Early in our work with cs21, now contents identified sticks to be the best format for data. New context has begun working with the community and the industry to extend sticks for the grid. Sticks is just the first step. We need the ability to share threats automatically between organizations. Several organizations have begun but we still rely on human analysts. If there was a coordinated attack on grid the analysts would not be able to respond. We need new technology to speed up response. Discovering and ensuring threat to machine is a huge step. The first hurdle in automated response is trust by third party. We need to ensure that theres trust in remediation. Once we have been able to solve the trust, utility, National Labs and agencies can distribute remediation into the grid allowing them to rapidly respond. In summary, identity, trusted data, isolated networks, response and remediation, technologies for defense. Battlefield continues to change. We need to protect find ways to protect our infrastructure. Cost to attack them is low. Hidden tax or economy that would continue to address root cause and symptoms, investing in technology will lower cost of defense infrastructure, this would allow more innovation in our industry and allows us to build the proper framework for devices. Thank you for the opportunity to it have, i look forward to todays questions. Thank you, mr. Ridel, very important testimony. I think we looked to some of the breakthroughs that are out there and these technologies that we hope will allow for that level of protection but many, several of you spoke to the human factor and, you know, we recognize that most of the control systems today are separated from the public internet by far wall or air gap but we could see intrusions through human error whether its transferring data via flash drive from a Public Network to a secure one or vice versa, so even with all of the advances that we have had and the processes that you have mentioned, we are still in a situation where we have exposure to security breach, doctor, you mentioned the dark net and how how do we how do we work to protect the dark net from this type of of activity, the breach through, the human factor and then i also want you dr. Aerl to speak a little bit. You mentioned the Quantum Technology that i mentioned in my opening and you have suggested that a a Quantum Network will create inpenetrable shield but does that apply to Insider Threats as well. Im interested in this aspect. Technology is great, sometimes its a human factor that is our weakest link. Thank you, senator, for that question. Addressing the human link is going to be was. How do we take and do better Education Training of people who have not been exposed historically to these types of things, we have a lot of folks in the industry of providing capabilities and safety paramount but when you Start Talking about cybersecurity, its a little bit of a foreign issue in terms of the Industry Partners out there. So how do we take and raise this awareness so that, you know, they understand the threats that exist. Additionally, from a standpoint making sure that the systems are patched updated. These are mainly ittype systems that are being utilized so there are steps that can take from that standpoint to help out the industry. With regards to the dark net and concepts that are proposing here, moving the command in control, communications away from the internet, at least separates as you mentioned before air gapping, if you will, exploits that get across air gaps as we know. But having a separate control and communication capabilities via these fibers as mentioned by dr. Earl will give us enhanced capabilities to understand and immediately determine if there was any type of exploitation that may hit. As long as we can take and have that separation that we dont connect back or add additional vectors for exploitation we believe that theres addedlevel security by going through separate, secure dark fiber and advanced capabilities as well that we would implement. Let me ask dr. Earl to speak on the Quantum Technology side and the vulnerabilities there . Absolutely. So the Quantum Technology is a very powerful technology but the grid is going to require many solutions. Its just a piece of that puzzle. Qaun tomb technology solves two very important problems and its the Foundation Upon which you can build more secure grid. First to immediately detect if somebody is hampering can Communication Channels and second thing is provide inscription that cannot be broken. Quantum technology does not address that. You need that first before you can build the rest of the solution. Very quickly on Quantum Technology, how easy is it to do that . Youve got technology does the technology feed to be built into the grid and relatively added it might be easier to securing and very grid centric and very ease to retro fit. I field to my colleague for that question. Should be barred of this discussion. As you know this is womens Small Business month. The hearing is on that, i knew that you would be interested. Im sure that the subject as we talk about solutions, we do have to think about Small Business, least ability to put some of the things in place. We need to think about that. True. Thank you so much. You mentioned the cce methodology during your testimony and you provided written testimony and i havent had a chance to look at that yet, can you expand on that meth oolg . Methodology . I did, sir. That was unique Cybersecurity Innovation in april by andy bauchman, it seems to have created confusion, indeed, some might say criticism discussing whether its a process instead of Technology Innovation, can you address that, please. Cce is a step forward in some engineering processes in we look to look the right technology and implementation of cyber controls. Some of the criticism has been about some mention of using analogue devices, a step back into the stone age but in some of the cases when we can use the cce methodology to understand consequences and attack path that lead up to them, we can identify points for various different attacks and do what we call disruption zones, areas where we can place a discreet component that cant be hacked by software means. Doesnt have Software Vulnerabilities and drive that attack or work factor way up because normal methods of internetbased or softwarebased activity will be forward at that point. Once again, its not something that a national lab or provider can do. The organization thats being protected works closely to understand what those consequences are, what their engining processes are, identify those paths, work with them, who might potentially attack and what motivations there are and mitigating ideas and identify the disruption zones and implement them. We found with our partner that they felt that the entire process helped them give a different perspective. Thank you, madame chairman. Thank you, madame chair. I want to thank all the witnesses. This is great testimony across many fronts and the diversity of ideas yet cohesiveness of the ideas is so important, so i thank you for that and i i obviously want to thank for the leadership that youve helped the state of washington provide on this everything from National Guard to creating a response to the technologies that we have been able to deploy. I think when we think about these, the technology that the lab has worked on, was part of your testimony actually saved california customers 360 million plus 90 million an average savings due to improved utilization of system and make tools resilient to Cyber Threats. So we can see already theres work and application thats being done that is helping us strengthen the grid from blackouts and we need to keep going and mr. Earl, your testimony, the department of energies, electricity, cybersecurity, Energy Delivery program helped fund the work that youre doing, so i feel that one of the key aspects here is the need to continue to do r d and innovate and test and apply. I see youre all nodding on that. I guess thats what im trying to help our colleagues understand here. Sometimes i say we are in the third inning of the ball game. Here im not sure if we started the game in the context. Actually we have because its a great work that you are doing. How would you characterize where we need to go with both research, workforce and this continued collaborative effort . The context of where we are today and how this will evolve and, mr. Earl, i think you said this or radel, where are we with the level of investment and workforce and level of interconnected responses. Maybe start with you. Thank you, senator. Its a complex question. Injection of funding is adding value. In terms of good modernization, congress appropriations, that initiative is strong and moving forward at this point in time. I think one of the challenges, we have over 100 Industrial Partners working on the projects, the Publicprivate Partnership is essential. You have to have the field validation so that the people, operators, switchmen, et cetera, understand and can get their arms around the new concepts and what they bring to bear and to offer. The industry is a little challenged now because they are facing flat sales and a lot of challenges on cyber and other things. So the industry is stretched thin from a human workforce standpoint. They have a challenge adding more things under their plate and but i the manpower issue is part of that, clearly. The training and access, large number of utility workers are retiring and theres a lot of work in terms of development and and feeding the pipe for next generation whether its cyber or other grid activities. So i think its all very closely interwoven in terms of getting the workforce right, the training done and i would say that there are many some of the new topics around analytics and other things are new dimensions that need to be added, i think, to the workforce, focus that needs to go beyond enterprise. We are having a hard time keeping up with the volume of cyber analysts but they now need to have new skills in terms of analytics and other things. How do we refresh development and how do we build partnerships between public and private to train people, crosstrain existing employees or develop new staff and continue to looking for Publicprivate Partnerships and new concepts coming out of r d portfolio. Thats what it takes to get comfortable to making investments to deliver. Thank you, it might have been a complex question but you did a very good job. Anybody else want to weigh in quickly on that . I can briefly. Thank you for the question, senator cantwell, ranking, sorry. We deal a lot with our company. We are trying to hire qualified people and finding enough qualified people out there is a challenge for every organization. We try and train and make sure that everyone understands that security inside of an enterprise or corporation is not one persons ability or one persons responsibility, so the things that we look at are how do we educate our workforce, we would love to work with schools and universities to make sure theyre educating folks. I think that the thing that we try to tell enterprises as they deal with this and utilities that deal with this, that security, cybersecurity is a group responsibility, that you cannot just expect the Security Professionals to take care of this. You need to take ownership of that while you build and engine your products and so those are the things that we are looking at. The only thing i would add to that is, you know, our focus is automation. We want to be able to to be able to roll out this automation that we talked about today into the grid, but to do that, we have to be able to trust that we understand where the automation comes from, so not only do we have to make sure that we educate and bring these people to be professionals, we also have to make sure as we bring them onto our networks and as we have them work on those networks, we are able to identify those people so we can trust the information that they are giving us and trust remediations that they create. Thank you, thank you, madame chair. Senator cassidy. [inaudible] would you mind if ive got this is a cooperative committee, so if senator cassidy doesnt mind, we will turn to senator manchin. This is a great committee. Let me say quickly, the reliability of the grid system, base load, do any of you all have concerns that the base load might not be able to energized the grid or we could be in concern about a relapse or collapse . Does anybody have that concern from base load as im understanding, nuclear code, rain or shine, gas, we are depending on gas being base load now and renewables are coming on with new battery and Battery Storage that will move into that. We havent gotten there yet. You all have no concerns in different segments across the country . Pjm collapsed, you all knew that . They came going down. Anybody want to talk . So the we have seen no evidence that theres a lack of capacity to deliver in terms of Security Response and other things in the power things. Clearly there are changes in some of the resources mix and the bodies as well as the reliability counsels and all have not indicated that there is a gap that is an issue but theyre having to change some of the processes and all i think we have adequate capacity Going Forward. Cyber is what we are concerned. Im an intel and every meeting we have deals with cyber and some type of Cyber Attacks that we are getting regularly and how we can state that off. We have awful lot of coal plants and switching stations. When they produce the power coming out, goes into a switching station, puts it out on the grid. How youre saying if youre quantum you can protect that from the internet or being hacked from the internet, correct . We are definitely trying to protect the communications between the switches facilities, the substations and command centers. Its imperative that youre able to those those communications and so the channels that theyre communicating over are not defends, these might be fiber optics, you dont have complete control over Communication Channels, its important that we have technology that can ensure that communication channel is secure first. That could be retrofitted also . Specially if duck tails and you use existing fiber optic cables to basically put the system in place. Let me ask any of you all can answer the question, i have been to awful lot of power stations, the switches stations are not all that secure, if i want to do some kind of criminal act, ci walk up to it and make it happen. Have you all have you all suggested or basically lobbied for securing, making every Utility Company responsible for the securing of those switching stations . Natural gas also. We are concerned about the gas pump lines at gas stations. Youre worried about infrastructure . Yes. They are target practice opportunities. But i will say that last year, working with looking at serious of threats or coal plants and classifying the degree of consequence and risks and what other options provide security, you cant do it in every single substation or transmission power in the power system. What they are doing is putting in place a systematic process to help prioritize those risks and identify their options for protection and so that process is beginning and being well received from utility companies. You all come from the technical end can really help us. We are talking about the internet and technology and im talking about just plain attacks, criminal activities. Okay. Thank you very much. If i could just followup on that, isnt it true if you go into their command, they have pretty good eyes on most of everything in their grid system. I would assume utilities are similar. They are eyes everywhere, right . Is that correct . I mean, besides the technical detection of whats happening on a line, they also have eyes on practically every aspect of the infrastructure . I think it depends on the utilities. There are small ones and large ones and approach it differently but definitely for larger utility youre correct. Very sophisticated operation. Thank you. But we worry about the smaller ones like we have up north. Senator cassidy, where are you now . I think it was you that spoke of the dark net. Is the dark net require lane of different fiberoptic cables or can it go through same fiberoptic cables. Thank you, senator, for the question. Certainly we can use existing fiber thats not being utilized. Generally speaking theres a lot of bunked thals are layed. Multiple fibers that occur and not all capacity is being used. In the instances where you have smaller utilities or cooperatives that dont have the cyber, there are other avenue that is we look at in using some of the advance communication capabilities and emerging capabilities to also take and look at hardening. But, yes, sir, certainly we can utilize those existing fibers. Could we overlay to what degree could we now go to dark net . I once went to a dod facility, they had internet there and closed system there. It was two different terminals but somehow i understood this is and that. To what degree do we have that now for our utilities . Sir, i cannot answer in totality. We are having people that are looking as i mentioned before over 100,000 miles of existing fiber that we have to see exactly where the connectivities are relative to commercial entities, the entry industry out there. So certainly i can get back with you on that question, sir. Thats a segue my staff gave me from august 17th, president s National InfrastructureAdvisory Committee and they have 11 different recommendations and theres this urgency behind and a sort of assumption that we should have done this yesterday and we havent done it yet. With agencies and congress required to put things together which apparently we have not. So i appreciate the chair and Ranking Member holding the hearings, but to what degree is leadership being exerted by the federal government to make sure that all this happens asap . Because i gather you all think it should happen asap, fair statement . To what degree are we providing that leadership . Thank you, senator. I am nothing but discreet and diplomatic. I do believe the department of energy are taking leadership within the bounds of what we were able to accomplish, what we understand that we should do but i also think that leadership understands that we could do more. We have been working let me pause for a second. Ranging from Quantum Mechanics which i dont understand but fascinated by to put analogue switch in there. Two different approacheses with dark net overlay. So those are very tangible this is what you could do now and probably work really well. What is the state of play or rewith looking for someone to propose it . One of the case that is we are looking for is power in chattanooga. We are looking at how we can establish some of the capabilities with them. On a smaller scale although dod has apparel internet, is this a strong recommendation, yes, we should be doing or, no, we should be testing before we go full . We believe that the technology exists to increase our capabilities to defend the electric grid from a communications and control standpoint if we go forward with this and thats what we are proposing. Is that generally agreed upon . One thing we could do is appropriate the dollars to immediately begin putting a dark net for everybody whose connected to the grid except maybe a distributed, if im selling electricity off of the roof of my house, but other than that, is that something that we should be writing in legislation now in your opinion . So we currently have Utility Partners with extensive fiberoptic networks that are ready to start implementing this today or testing today. The quantum or the dark net . Its really tied together. Thats not all utilities. It will have to start small let me ask you. Let me interrupt. I always mispronounce. You have this exchange of electrons through the whole mississippi valley. If theres somebody who is a weak link, doesnt have quantum or analogue, can that go through the whole network in getting those that do have it . So ultimately youre only as strong as your weakest link, but your biggest links need to be secured first and the propagation can be limited by focusing there and prioritizing there initially and there are three separate grids, of course, that would be independent from one another. Let me echo the question of can we implement this quickly. It is a question of funding. The program is doing a great job but they dont have a large enough budget really to to take on dark net yet so at least from my perspective i think that increasing the fund to go that program is an excellent thing to do right away. The other point i would like to quickly make is these new technologies will take time to be implemented. It could be a long as 5 to 10 years for some of the technologies to be implemented. If you think where hackers were ten years ago and where you think hackers are going to be in ten years from now, thats where the urgency is coming from. We really have to get ahead of this. I would like to say, though, across the industry our Utility Partners are beginning to move out even faster in developing pilots, working with commercial industry, working with National Labs to develop the process and procedures to implement the new technologies. Mr. Ridel mentioned three major utilities working together to implement and prototype and demonstrate the technologies and give Lessons Learned out to utilities across the nation so we can understand what the scope of the issue is and how to deploy these and provide that expertise as others do similar to the other utilities in the east coast as well. I think we are moving faster than we have been. We would all love to do it faster. I apologize, i yield back. Senator franklin. Thank you, madame chair. I know that this is about cybersecurity and the grid but doctor i was struck in your testimony about your discussion of Microgrid Technology and potential application to puerto rico, the chair know that is im very interested in this and i think all of us are. After the devastation of irma and maria, millions of americans in puerto rico and the Virgin Islands are still without power. This is really inexcusable. I can read from your from your testimony. Most recently Oak Ridge National laboratory has considered how its scientific expert may be leverage today help area in which local power grid is essentially being rebuilt from ground up. Puerto rico is devastated by Hurricane Maria last month, the islands Critical Infrastructure including its power, transmission and distribution grid serving more than 1. 4 million customers was nearly demolished by the powerful storm. As relief and recovery effort continues, we are mindful that many of the solutions developed for Grid Resilience could be purpose purposely built into a completely new robust system for puerto rico. Through distributed energy resources, for instance, Puerto Rico Electric Power Authority can benefit from micro grids with more power generations spread throughout territory, cited locally and neighborhoods and providing greater flexibility when the larger grid is disrupted. Complementary opportunities exist to support the development of a more secure and resilient puerto rican infrastructure which will ultimately lead to a better quality of life for residents and reliable electricities to support its businesses. This is something that we have been talking a lot about, a lot of us, including the chair and Ranking Member of the committee. Could you elaborate on the work that oak ridge is doing to improve resilience for the grid and how that might relate to our responsibility after these hurricanes to approach rebuilding the grid, getting them up, again, as fast as possible, but then building something that is resilient and sustainable . And if anyone else wants to we have for a number of years been looking at Technology Come how we can take and build those, given different types of Power Electronics and charging and sensing type systems that they can have the isolation from other, the larger infrastructure and be able to operate in the events and island mode if they need. From that standpoint. And so with that i know that carl is leading an effort among the different labs and he can probably address it quite well. Please. Specifically for puerto rico, we need to frame some options that can be, add value in the one to six months, 12 to five years. The notion of evaluating what critical votes in terms of drinking water, purification, healthcare, i on communications, how do they come down and identify where it might be worth the incremental expense for from microgrids to harden those against future events and leverage some of the work weve done in the modernization in new orleans and other places on how to coordinate multiple microgrids that they are in bad storms can actually adjust and focus just on the critical loads for emergencies applications. Thats i think a Good Opportunity for us to bring new concepts to the rebuild of puerto rico over the next couple of years. I think its just responsible to do that and smart to do that. I know im out of time, but their grid is right now powered so much by diesel, and a lot of people from minnesota, in the winter, go to puerto rico and the Virgin Islands for the sun. Im just saying. So i think that, you know, perhaps in rebuilding this grid we can make it more resilient and use more Sustainable Energy as well. And its something that im glad the National Laboratories have been asked by the Energy Department to look at. I think everybody is rolling in the same direction what im saying. I feel good about that. I think it was a good question, important one, and we will be having a hearing focusing on the Current Situation in puerto rico, and Going Forward, the future of that energy grid there, and we look forward to input from the National Labs. So to know that you have taken. On that, mr. Imhoff, i think is important. We will look for that, more detailed in the next couple of weeks but very, very important. Thank you. Senator duckworth. Thank you, madam chair for a what you think you and the Ranking Member for todays hearing. I i definitely want to thank eyewitnesses for participating today. Recently as my colleague, mr. Franken, mentioned, we seem frightening weather patterns and infrastructure instability in puerto rico, and in the ukraine even in 2015 when malicious actors destabilize the country power grid. I had to learn that cybersecurity can take many forms. I come to the summit militarist perspective whats all about enemy sacking, trying to attack you but also cybersecurity also applies to try to prevent technological failures from occurring as well. Im proud of the National Labs are partnering with industry to develop solutions to modernize our grid including illinois own national lab. We are leading eight projects under the Grid Modernization Laboratory consortium. We refer this earlier when you responded to my colleague from louisiana about the investments of the need to be made and thats where my question is going next. It seems to me there is a cycle of scientific discovery that then provide necessary impetus to develop technologies that addresses those militant concerns and the we develop, we develop those initial technologies and prototype, then we move towards bring them to a place where they can demonstrate effectiveness and be deployed to the marketplace. Id like to further elaborate on that. Of all the witnesses, where in terms of the cycle of discovery Prototype Development and development towards deployment as a relates to cybersecurity threats, where are we in the process for our Energy Infrastructure . Other specific investment we should be making . You mentioned in forming municipalities but is anything specific . It seems like this this is a continual cycle we go through. Anybody want to take that . Ill get started and turned over to my colleagues here we are in all phases of that cycle. There are many dimensions to this activity, many dimensions to cybersecurity. On cybersecurity i mentioned in my testimony that we have roughly 3000 utilities in the United States. The largest thousand are pretty far along on their cybersecurity journey. The smallest thousand dont have any digital devices so its not much of an issue. The middle thousand has devices but theyre very small engineering staffs and very limited budget, so its harder for them just to do the basic fundamentals of maintaining good enterprise discipline on their infrastructures. They are in a different place on the develop an cycle than some of the larger utilities who are looking at quantum encryption and other activities. So we are in all phases and i think it will always be that way. Some things on the more mature states but you have to work them out in 3000 utilities that are across 50 different regulatory jurisdictions. So it just doesnt happen overnight. It takes time for things to unfold. At the thing id like to add with that, our partnerships are absolutely critical. National labs will take and produce lower Technology Rating level type solutions, and so to take and transition those to industry or work with the Industry Partners is absolutely critical in this arena. I come from a military background as well, from the standpoint of rapidly getting those products to the field where theyre needed. In cybersecurity aye said earlier, we are in that very type loop of episodes are far outpacing us in terms of how we can respond so the industry partner is absolutely critical. Id like to respond to that as well. Ive been involved in Technology Innovation for cybersecurity for about ten years in other jobs. One of the things we do realize between the development of the deployment of technologies is what is called the valley of death. A National Labs, their place in developing those lower Technology ReadinessLevel Technologies to solve particular problems at the time, have not had the emphasis on commercialization, probably not their major role to do that. In the last few years weve seen more and more emphasis from d. O. E. , dhs and others to bring these technologies to bear but we do need commercial partners whether its Venture Capital or other to help invest in these. The dhs transition to Practice Program did a wonderful job of coming to the National LabsPacific Northwest national aye oakridge all have technology that were transition in some of those but when you go those types of activities and we need more emphasis on if we really feel that we can get those out there and entrepreneurs can take this technology forward. Is it okay to add to that as well . Yes. Intransitive element to deployment shortening that time, i think one of the Biggest Challenges is, as mentioned with over 3000 utilities, some big, so small and are going up against a verse of his get at pacific these nationstate hackers have much more sophisticated operations and utilities are used to. We are asking big and small utilities to come up with solutions on very rapidly changing technology. One of the things the government can help to do national ads can help to do, partnerships and up is identify a template, a solution, cookiecutter solution that at least could be a starting point for these utilities and they need assistance in implementing it and maintaining it. That doesnt exist for those utilities. Senator duckworth, thanks for the question. I wouldnt be here today without the support of d. O. E. , california and some of the funding so im very appreciative of that. For me i think the funding is critical. Thats a holistic approach we need to take. Theres no one technology thats going to solve this problem. We talked a lot about Networks Today with the dark fiber and the quantum, but we also still need automation to give respond to these things in a timely fashion and to support the growth of the devices were getting. We also need to trust people are operating on these devices so we need to move beyond Current Technology and look at new ways we can actually assert that the people property are who they say they are, which helps sort of i think bring everything around. Its a holistic approach and we need to continue investing. Madam chair, youve been very generous. Thank you. Senator cortez masto. Thank you, madam chair. Let me just follow up because, and ill open this question is for all of you. Do you think the small and midsized utilities are more challenged to really find the programs to address the Cyber Threats than maybe some of the larger utilities . Senator, i would agree with that statement many from a standpoint of the resources that the small utilities have available for this. Their the programs are there. Its just a matter of having the capital or the resources to access those programs or for those programs, is that right . I would have the tendency to agree with that. I agree but i must say that some of their representing organizations, they do have relationships with d. O. E. And they help aggregate numbers of small utilities for them to be involved in demonstrations but in generally dash general smaller resources come smaller sets is more of an uphill walk for them than some of the larger entities. I think it is worthwhile to note as i mentioned before, some projects on the east coast, that the intent is to have the large Utility Partners have those resources help to validate a lot of these approaches and then share that information into the rural cooperatives and other types of environments that dont have those resources. A one not need to spend the time to do that validation but it will be able to be handed down to them. And then, he may have addressed this and i apologize, i had another Committee Hearing but im also curious how the state plan to this. In nevada governor sandoval has greater a new office of Cyber Defense which will serve as a primary focal point for Cyber Threats and security for the state of nevada. With the addition of the Cyber Defense coordinator it will serve as a primary conduit with the federal government as well as the primary entity managing cyber threat issues across the state of nevada. Do you see that as a role most states should be involved with and coordinating with the federal level . And then particularly the private sector to address the cyber threat . You mentioned the important word and thats coordination. I dont think every state should spend resources to go off on their own and potentially have redundant systems but as i mentioned with california, their work on their regional things that happen Pacific Northwest, i know they Work Together with regional entities and i think that coordination with leadership from the government can help rapidly advance some of these technology areas. I do think as well, in utilities theres a follow the leader mentality. So if a set of utilities in one state identify a solution that works well and they can share that with their counterpart and of utilities, we will see that filled again. Just to echo was mentioned, california as the california ces 21 project which involves utilities across the state and they develop some innovative package solution that are being abducted in california. If that is successful then hopefully that will spread to the rest of the country as well. Great. Senator, thank you very much. Ces 21 has made an effect and were always trying to work with other organizations so the research coming out of that is having realworld effects not only for the use but also around the globe. Thats all based on the funding thats coming to make that happen. If we can continue that thats only going to grow at a think thats a very good thing. Great, thank you. And, dr. Raines, im very intrigued with your darknet concept. Assuming adequate funding, how many years away are we from the evidence with a debt solution for our nations electrical grid . Iq for that question. As we mentioned earlier in the testimony, there are different phases that are occurring and can occur with a darknet concept. Utilize an existing infrastructure such as some of the fiber. The our capabilities that dr. Earl and others have been developing that can be implemented relatively quickly. There are also other advanced communication capabilities that can be admitted for some of the smaller cooperatives, if you will. So theres a lot of things that can be done nearterm, but it is going to take, i think s dr. Earl mentioned earlier in testimony, some of these advances they take five to ten years to fully mature. Okay, thank you. Thank thank you very much. Appreciate the conversation. Thank you, madam chair. Thank you sensitive. I have just one last question. Mr. Tudor, you had mentioned in your comments they need for control room operators to have handson training opportunities and you referenced the ukraine in a box. How ready are we with this program . Do we actually have utility room operators that are training, kind of handson to how to handle a ukraine like attack . And really to what extent did the men and women that are on the ground on the front lines being trained to handle a cyber attack . Thank you for the question, madam chairman. I must say that people operate our grid are highly capable and highly trained. Its really enlightening when you go into some of the command centers in some of the different utilities to talk about how they train, what they do, how to respond to events, what they do in alltime to provide different training and in other training that is required. Our ukraine in the box is just another tool in the training environments. For the most part our utility operators are not constantly respond to Cyber Attacks, being able to add this into the training regimen will be something that allow them to see kind of realworld techniques that may be deployed against them, some of the indicators and how they might respond and a nondisruptive kind of desktop environment. So i i do think that from an operational perspective in very good shape in the u. S. One of the things that a a think about coming from a state that is rural and isolated and more micrograms than large integrated grids is that you have, your Different Levels of opportunity for that kind of training that you are saying you think is pretty much in place. And im thinking that perhaps with our bigger utilities, they do have that opportunity. But our smaller grids that are perhaps not as integrated, as sophisticated, i i worry about that level of vulnerability. And i worry that perhaps we dont have a level of training that is applicable for the different types of grid that we have throughout the country. Can you put my mind at ease a little bit there . Thank you, madam chair. Ill try. I think you are right, there are Different Levels of need into the levels of training. I think the development of some of these desktop trainings, they are known for the large number structure being able bring people in and you some unique, sophisticated training but also to put some of this training via webbased, which is happening now and more happening. These desktop environments were hoping to potential to make this an open source type of learning environment as well so they dont have to our equipment to be able to run this type of training. So were trying to export the training for more flexibility all across the nation. Madam chairman im sorry, going. I was talking get the with the head of the northwest Power Association of their based in vancouver outside of portland. A number of the small utilities and alaska are small publics and rural coops, et cetera. They have training opportunities so they provide for their members, but they are voluntary. Its not just alaska. A lot of small utilities struggle to send their staff to training. So i think that there are opportunities there, processes to work with the associations that they belong to, et cetera, but my guess is if you were to talk to those community entities, a large fraction has to do with their available to send people to training. That would be where i would start, trying to get them to sense what more resources and the United States opportunities that probably would require some travel down to the lower 48. Because i do hear from so many of them that they are anxious for their own security, and knowing that there are avenues via the web. Dr. Raines, do you want to wait in . Yes, madam chairman. What i wanted to say was basically is some good news stories in terms of how we are developing work force, close to 20 years dhs, nsa, National Science foundation have been partners in these Academic Centers of excellence for focusing towards cybersecurity. There are over 200 universities and schools at this time producing cyber educated folks, and thats not just at the graduate level, the undergraduate level but at the Community College level. So were trying, or trying it for number of years, you know, getting the work force developed the right application areas. Because a lot of the small utilities may be using more technician level folks and advanced degrees folks to help operate. So there is a lot of work thats been going into that over the years comments i just wanted to give it to you as a good notice peace in developing workforce. I appreciate that. Thank you, senator king, weve had a good discussion here this morning with some of the technologies and the efforts to our National Labs and on the private sector as to what we can do to do a better job of ensuring that we are not as vulnerable with our, whether its our energy grids or other infrastructure, and had some good testimony. Weve gone through all the questions so you up if you would like to engage eyewitnesses. Thank you, madam chair. I want to apologize to you and the witnesses. Speaking of technology theres no effort made whatsoever a writer to schedule hearings in any kind of coordinated way. I had a hearing this morning on the attack in niger which actually is a great grave concern. And understand there has been some discussion of the billet senator risch and i sponsored involving the National Labs and i wont belabor that except to say i think its a step in the right direction and i understand the panel agrees, and so we will hopefully move that forward. This is an really a comment directed at the panel but i think its important, madam, mam chair, as we are dealing with this issue and we spent quite a bit of time on and Armed Services and intelligence as well. One of the problems is all of our focus is defensive, how to restructure our system defensively . How do we patch . How do we have the right breakers and all those kinds of things . In my view though, ultimately thats not the whole answer. Part of the answer has to be a deterrent strategy or doctrine that is well known across the world, that if people attack us in cyberspace they will feel results. They will also be at some risk. And one of the problems and one of the frustration is the return of such a doctrine. The current administration, the Prior Administration did not do this either. But i think, madam chair, if record effectively deal with this risk of cyber attack that has to be a deterrent doctrine whereby our adversaries know that this kind of attack will not be accepted, will not be, not be not responded to in some way. I think thats a big part of the problem here. We can be the best boppers and weavers and history of the world, but if youre not allowed to ever hunchback you will lose the fight. Punch back. I think that something come were talked about it in Armed Services, and we passed an amendment to the National Defense bill but we are waiting for the administration and we were waiting for the Prior Administration to come forth with a Cyber Strategy beyond simply patching the system. So with that, if you can find a question in there, you are welcome to it but i just felt it was an important part of this discussion. Its not only the technology of strengthening the grid, but its also strengthening the deterrent so that the attack doesnt come in the first place. If you dont mind id like to address that. We talked today about quarter technology, Quantum Key Distribution Technology which can defend the grid. The great thing about that technology or the flipside of that technology, is it also can be used on the offense. Quantum computing can be used to crack codes and really take a much more aggressive stance on the offense side. So why investing in our own defense we actually do provide a path to an offensive strategy as well if we needed it. One of the problems ive observed is were so secretive about what we develop. A a secret deterrent is not a deterrent. The world has to know what we can do. That was the rule with Nuclear Weapons for 70 years, and blessedly it has protected us on that kind of catastrophe because of the understanding that if Nuclear Weapons are used, mutually assured destruction. So i agree with you, but we also, we all tend, particularly and government, want to keep things secret. You all remember, i dont know, you may not, some of you are too young at this famous scene of dr. Strangelove where George C Scott says but commissar, if you didnt tell us about the doomsday machine, it wouldnt work. Well, we were going to announce it on mayday. Weve got to have a deterrent. Its got to be well known. Its got to be included part of our doctrine. Thank you. Thank you, madam chair. Well, and to follow on that, we had a little bit of discussion about where the chinese are there Quantum Technology, and the distances that they have breached. Thats the secret, but im sure that everyone in the world is kind of paying attention to what is going on there. I hear your comments. One for the question of that. I raised china in my opening. You spoke to it. What other nations are out there that are leading in this space . So unfortunately theres a a number of countries that are leading the u. S. , china deputy would be the top of the list of the eu is making a concerted effort. They are spending quite a bit of money to pursue Quantum Technology. Australia and canada are well are very well along on that list. Any other question from either of the senate is . Hanky gentleman. Appreciate the time you have given us and the level of expertise that you bring to the subject. Know that as relates to puerto rico as i mentioned earlier we will look forward to the input from our National Labs there, but obviously with a great deal of work to do Going Forward as madam chair . I apologize. Your mentioning puerto rico. Did provoke one thought. I hope as when working on the rebuilding of the puerto rican grid we can be thinking to the future instead of building a a 20th century grid, and think about things like distributed energy and underground wires and all of those kinds of things that we dont just rebuild something thats liable to be knocked down again in a next great store. I think this is an opportunity that we should seize, and hope we can all Work Together to see that that happens. Thanks again. And know that we can come up here. Thank you all. And with that we stand adjourned. [inaudible conversations] this weekend on booktv on cspan2, rectory book publisher Anniversary Party in washington, d. C. Sunday at 8 p. M. Eastern abc news correspondent katie turner reflects on the Trump Campaign and the 2016 president ial election. Its the secret politicians dont like reporters generally. Nixon had a fraught relationship with his press corps. There are legendary stories about ron ziegler, his this person getting into it with reporters. What was unusual about this was the very public nature of it, the w