy and Commerce,\n                                                    Washington, DC.\n    The subcommittee met, pursuant to call, at 10:16 a.m., in \nroom 2322, Rayburn House Office Building, Hon. Fred Upton \n(chairman of the subcommittee) presiding.\n    Member present: Representatives Upton, Olson, Barton, \nShimkus, Latta, McKinley, Griffith, Johnson, Long, Flores, \nMullin, Hudson, Walberg, Duncan, Walden (ex officio), Rush, \nMcNerney, Welch, Tonko, Schrader, Kennedy, and Pallone (ex \nofficio).\n    Staff present: Samantha Bopp, Staff Assistant; Kelly \nCollins, Legislative Clerk, Energy and Environment; Margaret \nTucker Fogarty, Staff Assistant; Jordan Haverly, Policy \nCoordinator, Environment; Ryan Long, Deputy Staff Director; \nMary Martin, Chief Counsel, Energy and Environment; Sarah \nMatthews, Press Secretary, Energy and Environment; Drew \nMcDowell, Executive Assistant; Brandon Mooney, Deputy Chief \nCounsel, Energy; Brannon Rains, Staff Assistant; Mark Ratner, \nPolicy Coordinator; Annelise Rickert, Counsel, Energy; Peter \nSpencer, Senior Professional Staff Member, Energy; Austin \nStonebraker, Press Assistant; Madeline Vey, Policy Coordinator, \nDigital Commerce and Consumer Protection; Hamlin Wade, Special \nAdvisor for External Affairs; Rick Kessler, Minority Senior \nAdvisor and Staff Director, Energy and Environment; John \nMarshall, Minority Policy Coordinator; Alexander Ratner, \nMinority Policy Analyst; and Tuley Wright, Minority Policy \nAdvisor, Energy and Environment.\n\n   OPENING STATEMENT OF HON. FRED UPTON, A REPRESENTATIVE IN \n              CONGRESS FROM THE STATE OF MICHIGAN\n\n    Mr. Upton. Good morning, everybody.\n    Today\'s hearing will enable the subcommittee to consider \nthe current setup and plans for the Department of Energy\'s new \nOffice of Cybersecurity, Energy Security, and Emergency \nResponse. So the CESER office, as we fondly call it, represents \nan important new element of the Department with a mission to \ncarry out DOE\'s energy security and energy emergency functions \nmore effectively.\n    Throughout this Congress, we have identified key features \nof departmental modernization. These include the need for \nsufficient leadership and coordinated attention across the \nagency\'s many programs and operations to get ahead of the risks \nto our modern energy systems.\n    To underscore this, we move through committee H.R. 5174, \nthe Energy Emergency Leadership Act, which would establish \npermanent Assistant Secretary-level leadership over emergency \nresponse and cybersecurity functions. While enacting this into \nlaw takes time, I commend the Secretary of Energy for assigning \nthis level of leadership under his authority and for creating \nthe CESER office earlier this year.\n    And we are reminded weekly of the urgency for getting this \nleadership structure up and running smoothly. The risks are \nvaried and complex. We have devastating weather events and \nother natural hazards that can deprive communities of energy \nsupplies. We are seeing increasing risk to our energy delivery \nsystems by nation states intent on using cyber controls and \nvulnerabilities to threaten to leave regions of the Nation \nwithout power for perhaps weeks at a time. And the work to be \nbetter prepared for these risks and to be responsive when \nincidents occur is as urgent as ever.\n    There are critical gaps. And we have learned over the past \nyear that energy supplies through pipeline systems to power our \nbulk electric system may not fully be coordinated within the \nelectric sector to prepare for or respond to cyber or other \nrisks. So I cosponsored H.R. 5175 to help increase DOE\'s \ncoordination with other agencies and stakeholders on this \nfront.\n    The pieces are, in fact, coming together for DOE to \nconfront these risks, and we now have a Senate-confirmed head \nof the CESER office.\n    And I am pleased to welcome you this morning.\n    Assistant Secretary Karen Evans was sworn in about a month \nago, but her background in government suggests that she brings \nsome necessary skills to improve coordination across the agency \nand across the Federal Government.\n    Prior to her recent work leading the U.S. Cyber Challenge, \na private-public partnership to reduce the skills gap in \ncybersecurity, Ms. Evans served as the top information \ntechnology official at OMB during the Bush administration, \neffectively the Federal Government\'s chief information officer.\n    Prior to that, she was the Chief Information Officer at \nDOE, so she knows the Department pretty well. And I would like \nto learn today what other pieces are necessary to ensure that \nthe new office can fully carry out DOE\'s responsibilities.\n    One important area concerns the Department\'s role as the \nspecific agency for energy-related emergencies, including \ncybersecurity threats to our energy systems. It would be \nhelpful to understand CESER\'s role in carrying out this \nresponsibility and how the Assistant Secretary plans to work \nwith other agencies, especially the Department of Homeland \nSecurity. What does DOE bring to the table to enhance the \noverall Federal effort to guard our energy systems against \ncyber attacks and provide the resources if those attacks are \nsuccessful?\n    In addition, what DOE is learning from recent natural \ndisasters, and what additional steps it plans to take to more \neffectively respond to energy supply disruptions. We heard in \nan earlier hearing with the Under Secretary of Energy that the \nexpectations for what DOE can do in emergency exceeds its \nauthorities. Let\'s discuss what more DOE can do and work to see \nif we can address the authorities.\n    Without question, DOE serves on the front lines in the \nFederal effort to assure critical energy infrastructure \nprotection from all hazards. It provides the technological, \noperational, and informational expertise to assist stakeholders \nand other agencies. I want this hearing to help clarify just \nwhat DOE is doing to ensure that we can meet the critical \nmission.\n    And with that, I yield to the ranking member of the \nsubcommittee and my friend, Mr. Rush.\n    [The prepared statement of Mr. Upton follows:]\n\n                 Prepared statement of Hon. Fred Upton\n\n    Today\'s hearing will enable the subcommittee to consider \nthe current setup and plans for the Department of Energy\'s new \nOffice of Cybersecurity, Energy Security, and Emergency \nResponse.\n    The CESER office, as we have come to call it, represents an \nimportant new element of the Department, with a mission to \ncarry out DOE\'s energy security and energy emergency functions \nmore effectively.\n    Throughout this Congress, we have identified key features \nof Departmental modernization. These include the need for \nsufficient leadership and coordinated attention across the \nagency\'s many programs and operations to get ahead of the risks \nto our modern energy systems. To underscore this, we moved \nthrough committee H.R. 5174, The Energy Emergency Leadership \nAct, which would establish permanent assistant-secretary-level \nleadership over emergency response and cybersecurity functions.\n    While enacting this into law takes time, I commend the \nSecretary of Energy for assigning this level of leadership, \nunder his authority, and for creating the CESER office this \nyear.\n    We are reminded weekly of the urgency for getting this \nleadership structure up and running smoothly. The risks are \nvaried and complex.\n    We have devasting weather events and other natural hazards \nthat can deprive communities of energy supplies. We are seeing \nincreasing risks to our energy delivery systems by nation \nstates, intent on using cyber controls and vulnerabilities to \nthreaten to leave regions of the Nation without power.\n    The work to be better prepared for these risks, and to be \nresponsive when incidents occur is as urgent as ever. There are \ncritical gaps. We have learned over the past year that energy \nsupplies through pipeline systems to power our bulk electric \nsystem may not be fully coordinated within the electric sector \nto prepare for or respond to cyber or other risks. I sponsored \nH.R. 5175, to help increase DOE\'s coordination with other \nagencies and stakeholders on this front.\n    The pieces are coming together for the Department to help \nDOE confront these risks. We now have a Senate confirmed head \nof the CESER office. And I\'m pleased to welcome her this \nmorning.\n    Assistant Secretary Karen Evans was sworn in just 1 month \nago, but her background in government suggests she brings some \nnecessary skills to improve coordination across the agency, and \nacross the Federal Government.\n    Prior to her recent work leading the U.S. Cyber Challenge, \na public private partnership to reduce the skills gap in \ncybersecurity, Ms. Evans served as the top information \ntechnology official at OMB during the Bush administration--\neffectively the Federal Government\'s Chief Information Officer. \nPrior to that she was Chief Information Officer at DOE, so she \nknows the department.\n    I\'d like to learn today what other pieces are necessary to \nensure the new Office can fully carry out DOE\'s \nresponsibilities. One important area concerns the Department\'s \nrole as a sector specific agency for energy-related \nemergencies, including cybersecurity threats to our energy \nsystems.\n    It would be helpful to understand CESER\'s role in carrying \nout this responsibility, and how the Assistant Secretary plans \nto work with other agencies, especially the Department of \nHomeland Security. What does DOE bring to the table to enhance \nthe overall Federal effort to guard our energy systems against \ncyber attacks and provide the resources if those attacks are \nsuccessful?\n    In addition, what DOE is learning from recent natural \ndisasters and what additional steps it plans to take to more \neffectively respond to energy supply disruptions? We heard in \nan earlier hearing with the Under Secretary of Energy that the \nexpectations for what DOE can do in an emergency exceed its \nauthorities. Let\'s discuss what more DOE can do, and work to \nsee if we can address its authorities.\n    Without question, DOE serves on the front lines in the \nFederal efforts to assure critical energy infrastructure \nprotection, from all hazards. It provides the technological, \noperational, and informational expertise to assist stakeholders \nand other agencies. I\'d like this hearing to help clarify just \nwhat DOE is doing to ensure it meets this critical mission.\n\n OPENING STATEMENT OF HON. BOBBY L. RUSH, A REPRESENTATIVE IN \n              CONGRESS FROM THE STATE OF ILLINOIS\n\n    Mr. Rush. Well, thank you, Mr. Chairman. And I want to \nthank you for holding this important and timely hearing. And I \nwant to join with you to welcome Assistant Secretary Evans to \nthe Energy Subcommittee for the very first time.\n    Mr. Chairman, the issue of cybersecurity is always a \npermanent component of our mindset among members of this \nsubcommittee, as well as the mindset of the American public, as \nwe have heard of many instances of cyber attacks and cyber \nprobes both domestically and abroad over the past few years.\n    As recently as April, we heard from the FERC Commissioners \nthat our energy grid is constantly being attacked, almost \ndaily, by state actors as well as by other entities who would \ntry to do us harm.\n    While we have not yet seen widespread outages due to cyber \nattacks on our electric grid, it is imperative that we take \nproactive steps to mitigate the risk of these attacks to the \nmaximum extent possible.\n    It is my hope, Mr. Chairman, and my expectation that \ninstalling Assistant Secretary Evans into her new role as head \nof the Office of Cybersecurity, Energy Security, and Emergency \nResponse, or CESER, will go a long way in achieving that \nobjective.\n    As you know, Mr. Chairman, I have worked with my colleague \nMr. Walberg of Michigan on a bill that codifies the work that \nDOE has already been conducting when we introduced H.R. 5174, \nthe Energy Emergency Leadership Act, back in March. I want to \nacknowledge my friend Mr. Walberg for his leadership on this \nissue and convey my appreciation to all of my colleagues on \nboth sides of the aisle for their support of the legislation \nthat has passed through both the subcommittee and the full \ncommittee earlier this spring.\n    As you know, Mr. Chairman, H.R. 5174 would basically codify \nthis new position by amending Section 203(a) of the Department \nof Energy Organization Act and establishing the Assistant \nSecretary position responsible for cybersecurity and emergency \nresponse issues.\n    The newly created Assistant Secretary will have \njurisdiction over all energy emergency and security functions \nrelated to energy supply, infrastructure, and cybersecurity. \nThis bill will also authorize the new Assistant Secretary to \nprovide DOE technical assistance as well as support and \nresponse capabilities with respect to energy security risks to \nState, local, or Tribal governments upon request.\n    Mr. Chairman, this legislation, along with the work that \nDOE is already doing, will go a long way in helping to protect \nthe Nation\'s electric infrastructure from hackers who would \nattempt to disrupt our energy grid and cause untold harm to our \neconomy, our daily lives, and to our overall national security.\n    However, as a letter my office received yesterday, Mr. \nChairman, from the American Public Power Association, the \nEdison Electric Institute, and the National Rural Electric \nCooperative Association urges, we must act in a bipartisan way \nto get this bill and other legislation addressing cybersecurity \nconcerns out of committee and onto the House floor in a timely \nmanner.\n    As policymakers, we all want to ensure that we are \nproviding DOE and each of the agencies all of the authorities \nand resources that they need to comprehensively address the \ncyber threats that our Nation faces.\n    So, Mr. Chairman, I look forward to this hearing. I look \nforward to Assistant Secretary Evans\' feedback on this bill as \nwell as some of her top priorities in her new position.\n    With that, Mr. Chairman, I yield back the balance of my \ntime.\n    [The prepared statement of Mr. Rush follows:]\n\n                Prepared statement of Hon. Bobby L. Rush\n\n    Mr. Chairman, I want to thank you for holding this \nimportant and timely hearing, and I want to welcome Assistant \nSecretary Evans to the Energy Subcommittee for the first time.\n    Mr. Chairman, the issue of cybersecurity is always \nprevalent in the minds of members of this subcommittee, as well \nas in the minds of the American public, as we have heard of \nmany instances of cyber attacks and cyber probes, both \ndomestically and abroad, over the past few years.\n    Mr. Chairman, as recently as April we heard from the FERC \nCommissioners that our energy grid is constantly being \nattacked, almost daily, by state actors, as well as by other \nentities who would try to do us harm.\n    While we have not yet seen widespread outages due to cyber \nattacks on our electric grid, it is imperative that we take \nproactive steps to mitigate the risk of these types of attacks, \nto the maximum extent possible.\n    It is my hope and expectation that installing Assistant \nSecretary Evans into her new role as head of the Office of \nCybersecurity, Energy Security, and Emergency Response, or \nCESER, will go a long way in achieving that objective.\n    Mr. Chairman, as you know, I have worked with my colleague, \nMr. Walberg of Michigan, on a bill to codify some of the work \nthat DOE has already been conducting when we introduced H.R. \n5174, the Energy Emergency Leadership Act, back in March.\n    I want to acknowledge Mr. Walberg for his leadership on \nthis issue and convey my appreciation to all of my colleagues \nfrom both sides of the aisle for their support of the \nlegislation as it passed through the both subcommittee and full \ncommittee earlier this spring.\n    As you know, Mr. Chairman, H.R. 5174 would basically codify \nthis new position by amending Section 203(a) of the Department \nof Energy Organization Act and establishing the Assistant \nSecretary position responsible for cybersecurity and emergency \nresponse issues.\n    The newly created Assistant Secretary would have \njurisdiction over all energy emergency and security functions \nrelated to energy supply, infrastructure, and cybersecurity.\n    Mr. Chairman, this bill would also authorize the new \nAssistant Secretary to provide DOE technical assistance as well \nas support and response capabilities with respect to energy \nsecurity risks to State, local, or Tribal governments upon \nrequest.\n    Mr. Chairman, this legislation, along with the work that \nDOE is already doing, will go a long way in helping to protect \nthe Nation\'s electric infrastructure from hackers who would \nattempt to disrupt our energy grid and cause untold harm to our \neconomy, our daily lives, and to our overall national security.\n    However, as the letter my office received yesterday from \nthe American Public Power Association, the Edison Electric \nInstitute, and the National Rural Electric Cooperative \nAssociation urges, we must act in a bipartisan way to get this \nbill and other legislation addressing cybersecurity concerns \nout of committee and onto the House floor in a timely manner.\n    As policymakers, we all want to ensure that we are \nproviding DOE and each of the agencies all of the authorities \nand resources that they need to comprehensively address the \ncyber threats that our Nation faces.\n    So, I look forward to hearing from Assistant Secretary \nEvans on her feedback on this bill, as well as some of her top \npriorities in this new position.\n    And with that, I yield back the balance of my time.\n\n    Mr. Upton. Thank you.\n    The gentleman\'s time has expired.\n    The Chair would recognize the chair of the full committee, \nthe gentleman from Oregon, Mr. Walden, for 5 minutes for an \nopening statement.\n\n  OPENING STATEMENT OF HON. GREG WALDEN, A REPRESENTATIVE IN \n               CONGRESS FROM THE STATE OF OREGON\n\n    Mr. Walden. Thank you very much, Mr. Chairman.\n    Today\'s hearing is an important and timely opportunity to \nlearn about Department of Energy\'s efforts to protect our \nNation\'s energy infrastructure against cyber threats and \nphysical threats.\n    Whether it is the constant cybersecurity attacks on our \nNation\'s grid or the physical threats of emergencies such as \nhurricanes, it is DOE\'s job to ensure our critical energy \ninfrastructure is secure from all hazards and that energy is \ndelivered to consumers throughout all situations.\n    Now, Secretary Perry has promised to strengthen the \nDepartment\'s cyber and energy security capabilities. And he \nfollowed through with the establishment of a new Office of \nCybersecurity, Energy Security, and Emergency Response, known \nas CESER.\n    I want to welcome our witness today: Assistant Secretary \nKaren Evans.\n    Good to have you here.\n    She was recently confirmed as head of the CESER office. I \nhad the pleasure of speaking with the Secretary last week, when \nthe administration released its National Cybersecurity \nStrategy.\n    So it is good to have you here before the committee.\n    Protecting our Nation\'s energy infrastructure is critical \nto maintaining so much of the American way of life. The \nreliable supply and delivery of energy is vital to our Nation\'s \neconomy, our national security, and the public health and \nwelfare of our citizens.\n    With energy systems now massively digitized and \ninterconnected, we know about the new threats and \nvulnerabilities that have emerged. So it is a whole-of-\ngovernment effort. But DOE, in particular, must be vigilant and \nprepared when it comes to ensuring energy access and delivery \nthrough cyber threats, physical threats, and emergencies.\n    DOE has authority and responsibilities for the physical and \ncybersecurity of energy delivery systems based upon laws that \nCongress has passed and that the President has passed and \nPresidential directives. Congress provided DOE with a wide \nrange of emergency response and cybersecurity authorities, \nbeginning with Department of Energy Organization Act and most \nrecently with the Fixing America\'s Surface Transportation Act.\n    As the sector-specific agency for energy, Department of \nEnergy has a crucial coordinating role to play in securing our \nenergy infrastructure.\n    And I know you know that.\n    Under Assistant Secretary Evans\' leadership, we understand \nthat CESER will work to bolster energy-sector cybersecurity \npreparedness, coordinate cyber incident response and recovery, \nand accelerate research, development, and demonstration of more \nresilient energy delivery systems.\n    When it comes to energy security and emergency response, \nthis new office with analyze infrastructure vulnerabilities, it \nwill recommend preventive measures, and help other agencies \nprepare for and respond to energy emergencies. CESER\'s ultimate \nmission is to mitigate the risk of energy disruptions. So this \nincludes DOE conducting emergency energy operations during a \ndeclared emergency or a situation of national security.\n    So, when it comes to research, when it comes to \ndevelopment, when it comes to the demonstration of more \nresilient energy delivery systems, Department of Energy\'s \nNational Laboratories have incredible, tremendous capabilities \nthat can be brought to bear.\n    Earlier this year, I had the opportunity to visit DOE\'s \nIdaho National Lab, INL, which utilizes cybersecurity \nresearchers in collaboration with a broad range of industries \nand vendors to develop mitigation techniques and tools. INL \nalso has the unique capability to test cyber and physical \nsecurity applications on a full-scale electric grid.\n    And as you know, Madam Secretary, we were able to get some \nof those experts back here to give us on the committee a \nclassified briefing about the threat and their ability to cope \nwith it.\n    Our Nation\'s energy infrastructure is largely privately \nowned and operated. Because of this, DOE works closely with \nenergy-sector owners and operators to better detect risks and \nmitigate against them. Specifically, CESER collaborates with \ngovernment and private-sector partners to develop technologies, \ntools, exercises, and other resources.\n    One example of DOE\'s efforts to strengthen public-private \npartnerships is through its Clear Path IV regional exercise. In \nApril of 2016, DOE hosted the Clear Path IV energy-focused \ndisaster response exercise in my home State of Oregon. The \nexercise scenario consisted of a magnitude-9.0 earthquake and \nsubsequent tsunami occurring along the 700-mile-long Cascadia \nSubduction Zone, which, of course, would cause catastrophic \ndamage.\n    This 2-day event in Portland and Washington, DC, included \nroughly 200 participants from Federal, State, and local \ngovernments as well as the electric sector and oil and gas \nindustries. This exercise provided valuable insights and \nrecommendations for the energy sector on the government and \nindustry sides to help improve policies, plans, and procedures \nfor energy emergencies.\n    So today\'s hearing is of the utmost importance because the \nreliable and uninterrupted flow of energy impacts every aspect \nof our daily lives. So I look forward to hearing more about \nDOE\'s new CESER office and its role in overseeing \ncybersecurity, energy security, and emergency response for the \nenergy sector.\n    And, again, thank you for being here.\n    And, as a caveat, we have another hearing going on \ndownstairs, so I have to bounce back and forth between the two, \nas other members may have to do.\n    And with that, Mr. Chairman, I yield back.\n    [The prepared statement of Mr. Walden follows:]\n\n                 Prepared statement of Hon. Greg Walden\n\n    Today\'s hearing is an important and timely opportunity to \nlearn more about the Department of Energy\'s efforts to protect \nour Nation\'s energy infrastructure against cyber threat and \nphysical threats. Whether it is the constant cybersecurity \nattacks on our Nation\'s grid or the physical threats of \nemergencies such as hurricanes, it\'s DOE\'s job to ensure our \ncritical energy infrastructure is secure from all hazards, and \nthat energy is delivered to consumers throughout these \nsituations.\n    Secretary Perry promised to strengthen the Department\'s \ncyber and energy security capabilities, and he followed through \nwith the establishment of a new office of Cybersecurity, Energy \nSecurity, and Emergency Response, known as CESER. I want to \nwelcome our witness today, Assistant Secretary Karen Evans, who \nwas recently confirmed as head of the CESER office. I had the \npleasure of speaking with Assistant Secretary Evans last week \nwhen the administration released its National Cybersecurity \nStrategy. I look forward to hearing more from her on this new \nstrategy and CESER\'s role in it.\n    Protecting our Nation\'s energy infrastructure is critical \nto maintaining so much of the American way of life. The \nreliable supply and delivery of energy is vital to our Nation\'s \neconomy, national security, and the public health and welfare \nof its citizens. With energy systems now massively digitized \nand interconnected, new threats and vulnerabilities have \nemerged. It\'s a whole of government effort, but DOE, in \nparticular, must be vigilant and prepared when it comes to \nensuring energy access and delivery through cyber threats, \nphysical threats, and emergency situations.\n    DOE has authority and responsibilities for the physical and \ncybersecurity of energy delivery systems based upon laws that \nCongress has passed and Presidential directives. Congress \nprovided DOE with a wide range of emergency response and \ncybersecurity authorities, beginning with the Department of \nEnergy Organization Act, and most recently with the Fixing \nAmerica\'s Surface Transportation Act (FAST Act).\n    As the sector-specific agency for the energy, DOE has a \ncrucial coordinating role to play in securing our energy \ninfrastructure. Under Assistant Secretary Evans\' leadership, we \nunderstand that CESER will work to bolster energy sector \ncybersecurity preparedness, coordinate cyber incident response \nand recovery, and accelerate research, development, and \ndemonstration of more resilient energy delivery systems. When \nit comes to energy security and emergency response, this new \noffice will analyze infrastructure vulnerabilities, recommend \npreventative measures, and help other agencies prepare for and \nrespond to energy emergencies. CESER\'s ultimate mission is to \nmitigate the risk of energy disruptions. This includes DOE \nconducting emergency energy operations during a declared \nemergency or situation of national security.\n    When it comes to research, development, and demonstration \nof more resilient energy delivery systems, DOE\'s National \nLaboratories have tremendous capabilities that can be brought \nto bear. Earlier this year, I had the opportunity to visit \nDOE\'s Idaho National Lab (INL), which utilizes cybersecurity \nresearchers in collaboration with a broad range of industries \nand vendors to develop mitigation techniques and tools. INL \nalso has a unique capability to test cyber and physical \nsecurity applications on a full-scale electric grid.\n    Our Nation\'s energy infrastructure is largely privately \nowned and operated; because of this, DOE works closely with \nenergy sector owners and operators to better detect risks and \nmitigate against them. Specifically, CESER collaborates with \ngovernment and private sector partners to develop technologies, \ntools, exercises, and other resources.\n    One example of DOE\'s efforts to strengthen public-private \npartnerships is through it\'s Clear Path IV regional exercise. \nIn April 2016, DOE hosted the Clear Path IV energy-focused \ndisaster response exercise in my home State of Oregon. The \nexercise scenario consisted of a magnitude 9.0 earthquake and \nsubsequent tsunami occurring along the 700-mile long Cascadia \nSubduction Zone, causing catastrophic damage. This two-day \nevent in Portland and Washington, DC, included roughly 200 \nparticipants from Federal, State, and local governments as well \nas electric sector and oil and gas industries participants. \nThis exercise provided valuable insights and recommendations \nfor the energy sector--on the government and industry sides--to \nimprove policies, plans, and procedures for energy emergencies.\n    Today\'s hearing is of the utmost importance because the \nreliable and uninterrupted flow of energy impacts every aspect \nof our daily lives. I look forward to hearing more about DOE\'s \nnew CESER office and its role in overseeing cybersecurity, \nenergy security and emergency response for the energy sector.\n\n    Mr. Upton. Thank you.\n    The Chair would recognize the ranking member of the full \ncommittee, Mr. Pallone, for 5 minutes for an opening statement.\n\nOPENING STATEMENT OF HON. FRANK PALLONE, JR., A REPRESENTATIVE \n            IN CONGRESS FROM THE STATE OF NEW JERSEY\n\n    Mr. Pallone. Thank you, Chairman Upton.\n    I want to welcome Assistant Secretary Evans here today and \nthank the chairman for holding this important hearing. As a \ncommittee, we need a deeper analysis of cybersecurity issues at \nthe Department of Energy so members can truly understand the \nchallenges and threats facing our grid and the energy sector as \na whole.\n    I also continue to believe that the committee should hold a \nclosed-door hearing to look at the cybersecurity risks to our \nelectricity grid. There are classified aspects of this issue \nthat can\'t be discussed at a public hearing like this, and \nmembers should have the opportunity to be briefed on this high-\nlevel information in order to ensure we are adequately \nprotecting the grid from threats.\n    To date, the energy sector has done a good job of guarding \nconsumers against losses caused by a cyber or physical attack. \nBut make no mistake, the threats are out there.\n    In December 2015, Russian state hackers successfully \ncompromised Ukraine\'s electrical grid, shutting down multiple \ndistribution centers and leaving more than 200,000 residents \nwithout power for their lights and heaters. It was a \nsophisticated and synchronized attack, and it stands as the \nonly recognized cyber attack to successfully take down a power \ngrid. And we owe it to the American people to ask whether \nanything about that attack could be replicated here, whether it \nbe the electric system, the gas system or dams, or the railways \nthat carry coal to power plants.\n    Russia hacked the 2016 election, as we know, and it is \nclear that the Trump administration is not doing enough to \nprevent Russia from a repeat performance on election day this \nNovember.\n    So what are we doing to prevent them from attacking our \nenergy sector the way they did our electoral process just 2 \nyears ago? What are we doing to stop Russia from hacking our \nenergy systems the way they hacked Ukraine\'s grid? And how can \nwe make our energy sector more secure and utility workers more \nvigilant of cyber and physical security threats? And these are \nimportant questions that this committee must ask.\n    So I am pleased we finally have an Assistant Secretary in \nplace at DOE to oversee cyber threats to our electricity grid, \nbut I am seriously concerned that the Trump administration does \nnot have a senior official in the White House taking the lead \non our Nation\'s cyber defense.\n    In May, President Trump eliminated the job of National \nCybersecurity Coordinator, and 4 months later, there is still \nno senior official in the administration coordinating a \nresponse to the Russian cyber attacks. While DOE\'s role in \ncybersecurity is clearly important, a national response to \nthese coordinated attacks cannot be done agency by agency.\n    And the administration must not use cyber threats to our \nNation\'s grid as an excuse to abuse emergency authorities in \nthe name of justifying subsidies to favored industries or \ncompanies. Too often, officials in this administration have \ntouted the notion that the natural gas system is somehow \nunreliable or not able to fuel electricity production in as \nsecure a manner as coal. And all forms of electric generation \nand their fuels are vulnerable to disruption, whether manmade \nor due to extreme whether and other natural events. Coal piles \nfreeze, and trains derail. A dam with a line carrying power \nfrom a nuclear plant can be every bit as vulnerable as a \nnatural gas pipeline or a wind turbine. And there are serious \nthreats we should be looking to guard against. But we shouldn\'t \nbe questioning the security of the system just to boost plants \nthat are not economic in the marketplace.\n    In early May, the committee passed four bipartisan bills to \nenhance the Department of Energy\'s authorities with regard to \nthe cybersecurity of our Nation\'s energy infrastructure. This \nincludes H.R. 5174, the Energy Emergency Leadership Act, \nsponsored by Ranking Member Rush and Representative Walberg. \nAnd this bill would formally authorize a DOE Assistant \nSecretary position with jurisdiction over all energy emergency \nand security functions related to energy supply, \ninfrastructure, and cybersecurity.\n    Mr. Chairman, I am disappointed that these four bipartisan \nbills have yet to receive consideration before the House, and I \nwould like to work with you to pass these proposals before the \nend of the 115th Congress.\n    So, again, I look forward to the discussion today, Mr. \nChairman. I yield back.\n    [The prepared statement of Mr. Pallone follows:]\n\n             Prepared statement of Hon. Frank Pallone, Jr.\n\n    I want to welcome Assistant Secretary Evans here today and \nthank the chairman for holding this important hearing.\n    As a committee, we need a deeper analysis of cybersecurity \nissues at the Department of Energy so Members can truly \nunderstand the challenges and threats facing our grid and the \nenergy sector as a whole. I also continue to believe that the \ncommittee should hold a closed-door hearing to look at the \ncybersecurity risks to our electricity grid. There are \nclassified aspects of this issue that cannot be discussed in a \npublic hearing like this, and Members deserve the opportunity \nto be briefed on this high-level information in order to ensure \nwe are adequately protecting the grid from threats.\n    To date, the energy sector has done a good job of guarding \nconsumers against losses caused by a cyber or physical attack. \nBut make no mistake: The threats are out there.\n    In December 2015, Russian state hackers successfully \ncompromised Ukraine\'s electric grid, shutting down multiple \ndistribution centers and leaving more than 200,000 residents \nwithout power for their lights and heaters. It was a \nsophisticated and synchronized attack, and it stands as the \nonly recognized cyber attack to successfully take down a power \ngrid.\n    We owe it to the American people to ask whether anything \nabout that attack could be replicated here, whether it be the \nelectric system, the gas system, on dams, or on the railways \nthat carry coal to power plants. Russia hacked the 2016 \nelection, and it\'s clear that the Trump administration is not \ndoing enough to prevent Russia from a repeat performance on \nelection day this November. So, what are we doing to prevent \nthem from attacking our energy sector the way they did our \nelectoral process 2 years ago? What are we doing today to stop \nRussia from hacking our energy systems the way they hacked \nUkraine\'s grid? How can we make our energy sector more secure \nand utility workers more vigilant of cyber and physical \nsecurity threats? These are important questions that this \ncommittee must ask.\n    I\'m pleased we finally have an Assistant Secretary in place \nat DOE to oversee cyber threats to our electricity grid. But I \nam seriously concerned that the Trump administration does not \nhave a senior official in the White House taking the lead on \nour Nation\'s cyber defense. In May, President Trump eliminated \nthe job of national cybersecurity coordinator. Four months \nlater, there is still no senior official in the administration \ncoordinating a response to the Russian cyber attacks. While \nDOE\'s role in cybersecurity is clearly important, a national \nresponse to these coordinated attacks cannot be done agency by \nagency.\n    And the administration must not use cyber threats to our \nNation\'s grid as an excuse to abuse emergency authorities in \nthe name of justifying subsidies to favored industries or \ncompanies. Too often, officials in this administration have \ntouted the notion that the natural gas system is somehow \nunreliable or not able to fuel electricity production in as \nsecure a manner as coal. All forms of electric generation and \ntheir fuels are vulnerable to disruption, whether manmade or \ndue to extreme weather and other natural events. Coal piles \nfreeze, trains derail. A dam or the line carrying power from a \nnuclear plant can be every bit as vulnerable as a natural gas \npipeline or a wind turbine. There are serious threats we should \nbe looking to guard against, but we shouldn\'t be questioning \nthe security of the system just to boost plants that are not \neconomic in the marketplace.\n    In early May, the committee passed four bipartisan bills to \nenhance the Department of Energy\'s authorities with regard to \nthe cybersecurity of our Nation\'s energy infrastructure. This \nincludes H.R. 5174, the Energy Emergency Leadership Act, \nsponsored by Ranking Member Rush and Representative Wahlberg. \nThis bill would formally authorize a DOE Assistant Secretary \nposition with jurisdiction over all energy emergency and \nsecurity functions related to energy supply, infrastructure, \nand cybersecurity. Mr. Chairman, I am disappointed that these \nfour bipartisan bills have yet to receive consideration before \nthe House. I would like to work with you to pass these \nproposals before the end of the 115th Congress.\n    Again, I look forward to the discussion today and yield \nback.\n\n    Mr. Upton. Thank you.\n    The gentleman yields back.\n    At this point, we are going to hear from our witness.\n    We appreciate you sending your testimony up. It will be \nmade part of the record in its entirety. And we will let you \nhave 5 minutes to summarize it, at which point we will ask \nquestions. Thank you. Thanks for being here this morning.\n\n   STATEMENT OF KAREN EVANS, ASSISTANT SECRETARY, OFFICE OF \n    CYBERSECURITY, ENERGY SECURITY, AND EMERGENCY RESPONSE, \n                      DEPARTMENT OF ENERGY\n\n    Ms. Evans. Thank you.\n    Chairman Upton, Ranking Member Rush, and members of the \ncommittee, thank you for the opportunity to discuss the \ncontinuing threats facing our national energy infrastructure.\n    Focusing on cybersecurity, energy security, and resilience \nof the Nation\'s energy systems is one of the Secretary\'s top \npriorities. By creating the Office of Cybersecurity, Energy \nSecurity, and Emergency Response, also known as CESER, the \nSecretary clearly demonstrated his priorities and his \ncommitment to achieving the administration\'s goal of energy \nsecurity and, more broadly, national security.\n    Our Nation\'s energy infrastructure has become a primary \ntarget for hostile cyber actors, both state-sponsored and \nprivate groups. The frequency, scale, and sophistication of \ncyber threats have increased, and attacks can be much easier to \nlaunch. Cyber incidents have the potential to interrupt energy \nservices, damage highly specialized equipment, and threaten \nhuman health and safety.\n    The recent release of the President\'s National Cyber \nStrategy reflects the administration\'s commitment to protecting \nAmerica from cyber threats. The Department of Energy plays a \nvital role in supporting the security of our Nation\'s critical \nenergy infrastructure. As a result, energy cybersecurity and \nresilience has emerged as one of the Nation\'s most important \nsecurity challenges, and fostering partnerships with public and \nprivate stakeholders will be of the utmost importance for me as \nthe Assistant Secretary of CESER.\n    Recently, CESER demonstrated the emergency response \nfunction through multiple weather events. The hurricanes \nactivated our emergency response plan, while we also addressed \nthe overpressurization of a Columbia Gas natural gas pipeline \nwith the Oil and Natural Gas Subsector Coordinating Council \nthat caused multiple explosions and fires at residential \nlocations in Massachusetts.\n    However, today, I would like to focus my testimony \nprimarily on the cybersecurity function of the office and how \nCESER will meet the priorities of the administration and work \nin conjunction with our Federal agencies, State, local, and \nTribal governments, our industry partners, and our National \nLaboratories.\n    DOE\'s role in the energy-sector cybersecurity is \nestablished in statute and executive action. In 2015, Congress \npassed the Fixing America\'s Surface Transportation Act, \nspecifically naming DOE as the sector-specific agency for \ncybersecurity for the energy sector.\n    The creation of CESER elevates the Department\'s focus on \nthe energy infrastructure protection and will enable a more \ncoordinated preparedness and response to cyber and physical \nthreats and natural disasters with the private sector as well \nas Federal, State, and local government partners. This includes \nelectricity transmission and delivery, oil and natural gas \ninfrastructure, and all forms of generation.\n    The Secretary has conveyed that he has no higher priority \nthan to support the national security of our Nation\'s critical \nenergy infrastructure. The formation of the CESER office \nenhances the Department\'s ability to dedicate and focus \nattention on DOE\'s SSA responsibilities and will provide \ngreater visibility, accountability, and flexibility to better \nprotect our Nation\'s energy infrastructure and support asset \nowners, as well as the overall critical infrastructure response \nframework as overseen by the Department of Homeland Security.\n    The energy sector, the core of the critical infrastructure \npartners, consists of the Energy Subsector Coordinating \nCouncil, the Oil and Natural Gas Subsector Coordinating \nCouncil, and the Energy Government Coordinating Council. The \nESCC and the ONG SCC represent the interests of their \nrespective industries. The EGCC is led by DOE and DHS and is \nwhere the interagency partners, States, and international \npartners come together to discuss important security and \nresilience issues for the energy sector. This forum ensures \nthat we are working together in a whole-of-government response.\n    I appreciate the opportunity to appear before this \ncommittee to discuss cybersecurity in the energy sector, and I \napplaud your leadership. I look forward to working with you and \nyour respective staffs to continue to address cyber and \nphysical security challenges.\n    [The prepared statement of Ms. Evans follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    Mr. Upton. Thank you so much. You are one of the first \nwitnesses that we have ever had that has yielded back some of \nher time. So thank you. It is a good week.\n    So, as you know, pursuant to authorities that Congress \nprovided in the FAST Act back in 2015, DOE is, in fact, the \nsector-specific agency for cyber for the energy sector. And as \nsuch, you all are responsible for coordinating with multiple \nFederal and State agencies and collaborating with critical \ninfrastructure owners and operators on activities associated \nwith identifying vulnerabilities and mitigating incidents that \nmay impact the energy sector.\n    And as I have listened to a number of different energy-\nsector firms, they really do believe that there ought to be \njust one lead cop on the beat. So that is one of the things \nthat we wanted to do when we, on a bipartisan basis, passed the \nFAST Act.\n    Can you tell us some of the greatest challenges--as you all \nare coordinating with other agencies--Homeland Security, \nothers--what difficulties have you had? Have you felt that it \nhas gone pretty well? Do we need to do more? This is something \nthat we want to make sure that you really are the cop on the \nbeat.\n    Ms. Evans. Thank you for the opportunity to answer that \nquestion. I would say that, based on my tenure to date, which--\nI am going to remind everybody this is, like, my fourth week.\n    Mr. Upton. Yes.\n    Ms. Evans. So I have had the opportunity to actually \nexperience this process firsthand, and I have really embraced \nthe priority of the Secretary and all my leadership in the SSA \nrole, which is providing that leadership and making sure that \nwe are the lead person, as you said, the one focal point where \nthe energy sector can come in.\n    And so I had the opportunity to do that with the hurricanes \nthat came through, and then at the same time we did have that \nnatural gas pipe explosion. So I got to see all of it and was \non the calls. And what has happened is, and the way that that \nworks is, we are the lead on those calls when we talk.\n    Now, it depends on which one we are talking about. So if we \nare talking about the ones that are being led by the energy \nsector, they lead that. And so the electricity subsector is led \nby industry, and we provide information into that, and we \nactively engage with them on that.\n    Our staffs all work together. And every night during that \nhurricane response, we were on with the CEOs of the companies \nand providing them, from the government standpoint--and DHS was \nwith us, and we had other partners in there as well, so that if \nquestions were asked, we led that response coming from us, and \nDHS then had the opportunity to provide information from cross-\nsector so that the energy sector could actually do what it \nneeded to do once we moved into a response mode.\n    So seeing it firsthand, seeing how it works, seeing that \nthey took the lessons learned from last year, and they applied \nit to this year\'s response. There were specific things that \nhappened last year, because of the way that this natural event \nwent, the hurricane went, that it was a one-two type of punch--\nthe event would come and then the flooding--there was specific \nplanning that was done with the industry partners that \nreflected those lessons learned. And we had the opportunity, \nbecause of the way these calls were done, that we could cross-\npollinate across the energy sector.\n    So it worked well. Right now, I don\'t necessarily see any \ngaps, but like I said, I am going to work through this. I am \nexcited to embrace this role. And should we see any gaps, I \nknow I would work with DHS and the other Federal agencies, and \nwe would come forward to our respective committees to ask for \nthat assistance.\n    Mr. Upton. So I know that, as we look at these disasters--\nthis committee sent a number of members on both sides of the \naisle down to look at Puerto Rico and the Virgin Islands last \nyear after that. And we had members from--obviously, Mr. \nKennedy, who was here earlier, and I suspect he will come back, \nwith the natural gas incident that they had up in \nMassachusetts. And we have members that, for sure, their \ndistricts were impacted by Florence in the last 2 weeks. I \nwould imagine that Members reached out to you all. Certainly, \ntheir industry partners did.\n    Any shortcomings that you see right away based on--had you \nknown something, perhaps would you all have acted any \ndifferently?\n    Ms. Evans. On this go-around, from what has happened?\n    Mr. Upton. Yes, so far.\n    Ms. Evans. So far, I would say that I have a team that is \nin place, that the Department has a team that is in place, and \nI have the honor to actually manage them, that know what they \nare doing in an emergency response situation. Their \nresponsibilities, our responsibilities as ES-12, when we \nactivate that response plan, they know exactly what they are \nsupposed to do. And when we identify issues that come in \nthrough the industry--because they come in multiple ways. Just \nlike you said, they will come in multiple ways. Our leadership \nwould hear something. It comes in. There are multiple meetings \nthat happen.\n    But the way that the mechanism is set up right now, there \nis the ability to catch it at multiple levels so that it does \nnot become an issue or that we at least have the appropriate \nagency working on what those authorities are.\n    So, for example, in the recovery, one of the things that \nwere being discussed was the ability to use drones. So \neverybody has them, but there are flight plans that have to be \nfiled, right? And so there was a working group immediately \nestablished so our sector knew exactly what was going on in the \nother sector based on the interaction that happens across with \nthe Emergency Response and the National Response Framework.\n    So there are multiple levels that happen. Do communications \nbreak down? It probably will. And how we need to respond to \nthat and then take that back in to improve it, that is what we \nare looking at.\n    And I know that the lessons learned were done from Puerto \nRico. And I have seen how they have actually applied those \nlessons learned through this response and heard those lessons \nactually being actually implemented by both industry and the \ngovernment as we were going through the response this go-\naround.\n    Mr. Upton. Thank you.\n    I yield to Mr. Rush.\n    Mr. Rush. Thank you, Mr. Chairman.\n    Assistant Secretary Evans, as I mentioned in my opening \nstatement, Mr. Walberg and I introduced H.R. 5174, the Energy \nEmergency Leadership Act, earlier this spring. And our \nobjective was to codify most of the work that the agency is \ncurrently undertaking and make sure that we have consistency \nmoving forward regardless of which administration is in office.\n    Are you familiar with the bill? And if so, do you have any \nfeedback regarding any of its provisions?\n    Ms. Evans. Yes, sir, I am familiar with the bill. And I \nthink the feedback and my presence and the establishment of my \noffice supports the idea of what is envisioned by congressional \nintent. So whatever gets passed by Congress, obviously, I would \nbe responsible for implementing it.\n    And so, I, again, am supportive of the leadership this \ncommittee shows and the support that this committee has and the \ntrust that you have in Department of Energy and the Secretary \nto accomplish the mission for the energy sector.\n    Mr. Rush. I understand, Madam Secretary, that in your \nprevious position you worked as the director of the US Cyber \nChallenge, an organization that is dedicated to building up the \ncybersecurity workforce.\n    From that experience and that perspective, do you have any \nconcerns that you want to share with the committee regarding \nthe Nation\'s workforce preparedness when it comes to \ncybersecurity or the threats to our electricity grid?\n    Are we doing all that we can to ensure that we have a \nhighly skilled, trained workforce, both presently and in the \nfuture, to address cybersecurity issues? And if not, what are \nsome of the recommendations that you may want to share with us \nto make sure that we have the capability to address these \nimportant issues related to our Nation\'s security and that \ncenters on the area of workforce development?\n    Ms. Evans. I appreciate that question. It is a passion of \nmine, and I appreciate being able to talk more about \ncybersecurity workforce issues.\n    So, as the President released the National Strategy for \nCybersecurity, under pillar 2, it specifically talks about the \ncybersecurity workforce for America as a whole. And as you \nknow, especially in DOE and its industry partners and in the--\nall of this infrastructure is owned by private industry. So \nwhen we start looking at the workforce, one of the biggest \nthings is making sure that the workforce has the basic skills \nthat it needs and then, in this particular sector, the \nspecialized skills as it relates to industrial control systems, \nSCADA systems, and understanding those.\n    So there are a lot of initiatives that are under way that \nare out in private industry that can be leveraged. There is \nwork that specifically DOE was doing, that we were watching \nfrom the outside and attempting to leverage that in.\n    So there is a specific competition. I really believe that \nyou can demonstrate this through competitions. And Congress did \npass a workforce act that dealt with allowing to use \ncompetitions for people to leverage what they know and to be \nable to demonstrate it quickly. So CyberForce is a competition \nthat DOE runs with the National Labs, and it is specifically \nfocused on the industrial control systems and the SCADA \nsystems.\n    So I am really looking forward to really making that more \nrobust and being able to expand that out for all of us to do. \nRight now, it is focused specifically on college students, but \nit needs to expand out more than that, because there are a lot \nof people that are in this workspace that need to have those \nskills. They need to be able to demonstrate those, and \ncompetitions are a way to be able to do that.\n    So when you ask me if there are areas where you can \nimprove, our education system and the STEM--and I know we are \ninvesting a lot in that--it does one level of knowledge. And \nwhat competitions do and what employers need to have and what \nthe Federal Government as a whole needs to have is that the \nperson, when they start on day one, have the ability to show \nhow they would apply that knowledge.\n    So if you think of it from a science degree, I go to \nlecture, but then I go to lab. So the competitions allow for \nthat applied knowledge, so that if I am hiring somebody, I know \nthey have the basic set of skills that I need to have, and now \nwhat I have to do is train them up for the delta in my industry \nor in my specific company or, in the case of the Federal \nGovernment or DOE, specifically in what we are doing as it \nrelates to cyber emergency response type of capabilities.\n    So there is a lot of promise, there is a lot of work that \nis happening in the universities. And I really view my job as \nnot to duplicate that but to leverage a lot of the work that is \nhappening nationally and be able to bring it into the \nDepartment of Energy as the sector-specific agency and be able \nto shine a light on that so that the industry as a whole will \nbe able to take advantage of it.\n    Mr. Rush. Thank you.\n    I yield back, Mr. Chairman.\n    Mr. Upton. Thank you.\n    Mr. Latta?\n    Mr. Latta. Well, thank you, Mr. Chairman.\n    And, Assistant Secretary, thanks very much for being with \nus today. Appreciate your testimony today.\n    You might be aware that I chair the Grid Innovation Caucus \nwith my good friend, Mr. McNerney. And we have worked on \nseveral pieces of legislation together, and I would like to \nhighlight one in particular, which is the CyberSense Act. And \nthis legislation requires the Department of Energy to establish \na voluntary CyberSense program to identify and promote \ncybersecure products intended in the bulk-power system. And the \nbulk-power system includes facilities and control systems \nnecessary for operating an interconnected electric energy \ntransmission network.\n    Would you talk about the work you are already doing on this \nfront and how voluntary programs like this one can help open \nlines of communications between the private sector and the DOE?\n    Ms. Evans. Thank you for the opportunity to talk about our \nprogram, called CyTRICS. It is the Cyber Testing for Resilience \nand Industrial Control Systems. And it is a pilot project to do \nsome of the work and what you intend in that area. And it is to \ntest component parts that go into operational technology that \nis used throughout the energy sector. So we are now starting \nthe pilot.\n    There are a lot of challenges as we start going through \nthis that aren\'t necessarily the technical challenges but \nmaking sure that we have the voluntary participation from our \nindustry partners as we go through this. We already have some \ncompanies that have volunteered to have their products tested.\n    What we then have to say and how we have to work this out \nwould be: What do we do with those results of the testing? How \nare we going to share that? How does that fit into an overall \nrisk management framework? How we would roll it up into what we \nare doing with the C2M2 maturity model that we have so that \nthose results, along with a lot of the other pieces that we are \nputting together, that a company will be able to look at that \nand say, OK, here are the products, here are the risks, here is \nwhat I have to do to mitigate that risk.\n    And then the information from these pilots will feed our \nother research and development efforts so that we can then \nrefine them based on the results that we are getting.\n    So we really are looking forward and we really are excited \nabout this particular project that we are looking at, because \nwe know that there could be a lot of risks associated with all \nthese different products that are coming into the energy \nsector, and so we have to make sure that we are aware of what \nthose risks are as we are implementing them.\n    Mr. Latta. Well, you talk about trying to get more \nvolunteers in there. How can we encourage more companies to \nreally want to volunteer to be part of that program then?\n    Ms. Evans. Well, so they could reach out to our office, in \nparticular, and I am happy--they can come through the sector \ncoordinating councils that they have, because most of them are \nactively participating in that, and they can volunteer through \nthat as well.\n    And as we identify and work through the challenges that we \nhave, the idea is then to have a framework. The whole purpose \nof my office is to take this research and then be able to \noperationalize it and to be able to take it out into industry \nso that they can actually use the results of the research and \nbe able to implement it.\n    And so the more that we can learn about what types of \nanomalies there might be from different companies, the faster \nwe will be able to develop that framework, and then the faster \nit will be able to be implemented and out in the \ninfrastructure.\n    Mr. Latta. OK.\n    Well, through this committee\'s efforts, DOE was established \nin statute as the lead sector-specific agency for cybersecurity \nfor the energy sector. This new mandate was included in the \nFAST Act of 2015.\n    While the lead sector-specific agency mandate is new, DOE \nhas been engaged in this work for many years. What makes DOE \nequipped to serve as the lead agency?\n    Ms. Evans. Well, thank you for that question.\n    And I would like to say that it is the expertise of the \nDepartment as a whole, as well as the ability to leverage the \nknowledge that is out in the National Labs. And so those are \nsome of the smartest people in the world, and that they work on \nmultiple problem sets as it relates to the energy sector, they \nare always thinking about what is over the horizon, what is \nnext, and also trying to fix what is actually happening today.\n    So I believe that the way that the Secretary\'s priorities \nare set up, the experience that is there at DOE, and then \nleveraging what is happening in the National Labs, that is why \nyou trust us to be the sector-specific agency in this area, and \nthat is why we are providing that leadership.\n    Mr. Latta. Well, thank you very much.\n    And, Mr. Chairman, my time is about to expire, and I yield \nback.\n    Mr. Olson [presiding]. Thank you.\n    The Chair now calls upon the gentleman from California, Mr. \nMcNerney, for 5 minutes, sir.\n    Mr. McNerney. I want to thank the chairman for that.\n    Mr. Olson. You are welcome. We will see if the Astros beat \nthe Dodgers again this year. So----\n    Mr. McNerney. We will see.\n    Ms. Evans, I thank you for testifying. And you have only \nbeen there a month, so I understand that that presents \nchallenges.\n    And I want to follow up on my colleague Bob Latta\'s comment \nabout the Grid Innovation Caucus. And the purpose of that is \nreally to educate Members of Congress about the challenges and \nopportunities in the grid, but also to put forth legislation.\n    Bob mentioned one. I am also going to mention H.R. 5240, \nthe Enhancing Grid Security Through Public-Private Partnerships \nAct, that provides cybersecurity training to electric utilities \nand promotes sharing best practices and data collection in the \nelectric sector.\n    Now, in conversations with utility executives, I have heard \nthat there is a big bottleneck in sharing information, security \ninformation, with the utilities because their security people \ndon\'t have security clearances, and it is taking them a year, \nyear and a half, to get those clearances.\n    Do you have a plan to expedite the clearances of utility \nexecutives and utility security people so that we can get \ninformation to them on a timely basis?\n    Ms. Evans. Well, I appreciate that question on security \nclearances. And I am going to answer it a little bit \ndifferently versus saying that I am going to expedite out the \nclearance process. Those of you that are involved in that know \nthat that can be quite the challenge, if I were to agree to try \nto expedite that.\n    What I really am trying to do and what the vision of this \noffice is is to take information that is informed by \nintelligence, threat intelligence types of things, things that \nare classified, overlay it on what is here, and then take it so \nthat it can be actionable out by the utilities.\n    So you don\'t necessarily have to have the classified \nbackground behind it. A lot of times, especially when you are \nworking out there--and I come from an ops background--you \nreally want to know what you are supposed to do; the why can \ncome a little later on. A lot of times, you have to respond \nimmediately in a situation. You want to know what the actions \nare that you need to take. That doesn\'t necessarily have to be \nclassified.\n    And that is what I view my office as being able to reach \nout, share that information with our partners, and be able to \ngive them the actions that they need to take that is informed \nby the government-as-a-whole approach.\n    Mr. McNerney. OK. That sounds good. How far along are you \nin that process?\n    Ms. Evans. I actually have some things I hope within the \nnext 120 days that I will be able to share with industry \ndirectly that they can start taking some action. There are some \nthings I am doing that they should be implemented here shortly, \nand I think that they will be surprised when they see it. And \nthere are some basic things that they can do now in basic \nhygiene that, when they see the visualization of that, they are \ngoing to be surprised.\n    Mr. McNerney. Well, I look forward to hearing from the \nexecutives and utility people----\n    Ms. Evans. Yes. OK.\n    Mr. McNerney [continuing]. What they think of the plan, and \nI will be glad to share that with you.\n    Ms. Evans. That would be awesome. I am looking forward to \nworking with you on that.\n    Mr. McNerney. Now, how does CESER monitor or plan to \nmonitor cyber attacks?\n    Ms. Evans. So there are several different things that are \nalready under way that CESER is looking at, as far as the \ninfrastructure. The vision that we have for this office, \nseveral of the tools that are already in place, several of the \nprojects that they already have--which I am sure you are \nfamiliar with CRISP. Also included in my testimony we talked \nabout CYOTE, that particular project.\n    The way that we look at how we are going to do this is, for \nexample, in the operational technology world, you know exactly \nhow things are supposed to respond. So the idea is to manage by \nexception. So, as you pick up exceptions, then working and \nputting together a model, you can put sensitivities to that, \nand that would then show anomalous behavior.\n    Based on then feeding it with information that is coming \nfrom multiple areas, especially intelligence, we will be able \nto tell if that is something that is just--so we talked about \nthe supply chain and all these other types of equipment. We \nwill be able to tell by the data if something is actually \nhappening, if somebody is in the network or if it is an \nequipment malfunction, or what is actually happening, by \noverlaying this data.\n    Are we there now? No. We have several of these pieces in \nplace that are----\n    Mr. McNerney. So you are basically using big data and \nalgorithms, or will be. So that is----\n    Ms. Evans. We will be. That is why there are different \npieces----\n    Mr. McNerney. Again, I will look forward to hearing more \nabout that.\n    And I have time for one more question. You may not have \ntime to answer it. Do you feel confident that our utilities are \nadequately prepared and protected from Russian and North Korean \ncyber attacks to prevent massive blackouts or credible enough \nthreats of massive blackouts to make our Nation vulnerable to \ncyber blackmail?\n    Ms. Evans. So, since you asked me do I feel confident, the \nanswer would be no.\n    Mr. McNerney. Thank you.\n    I yield back.\n    Mr. Olson. Thank you.\n    The Chair now calls upon the gentleman from Secretary \nEvans\' home State of West Virginia, Mr. McKinley, 5 minutes, \nsir.\n    Mr. McKinley. Thank you, Mr. Chairman.\n    And I would be remiss if we didn\'t go back and remind the \nchairman, when she was being introduced, that she is a good \nWest Virginia native and graduated WVU and is a staunch \nMountaineer fan.\n    Ms. Evans. Yes, I am.\n    Mr. McKinley. So thank you. Thank you for coming here to \nthis.\n    I am curious about a few things primarily dealing with the \nreliability, because the question you just heard from \nCongressman McNerney about the capability of meeting the \nchallenges we face. And the President has been wrestling with \n202(c) or Defense Procurement Act as a way of addressing that.\n    Can you give me an update on maybe what is happening in \nthat arena, for everyone to understand that we may be having \nquite a few power plants shut down prematurely without having \n202(c) or the Defense Procurement. So if you could give me a \nlittle update, if you could?\n    Ms. Evans. I actually can. Thank you for that question. \nSecretary Perry was speaking yesterday about this exact issue. \nAnd what he said was that he does not have anything new to \nupdate at this time, that this is still a policy that is being \nreviewed by the White House.\n    Mr. McKinley. OK. But building off that--and we talked \nabout the ISO New England, the problems they are having there \nin getting power, not only the importing--as you are probably \nfamiliar, that they are importing from Canada 73 gigawatts of \npower into New England.\n    Do you dispute that number? Or do you think that number \nis--that is the number that has been published, 73 gigawatts. \nThat is essentially--for people to understand what that means, \nthat is about 100 power plants that don\'t exist in New England, \nas we rely on importing power from Canada.\n    Is that about correct, the 73 gigawatts?\n    Ms. Evans. I don\'t have the exact numbers in front of me. I \nam happy to take that question back and----\n    Mr. McKinley. If you would, please.\n    Ms. Evans. Yes.\n    Mr. McKinley. Because, we are trying to be energy-\nindependent. And we have a section of the country that has some \nissues about being able to meet the challenges, whether that is \nfrom hacking or internally. So we are depending on now \nimporting.\n    So let me ask another question, then, with that \ndependability. And McNerney was just talking about Russia. \nIsn\'t it accurate that New England was getting its natural gas \nthis past winter from Russia? From an LNG tanker that was in \nBoston Harbor?\n    Ms. Evans. I don\'t know the answer to that question, sir, \nand I would be happy to take that back as well.\n    Mr. McKinley. Well, I have the answer.\n    Ms. Evans. OK. There you go.\n    Mr. McKinley. So, yes, the answer is yes----\n    Ms. Evans. OK.\n    Mr. McKinley [continuing]. It was.\n    And so it is a matter--if we are going to be energy-\nindependent and we are going to make sure that we have the \npower necessary for that New England area, we have two issues: \nAre we going to continue to import gas from Russia, and are we \ngoing to import power from Canada?\n    So that is why I think it is so important that the White \nHouse and others move on this 202(c) or Defense Procurement Act \nto protect our grid system. Because I think we--reports we have \nhad from National Energy Technology Lab, NETL, have indicated \nwe are prematurely shutting down too many of our coal-fired \npower plants, and we are headed into a blackout, possibly this \nwinter, as a result of it.\n    Do you have anything to update us on alternative measures \nthat might prevent that from happening?\n    Ms. Evans. No, sir, I don\'t. But I will take back your \nconcern and elevate it to my leadership so that they know \nexactly what the issues are that you are bringing up so that I \ncan make sure I can feed into the policy process.\n    Mr. McKinley. If you would, please, pass that on----\n    Ms. Evans. Yes, sir.\n    Mr. McKinley [continuing]. To Secretary Perry, and tell him \nwhere it is coming from.\n    Ms. Evans. Yes, sir, I will.\n    Mr. McKinley. Thank you.\n    I yield back.\n    Mr. Olson. Thank you.\n    The Chair wants to remind my dear friend from West \nVirginia, our witness, Secretary Evans, this weekend the \nMountaineers are going to Lubbock, Texas, to play the Texas \nTech Red Raiders. And my warning is, they have got this symbol; \nit is called ``guns up.\'\' They score a touchdown, they get \ntheir guns up. You all are going to see a lot of guns up in 60 \nminutes in Lubbock, Texas.\n    The Chair now calls----\n    Ms. Evans. As you know, I am really constraining myself not \nto respond to that, but that is OK.\n    Mr. Olson. It is football in Texas. Feel free to fire back.\n    Ms. Evans. No, that is OK. But we are Big 12. It is good. \nIt is all good. It is OK. We are doing well. Our team is doing \nwell.\n    Mr. McKinley. Where are they ranked? What, 25th?\n    Mr. Olson. Twenty-five versus 12. Get your guns up.\n    The Chair now calls upon the gentleman from South Carolina, \nMr. Duncan, for 5 minutes of questions.\n    Mr. Duncan. Go, Tigers.\n    Secretary Evans, I first want to thank you for your \nresponse to Hurricane Florence. I know there were over a \nmillion power outages across the Carolinas, and you and your \nteam were extremely responsive both during the preparation and \nrestoration process. Duke Energy serves much of my district, \nand I have heard from them many positive things about your \nengagement. So I want to applaud you on that.\n    I also want to thank you, both you and Secretary Perry, for \nyour leadership in creating the new CESER program. Protecting \nthe grid against cyber and EMP attacks should be a priority. \nMany Americans fear the potential of an attack given the \nvolatility of players such as Iran, Russia, and North Korea.\n    Over 5 years ago, the U.S. DOE and the industry, with \nindustry matching over 80 percent of the funds, established at \nClemson University perhaps the world\'s largest, most capable \nelectric grid emulator. This 20-megavolt-ampere facility, \ncalled the Duke Energy eGRID, is providing a platform for \ninnovating and validating and testing multimegawatt electric \ngrid components in real grid conditions without the risk to the \ngrid.\n    This capability is needed to facilitate the rapid \nintroduction of new technologies into our Nation\'s electrical \ninfrastructure. It is also a prime example of public-private \npartnership working to develop advanced technologies to protect \nagainst evolving threats.\n    The folks at Clemson worked closely with the utilities. \nDuke is a partner. They worked close with industry, National \nLabs, and other universities and the DOE to accelerate the \nmarketing of new technologies.\n    Are you familiar with the eGRID down there in Charleston?\n    Ms. Evans. Yes.\n    Mr. Duncan. Have you visited that in North Charleston?\n    Ms. Evans. Not yet.\n    Mr. Duncan. OK. I want to invite you to do that. And I \ninvited Secretary Perry as well.\n    I am concerned with the grid being able to withstand \nattacks such as an EMP or cyber attacks, supply-chain attacks. \nAnd I realize you just started at the DOE, but I am interested \nto know how the DOE plans to address these important critical \nissues.\n    Ms. Evans. I appreciate the opportunity to answer that \nquestion.\n    I am in the process of looking at many of the things that \nare in place. This office was set up specifically to deal with \nthose concerns. And Congress has given us that authority, as \nthe sector-specific agency, to really embrace that and to go \nfull-force into that.\n    My office, in conjunction with other offices within DOE, \nreally are looking at how do we need to do that, what are the \nright investments as we are going forward, what is the right \nresearch and development as we are doing that. There are many \nprojects that are already in place with the National Labs. It \nis my intention to leverage those results and implement them.\n    And so I am of the mindset that my office is about the \nimplementation and working with industry to get it implemented \nand then distributed through industry so that they can benefit \nfrom the results of all that research and make sure that it is \nactionable so that it can go out there so that the grid and our \nenergy sector is resilient and then can withstand--the \nSecretary has told me that his highest priority and his biggest \nconcern is that, when a natural disaster is happening, that we \nwould also have some type of disruption in the technology and \nthat we would be able to discern between the two if they are \nrelated or if it is our adversaries taking advantage.\n    And that is what I really look at as the highest priority, \nto be able to implement that technology and be able to provide \nthat information up through the appropriate mechanisms so that \nthe Secretary and DHS and the administration is properly \ninformed so that they can make those decisions.\n    Mr. Duncan. I used to serve on the Homeland Security \nCommittee, and since I have been in Congress, there have been \nseveral attempted attacks on transfer stations, substations, \ndifferent things. We have gotten lucky, in that supposed \nattackers didn\'t realize diesel fuel didn\'t explode, et cetera.\n    Those type of physical attacks on our electric grid are \nvery difficult to predict and protect against. We can\'t monitor \nevery substation and what not. What sort of work is DOE doing \nin that regard?\n    And we know all about the cyber stuff, but these are \nphysical attacks. It would just take a simple explosive device \nand--so have you all thought about that? And what, working with \nHomeland Security, are you doing about it?\n    Ms. Evans. So the short answer is yes. And the ISER group \nthat is in my responsibility does exercises. And so we heard a \nlittle bit about the Clear Path IV exercise. The idea is to \ndevelop different scenarios around those so that, as it is \nbeing executed, what are the responses, have we thought about \neverything.\n    And so, when you do those exercises--and there are \nexercises coming up, like Liberty Eclipse, and there are things \nwe are doing with NERC, as the GridEx. Those exercises, they \ninform the ability to actually respond. So the idea is, OK, we \nall have a plan, but you want to exercise the plan before you \nactually have to do the plan and respond to the plan.\n    So that is what that group does. The idea is to expand out \nthose exercises. And as we hit the basics, then it is to \ncontinue to expand those out so that those lessons learned are \nthere in the response plan and that we share that. That is \nexactly why we do the exercises with State, local, and our \ngovernment partners, as well as industry.\n    And that was the uniqueness of that Clear Path IV, was that \nindustry was involved in that, and it was done out in \nWashington State. Because it is one thing if you do it in DC; \nit is another thing if you are doing it across the country and \ninvolving all the State and local partners as well as the \nindustry. Because those lessons learned, the communications, \nthe issues that you brought up earlier, if we see gaps, we \ndon\'t want to be in the actual incident when we are identifying \ngaps that we need your help with.\n    Mr. Duncan. All right.\n    Well, my time has expired, but I will remind the committee \nthat things that can affect our grid system can be both manmade \nand natural, so hardening the grid is important.\n    With that, I yield back.\n    Mr. Olson. Thank you.\n    The Chair now calls upon the gentleman from New York, Mr. \nTonko, for 5 minutes.\n    Mr. Tonko. Thank you, Mr. Chair.\n    And, Assistant Secretary Evans, congratulations on your \nconfirmation, and welcome to the committee, and thank you for \nyour testimony.\n    Obviously, we have not faced the full consequences of a \ncyber attack on the grid yet, but we do continue to experience \nmajor electricity outages and energy disruptions due to natural \ndisasters. I want to ask about what you see as the mission and \nrole of your office in the future.\n    There has been a lot of emphasis on cybersecurity today, \nand rightfully so, but it is my understanding that the office \nis also responsible for emergency response, including those \nfrom natural disasters. Is that indeed correct?\n    Ms. Evans. Yes, sir.\n    Mr. Tonko. And earlier this Congress, Assistant Secretary \nWalker of the Office of Electricity, testified about the work \nbeing done by his office in the wake of Hurricane Maria in \nPuerto Rico. Now, has CESER played a role in the Maria response \nor preparation against future energy disruptions in Puerto Rico \nover this past year?\n    Ms. Evans. Thank you for the question. And before the CESER \noffice actually was formed, a lot of the functions that we are \ntalking about as the exercise capability that we have as well \nas the emergency response capability all belonged and were all \nin one office, which was where Secretary Walker is, in the \nOffice of Electricity. When CESER was formed, those moved over. \nSo my office has cybersecurity, energy security, and emergency \nresponse.\n    So in the case of Puerto Rico and Maria, my office is \nresponsible for the activities that happen when we activate our \nemergency response, the RES-12 under the National Response \nFramework. So, for example, this go-around with the hurricanes, \nit is my office that goes and mans down in FEMA, that goes out \nto the regions. We have very specific response capabilities, \nincident response capabilities that we do in natural disasters.\n    When we move into the recovery phase, and that is what is \nhappening right now down in Puerto Rico, Assistant Secretary \nWalker continues that effort. He was just down there for the \nanniversary, was looking at everything that is there, and he is \ninvolved in the recovery aspect.\n    So when you look at how our offices work together and where \nthat separation is, we do the emergency incident response type \nof capability. We are down there. We are embedded with the \nStates. We work with FEMA. We are over at the national center \nthere, and all the information goes up. When it shifts, where \nwe are right now, that is when it then shifts back to Assistant \nSecretary Walker\'s office.\n    Mr. Tonko. OK. Thank you.\n    And I know that earlier there were questions about \nHurricane Florence. So in this cross-pollination between the \ntwo offices, have there been lessons learned or experiences \nfrom Maria from the Puerto Rico experience that helped or \ninfluenced your responses in some way with Florence?\n    Ms. Evans. I would say that based on the way that Assistant \nSecretary Walker handled that, he has been instrumental in \nbringing up the CESER office. And his interactions of what he \nhas done and how I have been able to be brought up to speed so \nfast is based on those lessons learned of where they clearly \nsee the delineation between the two offices.\n    So, again, this is a secretarial priority. Assistant \nSecretary Walker and I really have worked that out. We continue \nto work it out. But his office is very strategic in looking at \nhow you are doing different things; and then my office, it \nfeeds directly into my office for lessons learned impact, and \nthen we implement from a tactical standpoint.\n    Mr. Tonko. Thank you.\n    Robust cybersecurity requires significant financial \nresources and new and advanced technologies. But we know there \nare many small utilities with limited resources that might not \nhave the same technical capacity as their larger components. \nDoes DOE have a plan, a technical assistance program or funding \navailable to assist these smaller utilities such as a public \npower authority, a small public power authority, or a rural \ncooperative?\n    Ms. Evans. I would like to take that question for the \nrecord because I am unaware of the specifics, but--and I would \nlike to get back to you on that specific question.\n    Mr. Tonko. If you would, please. That would be very \nhelpful, because they obviously could be impacted by some very \nsevere disasters, and that assistance would play a major role \nin their responsiveness.\n    So thank you again for your response to the questions.\n    Mr. Olson. Thank you.\n    The Chair now calls upon himself for 5 minutes.\n    And, again, welcome, Secretary Evans. I can assure you \nthere will be no talk about football, Texas Tech versus West \nVirginia this Saturday. I won\'t talk much about cybersecurity. \nThat is important, but I do want to focus on natural disasters \nand specifically hurricanes.\n    As you know, my home State of Texas is a cornerstone of \nAmerica\'s energy production and security. The Greater Houston \nis a cornerstone of this cornerstone. We produce the bulk of \nthe oil that is refined and used here in America, and we also \nhave a launching port through the number one exporting port in \nAmerica, the Port of Houston, for this energy to head overseas \nand change the world.\n    Hurricane Harvey hit us 13 months ago, hit us twice. It \nwasn\'t a windstorm. It wasn\'t a storm surge. It was a rain \nevent, almost 4 feet over all of southeast Texas in less than 2 \ndays.\n    I know your organization is new. You have been on the job \nfor 4 weeks, but could you talk about what you have all learned \nwith Harvey, Maria, Irma, and now Florence, what those lessons \nare? And also, after a storm, do you all do some after-action \nreporting and include all the players, the State, the \ngovernment there in the State, the counties, the cities, the \nfirst responders, and private parties who are involved in the \nrecovery from these storms? What is your sort of plan there, \nwhat you have learned so far?\n    Ms. Evans. Thank you for the question. It is my \nunderstanding that after-action reports are done. After-action \nreports were done after last year\'s Harvey, and I do know that \na lot of the lessons learned were specifically discussed on the \ncoordinating calls with our industry partners.\n    And it was highlighted very early on, specifically, about \nthat this was going to be a one-two punch very similar to \nHarvey, and that they were more concerned about the flooding \nand the aftereffects of the hurricane. And so the utilities as \nthey were on the calls, because of those lessons learned, did \npreposition over 40,000 workers before the flooding happened \nbecause they knew what would happen about the roads and how \nthings would be. And so that happened.\n    Additionally what happened because of things that happened \nthere that they applied this year is there were things that \ndealt with, once the power company went in, they were looking \nat one set of power lines, and the telecommunications companies \nthen would go in and they would cut lines because they weren\'t \nsensitive.\n    So what happened this year in this particular case is that \ninformation was conveyed. This was lessons learned. So the \nutility companies told exactly the telecommunications companies \nwhere they were going, what the plans were so the \ntelecommunications companies could follow right behind the \nutility companies. So as the power came up, communications came \nup. That was a direct lessons learned from Harvey last year.\n    Mr. Olson. Well, thanks, I have a question.\n    You also brought up drones in a hurricane, natural disaster \nearly in this hearing. Drones played a big role in Harvey as \nthe storm hit, quick recovery. For example, the mayor of \nMissouri City wanted to fly a drone over--he had heard a levee \nwas having problems with a bubble in a big subdivision. It was \nabout to burst. There were rumors it didn\'t, but he was \nconcerned. He couldn\'t fly his drone because it was--airspace \nwas controlled by the Coast Guard. It took him 1 day with this \nlevee about to break maybe and flood all these homes to finally \nbe able to fly his drones.\n    So my question, I know it is not your jurisdiction per se, \nwhat is your role in these drones over these disasters? What is \nDOE\'s role here? Can they help out Missouri City and have them \nfly those drones quickly to save people in need in a time of \ncrisis?\n    Ms. Evans. So as the sector-specific agency, when \nespecially that was discussed as another lessons learned that \nhappened from last year, that the drones would be critical, and \nthen there is a lot of information that we have from our own \nmodeling that we share with utilities companies.\n    But that issue was raised early, and because the \ncoordinating councils are cochaired with our industry partner--\nour industry partners as well as our government partners, as \nthat issue is raised, we have a mechanism then to feed it back \nin before it becomes a crisis. So the things that you are \ntalking about, there was a working group already established--\n--\n    Mr. Olson. Great.\n    Ms. Evans [continuing]. Before the incident happened so \nthat they could get approval and be able to use the drones for \nthe recovery mechanism.\n    Mr. Olson. The final question is about reliability and \nemerging threats. In Texas, we have had some blackouts in the \npast. The big year was 2011. That February we had rolling \nblackouts because of two power plants in Dallas area had some \nwater pipes frozen, had to have rolling blackouts. That same \nAugust, this extreme heat wave, same thing happened across the \nState.\n    As you know, when blackouts happen, even rolling blackouts \nfor a short amount of time, people are exposed to death \nsituations, mostly senior citizens and young kids who can\'t \nhandle extreme heat or extreme cold, and we have to take this \nvery seriously.\n    I know they are expecting a thing called the GridEx \nexercise. Could you talk about your work with industry and NERC \non preparing for a grid emergency like we had in Texas in 2011?\n    Ms. Evans. I appreciate the question. I know that we have \nthe GridEx exercise. Again, that information feeds back into \nwhat DOE does, what--any gaps that they would see in DOE\'s \nability as the sector-specific agency to be able to deal with \nthat. I am actually getting ready to go out to the NERC event \nand what they are doing with GridEx again this year, so I will \nbe there. I will have firsthand out at that group.\n    Mr. Olson. Great.\n    Ms. Evans. But there are other things that DOE does that \nfeeds back into what NERC does too as the Electricity ISAC, and \nso there are tools that we have, there is modeling that we do. \nWe have eagle eye that looks at everything. We also then have \nthe CRISP program that feeds that.\n    The idea in the long run is to be able to start putting \nmore of this data together so that it can go out through the \nEnergy ISAC that NERC does manage so that they can get that \ninformation then down to the utilities. So as you are looking \nat natural disasters or other types of things, again, I am \ngetting back to we have to give them actionable information \nthat they can share through their partners so that they can \ntake the appropriate actions.\n    Mr. Olson. Thank you. My time is expired. Enjoy your time \nwatching the football game from Lubbock, Texas.\n    Ms. Evans. Thank you.\n    Mr. Olson. The Chair now calls upon the gentleman from \nOhio, Mr. Johnson, for 5 minutes.\n    Mr. Johnson. Thank you, Mr. Chair.\n    And, Assistant Secretary Evans, thanks for being with us \ntoday. Let me try to dodge my colleague here to make eye \ncontact with you.\n    Decisions made by different agencies across the Federal \nspectrum can impact our electric grid and specifically impact \nhow our grid operators, generators, and grid-related devices \neffectively perform and communicate with one another. For \ninstance, the electric utility industry has added and is \ncontinuing to add data and networks along its infrastructure to \nbolster its reliability.\n    This continual addition of new technologies and \ncommunications networks can fall into multiple agencies across \nthe Federal Government and commission jurisdictions, some of \nwhich are not typically involved in the oversight of our \nelectric grid. So that is why I am interested in the Tri-Sector \nExecutive Working Group, which is meant to manage risk across \nenergy, telecommunication, and financial sectors. Can you tell \nme a bit more about this work?\n    Ms. Evans. Yes, sir. I appreciate the question on the Tri-\nSector Working Group. We just held our first meeting all \ntogether last week. And so the idea behind that, that was a \nrecommendation that came from the President\'s working group on \nthat on infrastructure and recognized the complexity of those \nthree and the interdependency.\n    So from a Federal Government standpoint, you have \nDepartment of Transportation, Department of Energy, and \nDepartment of Homeland Security representing that. And then we \nhave the utilities, which is also the same group that is \nleading our Electric Subsector Coordinating Council; and then \nyou have the financial sector, which is also the ISAC for that, \nwhich is then JPMorgan is the lead on that as well; and then \nyou have Telecom, which was AT&T.\n    So we were there. The idea is really to, OK, we need to \nknow what is critical in those areas for what is the basic \ntypes of operations we are talking about, the modeling of what \nit is going to take for the North American grid so that we can \ndeal with these issues and where are the interdependencies, and \nthen utilize that from the government approach back. And, \nagain, that gets back to our original question, if we see that \nthere are any gaps in those authorities, then we will raise \nthose through the appropriate policy mechanism and go to our \nrespective committees.\n    Mr. Johnson. OK. Do you believe further communication \nbetween different facets of the Federal Government are needed \nto ensure that our grid is secure, especially as utilities \nincreasingly look at their own communication networks to add \nsecurity and up to the second situation on awareness over their \ninfrastructure?\n    Ms. Evans. I appreciate that question. And as we continue \nto do this work and as we continue to improve the modeling that \nwe are doing, I am sure we are going to show interdependencies. \nI believe that the framework that is in place right now allows \nus--especially with the President\'s release of the National \nCyber Strategy--allows us the mechanism if we were to identify \nthose as we do the work to bring those up accordingly through \nthe administration and be able to identify those policy gaps.\n    Mr. Johnson. OK. In December 2016, the Department of Energy \nand the National Association of State Energy Officials \ncosponsored Liberty Eclipse----\n    Ms. Evans. Yes.\n    Mr. Johnson [continuing]. A regional energy assurance \nexercise to promote State and local level preparedness and \nresilience for future energy emergencies stemming from a cyber \nincident. So, Ms. Evans, why are exercises such as Liberty \nEclipse beneficial for coordination between Federal, State, and \nlocal governments?\n    Ms. Evans. I find that the exercises are critical. As I \nmentioned earlier, we believe, when we put together a plan, \nthat we have identified what all the contingencies are. But \nwhen you put together a plan, you don\'t know what you don\'t \nknow until you actually exercise the plan. And the emergency \nwhen it is happening is not the time to exercise the plan.\n    And so these exercises, Liberty Eclipse, which we are \ngetting ready to do another exercise on that, identify any gaps \nthat are the issues that you are raising right now, either \nbetween the Federal Government going across or down with our \nState and local partners or across with industry.\n    Mr. Johnson. Were there any lessons learned from that \nexercise, and have any of them rendered any improvements?\n    Ms. Evans. There were lessons learned, and it is my \nunderstanding that those lessons learned, the plans have been \nupdated, and they are now going to be exercised again in this \nnext exercise of Liberty Eclipse to see if they were adequately \naddressed and if any new gaps or any other new lessons need to \nbe applied and updated as we go forward. So that is happening \nin this next exercise that we are doing of Liberty Eclipse at \nthe end of October.\n    Mr. Johnson. Great. All right. Well, thank you.\n    Mr Chairman, I yield back.\n    Mr. Olson. Thank you.\n    The Chair now calls upon the gentleman from Oklahoma, Mr. \nMullin, for 5 minutes.\n    Mr. Mullin. The great State of Oklahoma. Great State.\n    Mr. Olson. A good State, not the greatest.\n    Mr. Mullin. Thank you, Mr. Chairman.\n    And, Ms. Evans, thank you so much for being here. It is \nalways impressive when you see individuals come in here well \ninformed and knowing the issues, so thank you for taking the \ntime to get here.\n    Recently, there was a tragic explosion in my district at a \ndrilling rig, and I am pretty sure you are aware of it. A \nquestion that I have is--which I really don\'t like the acronym \nCESER, but I guess that is how you pronounce it--what role does \nCESER have in assisting the U.S. Chemical and Hazard \nInvestigation Board in their investigation and response?\n    Ms. Evans. So it is my understanding that as a sector-\nspecific agency and the way that we roll things down in an \nemergency response, that we would provide information to the \nappropriate agency and the appropriate board.\n    Mr. Mullin. What kind of information are you providing for \nthem?\n    Ms. Evans. What comes up through the channel, if there are \nconcerns that come directly from the industry, if there are \ntypes of information. I do not have the specifics on that one, \nbut I do have the specifics, well, like, for example, when the \nMassachusetts one came up. And that is it comes up through us, \nbut Department of Transportation is actually on the call. So \nthey then share the information of what they are working with \nwith their board, and they share it out with the other group, \nthis is the initial findings, this is what we have at this \npoint.\n    If there is anything that we need to do from an energy \nsector role, then what we have to do is raise it back, and we \neither share it with our sector or I have to raise it up to my \nmanagement if a policy decision needs to be made.\n    Mr. Mullin. Do you share that information with the public, \nif there is reason to be sharing, or is that someone else is \nsharing that information?\n    Ms. Evans. As a sector-specific agency, we share \ninformation with our appropriate sector. Depending on how that \ninvestigation is done, so like in the case of the Massachusetts \none, Transportation would then share that because they would be \nthe appropriate agency to share the information with the \npublic.\n    Mr. Mullin. So you are assisting the Transportation----\n    Ms. Evans. Yes. And so the other thing that I have learned \nthrough this is is that the biggest thing that all of us have \ndone in this sector is making sure that the information is \nshared so that there is unity of message so that we all have \nthe same information----\n    Mr. Mullin. Right.\n    Ms. Evans [continuing]. So that that way we are not saying \ndifferent things from a different vantage point but that the \ninformation is consistent.\n    Mr. Mullin. So who is coordinating that response and that \ninformation, the flow of information? Who is gathering it and \nputting it in the right hands? Is Transportation leading that \ntoo?\n    Ms. Evans. In the case of what happens here in the energy \nsector, they have associations, and as it relates to what \nhappens and they send it out through industry, we share the \ninformation with them and then their industry associations then \ndistribute it.\n    In the case of the Federal Government, if Transportation is \nthe lead, we would feed into the Transportation type of \ninformation that would go up and then that secretary would be \nthe accountable person.\n    Mr. Mullin. Does that information flow freely or is that \nonly when they specifically ask for the information?\n    Ms. Evans. Based on my experience and based on the way that \nI am going to work this office, the information will flow \nfreely.\n    Mr. Mullin. Freely. So you will have a point of contact?\n    Ms. Evans. Absolutely. I already have contacts now.\n    Mr. Mullin. OK. Great.\n    As far as the briefings, because we do understand between \ncyber attacks and vulnerability of our electrical grid and just \nthe oil and gas industry in itself, how often do you brief \nindustry as far as security issues? Do you plan on briefing \nthem, and if so, traditionally how often does that briefing \ntake place?\n    Ms. Evans. It is my understanding the way that the \ninformation flows specifically about what you are asking is is \nthat we as DOE provide information--and this is the question \nthat was asked earlier about our relationship with NERC. And so \nNERC is directly tied into a lot of the tools in the modeling \nand the CRISP project that we were talking about. That \ninformation then informs the ISAC, and so they get that. They \nare tied directly into that platform, and so we are providing \nthat information to them on a daily basis. Based on that \ninformation, they then distribute it down to the energy sector \nthrough the ISAC, and that is what the ISAC mechanism is set up \nfor.\n    Mr. Mullin. Are you doing specific classified briefings \nwith industry when it comes to this?\n    Ms. Evans. I would have to take that back for the record \nand find out what is the history associated with what types of \nbriefings that we have done as a sector-specific agency with \nthem.\n    Mr. Mullin. Appreciate it. I am out of time. Thank you so \nmuch for being here. Appreciate it.\n    Mr. Olson. Thank you.\n    The Chair now calls upon the gentleman from the great State \nof Michigan, Mr. Walberg, for 5 minutes.\n    Oh, I am sorry. Mr. Kennedy slipped in behind me. I\'m \nsorry, Mr. Walberg.\n    The great State of Massachusetts, Mr. Kennedy, for 5 \nminutes.\n    Mr. Kennedy. Thank you very much, Mr. Olson.\n    Madam Secretary, thanks for being here. I am going to build \na little bit off of my colleague Mr. Mullin\'s questions, \nprobably not surprisingly, with regards to emergency response.\n    I am from Massachusetts. There has been an awful lot going \non there in the past couple of weeks. I know you touched on it \nbriefly or it was touched on a little bit earlier in the \ntestimony, and I wanted to drill down on this a little bit.\n    So understanding that circumstances evolving and ongoing, \nbut we had an overpressurized pipe result in rupture over 80 \nexplosions, people that are still displaced from their homes, \nand gas that is apparently not going to get fully restored to \nthe area until potentially mid-November, trying to figure out \nwhat happened. And it would be helpful for me to get a sense as \nto what oversight role you play in this, what the status of the \ninvestigation is, and what update you can give me to start.\n    Ms. Evans. Thank you for that question. And what did happen \nwith that and what is our role as a sector-specific agency, so \nwe share this, this is through the energy sector, the energy \ngovernment sector, so we are partners with the Department of \nTransportation as well as the Department of Homeland Security \non this.\n    I can say, in that specific incident, because we have the \nemergency response piece, my staff called me within an hour of \nbeing notified of that. The Oil and Natural Gas Subsector \nCoordinating Council was also scheduled.\n    So within an hour of that, Department of Transportation and \nPHMSA in particular was also on the call because they are the \nindustry part, the government part. We were all on the call. \nAnd they were sharing information as they were getting it with \nthe electric sector right afterward, because we had a call with \nthem also because they all wanted to know what was going on.\n    So as that investigation continues through this mechanism \nis how the information is then shared out with the community. \nBut Department of Transportation is the lead in this particular \ncase.\n    Mr. Kennedy. And fair to say, ma\'am, just so I understand \nit, that your role in that is then focused on the emergency \nresponse for the immediate triage?\n    Ms. Evans. Yes.\n    Mr. Kennedy. And so how is it, though, to the best that you \ncan explain, understanding that is not the focus of the hearing \nbut focus for me, how is it that this happens? How is it that \nfirefighters are responding to all these explosions? There is a \nwell-publicized case, one firefighter going out, putting out a \nfire while his own home explodes.\n    How is it that--why does it take so long? I understand that \nthis had to be done manually from Columbia Gas, an alert that \nhad to take place to then have somebody actually dispatch a \nhuman being down to try to alleviate the overpressurized pump. \nIs that typical? Is that how this should operate? Are there \ngoing to be regulations that come in? Would you suggest \nadditional regulations to make sure something like this--we can \nup the preventive measures on this? How should we be thinking \nabout an appropriate response?\n    Ms. Evans. So what happens in this particular case--and I \nappreciate the question because I--there are a lot of moving \nparts to the question that you just asked. So the industry, the \ncompany would have a response plan. That response plan is \nalso--then there is a local response plan as well as then a \nState response plan. And I know this sounds like there are a \nlot of layers, but the communications does flow up pretty fast.\n    And so my office, as an emergency response piece, is \ndirectly tied into the State and local governments. And so we \ndo get notified. There is a notification that happens when \nthese things happen, and then people\'s response plans go into \nplay. And so everybody\'s response plan is then executed.\n    So I think that that is the focus of what everybody was \nasking for, do we see gaps when they happen. And I think that \nis what is still being investigated, and that is what you are \ntrying to understand right now is were those adequate plans, \nand if not, are there gaps, and then they have to feed back \ninto the process that we have, because if you need a Federal \nresponse, it has to come up so that we can be able to respond.\n    Mr. Kennedy. And I appreciate that. I am also wondering if \nthe scope of the regulation is such where an accident like this \ncan happen, right, and understanding the--we are still trying \nto investigate exactly what happened and how, but that there \nare going to be people that are without their homes in \nGreater--or without heat and hot water in their homes in \nGreater Boston through mid November if this is done on \nschedule, should we allow that? Is that a permissible response \nto say, it is OK for folks to be dislocated from their homes \nfor 6 to 8 weeks?\n    And if not, why--if the company was actually in compliance \nwith the regulatory environment that--the existing regulatory \nenvironment, why is that part acceptable? Because I have got \ntwo little kids under three. This doesn\'t affect me, but I \nwould imagine that for a family trying to heat their home with \nspace heaters, that some of these homes that is not even \nadequate, for 2 months becomes a real challenge.\n    And Columbia might be doing the best they can to replace \nhundreds of miles of pipeline, but something fell through the \ncracks here in a pretty big way without yet a conversation as \nto how do we make sure that such an incident like this, the \nconsequences are going to be mitigated in the future. And so \nthat is what I would love to get your insight to where we \nshould look and how we should focus.\n    Ms. Evans. So I would like to say that until the \ninvestigation is completed, it is hard to address that \nquestion. But you are asking some broader-based questions that \nare about risk management and what is acceptable from a nation.\n    So I am going to turn back to the administration\'s national \nstrategy that they have dealing with critical infrastructure \nand in some of the things that have already been released by \nDepartment of Homeland Security, which is the risk management \ncenter.\n    So a lot of the things that you are talking about fall \nunder risk management and is it acceptable. There are things \nuntil this investigation--the results are actually out is that \nit is possible that the level of risk associated with the \ninfrastructure there is not acceptable because of the \nconsequences that the American people are now experiencing \nbecause of what happened there.\n    That data and then our analysis is going to have to feed up \nthrough the policy process about what is the right risk \nmanagement, is it going to take a regulatory change, is it a \nlegislative change, is it an investment, and that is going to \nbe a policy decision, and that is the intent. And that is what \nmy office is focused on being able to do is provide that type \nof information after this happens so that the right policy can \nbe made so we can answer that question for you.\n    Mr. Kennedy. Chairman, appreciate your patience.\n    Look forward to working with you on this issue, Madam \nSecretary. Thank you.\n    Mr. Olson. Thank you. I remind my friend too to please talk \nto FERC about pipelines as well because they are a big Federal \nagency. DOE has got a role, but FERC is a big one for \npipelines.\n    Mr. Kennedy. I am aware.\n    Mr. Olson. Yes. I just want to make sure you talk to FERC.\n    The Chair now calls upon the gentleman from Michigan, the \ngreat State of Michigan, Mr. Walberg, for 5 minutes.\n    Mr. Walberg. Well, I thank you, Mr. Chairman. And thanks to \nthe assistant secretary for being here.\n    Workforce development has become a focus here, I think, in \na very positive way in Congress, and having a well-trained, \ncertified cybersecurity workforce is a key component to our \noverall cybersecurity strategy as a nation. However, \nrecruitment and retention of cyber workers is a well-documented \nproblem, challenge, frustration, especially in the public \nsector.\n    What programs are in place that allow cyber workers in the \nDepartment to have professional development opportunities as \nwell as enhanced skill sets, and what plans do you have to add \nto that preparation?\n    Ms. Evans. I appreciate the question on workforce. This is \na passion of mine. So I am in the process now of looking at \nwhat kind of training and what type of programs are actually \navailable for my own staff to be able to go forward.\n    I did mention the cyber force effort, that competition that \nis run by the national labs. That has a lot of promise to be \nexpanded both internally as well as externally and continue to \ngrow beyond the initial view of that, because a lot of what \nthat is focused on is energy specific, and that is the baseline \nof skills that my team will have to have in order to be able to \nrespond and be able to work with the industry.\n    So there are a lot of nuances when you go through this. And \nwhen you use the term ``certified,\'\' that means a lot of \ndifferent things to a lot of different people. I would say \nright now that what we are looking at within the Department of \nEnergy is the national initiative for cybersecurity education, \nwhich is run by NIST, and making sure that our positions and \nhow we are using that framework really aligns.\n    And so I look at the structure of what we have. I am also \nlooking with the chief information officer and what they have \nin place, because if they have training programs already in \nplace, the idea is to leverage those as well.\n    Mr. Walberg. Well, that is so important, and I appreciate \nthat in talking with the private sector and their challenges in \nthe energy industry with cyber. They have been appreciative of \nthe relationship that has developed because of what we have \ndone here of having public-private sharing back and forth \ntogether. But to keep the good people that have been trained \nand to stay in the public sector is so important as well, so I \nwould encourage you, and thanks for your commitment to that.\n    Ms. Evans, I would like to follow up on Mr. McNerney\'s \nquestion earlier on. You said you were not confident that the \nU.S. electric sector can prevent a state actor attack. Would \nyou please elaborate on this a little bit further?\n    Ms. Evans. For me to have a certain confidence level of \nthat, I want to make sure that I am providing all the \ninformation that they need to have so that they can make sure \nthat they have the proper defenses in place. I know based on my \nexperience and the previous work that I have done and the \nworkforce issues that you have brought up, there are a lot of \nopportunities for the utilities to improve.\n    And I think a lot of things that are going forward, there \nare basic things that all of us have to do across multiple \nsectors as it relates to hygiene. So the more we integrate \ntechnology into what we are doing, the higher the risk it \nbecomes. And I think it really does become a risk management \ntype of approach, and the executives of those utilities as well \nas the workers need to understand what are the risks that they \nare bringing into their enterprise as they go forward.\n    I think right now that that is the dialogue that is \nhappening. I think DHS is showing the leadership with the risk \nmanagement center so that that information can then perpetuate \nthroughout the industry, and then what you are going to see is \nthose interdependencies. Right now, that whole holistic \napproach is really not understood across the industry.\n    Mr. Walberg. Thank you.\n    When the Department of Energy was organized as a Cabinet \nagency in 1977, the largest energy security concerns were fuel \nsupply disruptions, not electricity disruptions or \ncybersecurity. As you would expect, the Department\'s \nOrganization Act reflected those concerns. Times have changed, \nand we should be thinking differently about energy security and \nemergency preparedness.\n    In my bill with Ranking Member Rush, H.R. 5174, we specify \nfunctions to include emergency planning coordination and \nresponse. Could you talk about your work to elevate these \nfunctions in your new office?\n    Ms. Evans. I appreciate the opportunity. I am happy to talk \nabout that. I am currently, right now, looking at what we have \nin place, and we have, as I talked about earlier, the emergency \nresponse piece that we have, specifically associated with \nhurricanes, natural disasters is really robust.\n    What I really want to look at is the exercises and then how \ndo you continuously improve that to bring in other threat \nfactors that we have been talking about, manmade disasters, \ncyber disasters, so that same robustness and the same \nresponsibilities that we have as the sector-specific agency and \nin the National Response Framework as ESF-12 are broadened \nbased on what you envision that this office and what the \nDepartment is responsible to do.\n    So I am leaning forward into that. I am trying to redirect \nsome of the activities that we have right now. I am looking at \nseveral of the investments that we have already made to make \nsure that they capture these other pieces so that we can make \nsure that we are operationalizing those for the Department.\n    Mr. Walberg. We wish you well on that and would appreciate \nany involvement that we could have with you in identifying gaps \nand assisting in finding solutions to meet those needs.\n    Ms. Evans. I would be happy to talk to your staff about \nwhat we are doing as we continue.\n    Mr. Walberg. Thank you. I yield back.\n    Mr. Olson. Thank you.\n    The Chair now calls upon the gentleman from the \nCommonwealth of Virginia, Mr. Griffith, for 5 minutes.\n    Mr. Griffith. Thank you very much, Mr. Chairman. Thank you \nfor being here today.\n    As we change our mix in our grid, we are becoming more and \nmore reliant on natural gas, which means we have more and more \nnatural gas pipelines running across the country which are \nsubject to potential harm or attack. I do think that your \nagency is the right one to do it. The chairman mentioned a few \nminutes ago that people need to talk to FERC also, and we may \nneed legislation to make sure that we have coordination going \nthere.\n    I personally think we have given too much power to FERC as \na Congress, and we need to take some of that back anyway. But \nalong those lines, I find it interesting, because I think it \nwould be helpful in this if we looked at some of the new \ntechnologies.\n    As a disclosure, I have a Corning facility in my district, \nand they were showing me a number of their products. They did \nnot make this product in my district, but they have apparently \ngot a fiber that they can put on top of a pipeline that can \ndetect temperature change and vibrations that then shows you on \na computer if somebody is driving a truck up near the pipeline, \ngetting out of the truck, walking, starting to shovel. You can \ntell all of that from the vibrations. And if there is any kind \nof a leak, so you have got both the bad actor and then just the \nbad pipe issue, they can also--because the temperature changes \nand it can detect the temperature change, it can pick up a \npinprick leak.\n    And I am just wondering why we aren\'t asking at least on \nthe new pipelines that we are putting in for natural gas that \nwe don\'t have some kind of a technology like that so that we \ncan observe if somebody\'s trying to do something untoward or \nobserve if there is just an accident about to happen. I think \nit would behoove us to do some of that.\n    Have you all looked at any of that or is that something you \nwould be open to?\n    Ms. Evans. I would be open to doing that. Based on my \nprevious experience, I was a partner in a venture capital firm \nso I understand a lot of what you are talking about with the \nnew technologies. I would say that trying to be a little \ndisruptive that a lot of the models that are currently being \nlooked at right now are from the center going out, kind of the \ncommand and control piece. And what you are really describing \nis from the outside in.\n    Mr. Griffith. Yes.\n    Ms. Evans. And so that is going to change the architecture. \nAnd I view that that is what my role is is to be able to say, \nhey, if we agree on this, here is an architecture that we are \nrecommending so that we can then talk to industry about it.\n    Based on that, and we are looking at it from a national \nsecurity standpoint, it is my understanding the way this is \nsupposed to work--so you guys can correct me here--is is that \nthen that would feed into the FERC process, which then could \nthen do and address some of the things that you are talking \nabout, because we would show this is the modeling, this is how \nit works, here is a voluntary way that you can do it and can \nthen be built into the standards process, which would then be \noverseen by FERC.\n    Mr. Griffith. Well, and that may be, but I am not sure that \nthey are completely on board with all of this, and so I would \nbe more than happy to work with you all to see if we needed \nlegislation to just say this is where we are going to go. You \nhave to figure out first how you want to change that \narchitecture, but it does seem to me that that is probably a \nbetter way to go instead of from the central office out, have \nthe information coming in and----\n    Ms. Evans. And I will be happy to brief you as we continue \nto do this work.\n    Mr. Griffith. Yes, ma\'am. And I appreciate that. I also \nshould probably note that while I have seen this one product by \none manufacturer, I am sure there are competing interests and I \ndon\'t care which one gets picked. I just want to make sure--\nbecause I have a lot of constituents right now with two \npipelines coming through the area, one through my district, and \none through the neighboring districts.\n    There are a lot of people who were concerned about problems \nlike we heard about from the Senator from Massachusetts and \npumping stations, and they are worried about the safety of \ntheir communities and their homes, and it just seems like we \nprobably could put their minds to ease.\n    I know when I have talked about this technology with those \nfolks, they said, if only they were doing that, I would feel a \nlot better about it. They would still probably have some \nreservations, but they would feel a lot better that 20 years \nfrom now they weren\'t going to have a major problem. I thank \nyou.\n    And I yield back.\n    Mr. Olson. I thank the gentleman.\n    And seeing there are no further members wishing to ask \nquestions, I would like to thank Secretary Evans for joining us \ntoday. And I just want to remind you, if you go out to Texas \nTech this Saturday or sometime in the future to watch a \nfootball game between the Red Raiders and the Mountaineers, \nenjoy Lubbock, Texas.\n    Two things you should do out there: first of all, The Shack \nBBQ, The Shack BBQ, 2309 Frankford Avenue, Lubbock, Texas, the \nbest barbecue in the Panhandle of Texas, much better than--\nsorry--West Virginia barbecue, Virginia barbecue, North \nCarolina, Kansas City. We got the best.\n    Also, if you want to see a real tornado, Texas Tech has \nthis thing called the National Wind Institute. They have this \nmachine that generates small tornados just to study a tornado. \nSo it is kind of cool. Go see that tornado. Enjoy Lubbock, \nTexas. You have to go out there.\n    Before we conclude, I would like to ask unanimous consent \nto submit for the record the following documents: a report from \nDOE\'s Office of Energy Delivery and Energy Reliability; number \ntwo, a letter from the committee to send to Secretary Perry; \nnumber three, response letter from DOE to the committee; number \nfour, a letter to Speaker Ryan from EEI/NRECA, and American \nPublic Power Association.\n    Without objection?\n    Mr. Rush. No objection.\n    Mr. Olson. No objection. So ordered.\n    [The information appears at the conclusion of the hearing. \n\\1\\]\n---------------------------------------------------------------------------\n    \\1\\ The report has been retained in committee files and also is \navailable at https://docs.house.gov/Committee/Calendar/\nByEvent.aspx?EventID=108725.pdf.\n---------------------------------------------------------------------------\n    Mr. Rush. Mr. Chairman----\n    Mr. Olson. Yes, sir.\n    Mr. Rush. I just want to say this to Secretary Evans. It \nhas really been refreshing to hear your testimony this morning. \nYou certainly have an understanding and broad knowledge of all \nthe areas, and you have taken the time to really answer in a \nvery effective way the questions that the Members have. And I \njust wanted to ask you to don\'t get tainted by the politics. I \nthought you were a very refreshing witness, and we look forward \nto working with you.\n    Ms. Evans. Thank you, sir. I look forward to working with \nyou as well.\n    Mr. Rush. Thank you.\n    Mr. Olson. Thank you. Amen.\n    In pursuit to committee rules, I remind Members that they \nhave 10 business days to submit additional questions for the \nrecord. I would ask the witness to submit her response within \n10 business days upon receipt of those questions.\n    Without objection, this subcommittee is adjourned.\n    [Whereupon, at 11:59 a.m., the subcommittee was adjourned.]\n    [Material submitted for inclusion in the record follows:]\n    [GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n    \n    [Ms. Evans did not answer submitted questions by the \nclosing of the record.]\n[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]\n\n\n                                 [all]\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'