February. 12 frequently cited cases heard from the high court. Live on cspan beginning in february. The Washington Post hosts a confers on oip yoed addiction. Were hear from senators. Live coverage begins at 9 00 a. M. Eastern here an cspan 3. In the afternoon, the commander of u. S. Central command will talk about u. S. Arab relations. Hosted by the national conference. 2 05 p. M. Eastern. Also on cspan 3. You can watch both events online at cspan. Org or the free cspan radio app. Sunday night on after words. Over 90 of Sexual Harassment cases end up in settlement. And whats that mean . That means that the woman never works in her chosen career ever again. And she can never talk about it. Shes gagged. How else do we solve Sexual Harassment suits . We put in arbitration clauses and employment contracts. Which make it a secret proceeding. So again nobody ever finds out about it. If you file complaint. You can never talk about it. Ever. Nobody ever knows what happened to you. In most cases youre terminated from the company and the predator is left to still work. In the same position in which he was harassing you. So this is the way our society has decided to resolve Sexual Harassment cases. To gag women so we can fool everyone else out there that we have come so far in 2017. Former fox news host grechen karlson talks about Sexual Harassment in her new book be fierce. Stop harassment and take your power back. Watch after words sunday night at 9 eastern on cspan 2 book tv. Next. A house panel looks a the possible threat posed by north cre korea. Including the potential for electromagnetic pulse attacks. Good afternoon, everybody. The committee on Homeland Security subcommittee. Will come to order. The purpose of this hearing is to examine the risk posed by north korea to Homeland Security and recommendations for the department to be better prepared to mitigate these risks. The chair recognizes himself for an Opening Statement. It is no secret that kim jong un and his regime in north korea has ratcheted up tensions with thenitis at an alarming rate. With the knowledge north korea conducted over 20 missile tests on a dozen different occasions between february and september of 2017. Including test of Ballistic Missiles. Many americans and allies around the globe remain on edge. However, americans may rightly wonder about north koreas ability to threaten the homeland directly. Intelligence from the hermit kingdom is inconsistent and limited. Despite the intelligence challenges, information that has been gathered is reason enough for alarm. For example, according to to media reports two north korean shipments to a Syria GovernmentAgency Responsible for the Chemical Weapons Program were intercepted in the past six months. While these reports did not detail exactly what the shipments to syria contain, this is not the first time a north korea ship has been seized due to carrying suspected Missile System components. In 2013 a north korea ship was intercepted in the canal with false manifests and hidden under cargo. Parts of fighter jets and rockets. In addition, according to to the counsel on foreign relations, recent estimates suggest that north Koreas Nuclear weapons stockpile compromises ten to 16 Nuclear Weapons and have the potential to grow rapidly by 20 to 125 weapons. The center of studies estimates north korea has between 2,505,000 metric tons of creme kal weapons. We are all aware with the assassination of kim jong uns half brother with a deadly nerve about. Those weapons have been put to use. Whether or not north korea intends to act on any of the threats to the u. S. Directly, we must also keep in mind that pun and willing to to other hostile nation states and possibly nonnation state actors that are intent on destroying the United States and the freedoms we stands for. Former department of Homeland Security stated in april that the most imminent threat from the north korea is a cyber threat. North koreas increaseingly sophisticated Cyber Program has ability to pose a threat to United States interest. Federal prosecutors are investigating north korea for a possible role in the International Banking system or the swift hack that resulted in the theft of 81 million from the central bank of bangladesh in 2016. 2014 the commuters system of Sony Pictures entertainment were infiltrated. In retaliation over expressed out rage of the back ill m centered on kim jong un. The growing variety of digital threats against the private sector and federal net work ts. Are we prepared it safeguard our infrastructure against a north korea led cyber attack . Its a serious risk we face. We cannot discount other possible threats. Such as an electromagnetic attack. That could result in paralyzing the grid. And other key infrastructure that rely on the electric grid to function. Disruption to the power grids would be disasterous. According to to a government report. A major emp could result in cascading impacts on fuel distribution, transportation system, food and water supply. And communication and equipment for emergency services. North korea continues baa lij rent actions the United States must be. The department of Homeland Security has a vital role in protecting the cyber space and infrastructure. And preventing chemical buy logical, and nuclear terrorism. This hearing will allow us to gain a greater understanding of the multitude, severity and probability of threats posed by tho thort korea. And how the homelands can mitigate the risks. The chair recognizes the je moon from california. Thank you. And welcome all the guests here today. Panelists, thank you sir for holding this hearing on threats of north korea to the great country. And again i thank the witnesses for being here. Also want to take a moment to send my thoughts and prayers to those affected by the california Southern California wild fires. In my district many of folks very near and dear to me have been evacuated. My staffers and friends have had to be evacuated. And a couple camps receiving those evacuated are my district. Our thoughts and prayers are with them. As well as others in california. Also want to thank the First Responders for again doing the work theyre doing right now in and around my district. The chairman will recognize the seriousness of north korea this threats it poses to us. I just want to take a moment to acknowledge we also have to look at those achked by hurricane harvey, irma and maria. Coming back to north korea. Americas current diplomatic policy must be cautious in engaging this individual, this leadership that appears to be very unpredictable. Reports do confirm north korea is accelerating the pace of its missile testing. Devoting more resources to develop its cyber operation. And threatening to create a multifunctional nuclear bomb. Recent actions such as the north korea connected hacking groups that stole 81 million from banks in bangladesh and Southeast Asia show north korea is getting more daring and much more functional. With their cyber operation. From the Witnesses Today i look forward to hearing from you. And how this department Homeland Security can better protect the vulnerable Critical Infrastructure of cyber. Cyber threats and how to mitigate such threats here in our country. Further while the probability of a electromagnetic pulse appears to be at this time unlikely. North korea has made it clear it is testing its ability to mike a hydro general bomb capable of such destruction. So my question to you is, is an emp something thats a threat at this time or soon . Speaking on this frustration with president trump, north koreas leader stated that trump denied the existence of insulted me my country and from the eyes of the world my questioning is is this anything new . Or is this going on for the last 20 years . Im interested in hearing from the witnesses in this panel. What happens if the unthinkable happens. What would happen the first 10, 20, 30 minutes of all out war . Hi hypothetical. But one we need to be appraised of. With that, i thank you and yield back. Chair, thanks the gentleman. And join you in echoing concerns for those affected in and around your district. And of course in california. The wild fires and the First Responders as well as the victims in the recent hurricanes here. In the United States. And our citizens in puerto rico. And the caribbean. With that, other members of the subcommittee are reminded Opening Statements maybe submitted for the record. Were pleased to have a panel of witnesses before us today. Witnesses entire written statements will appear in the record. The chair will introduce the witness first. And then recognize each of you for your testimony. All right. Mr. Frak frank cilluffo. Associated Vice President at the George Washington university and director of the center for cyber and Homeland Security. He previously served in Homeland Security positions in the white house and Homeland Security advisory counsel. Welcome, sir. Anthony rougier. The office of terrorist financing and financial crime. And spent 13 years in various positions in the state department. Welcome i sir. Mr. Patrick terrelle. A Senior Research fellow. Weapons of mass destruction at the National Defense university. He served in the u. S. Army chemical core. For 27 years. And was the wmb military add vie tor and Deputy Director for chemical, buy logical and Nuclear Defense policy in the office of the Deputy Assistant secretary of defense for counting wmb. Thank you for your service. Welcome. Jeff green a senior director of Global Government Affairs and policy. Where he leads a team focussed on Cyber Security data integrity and privacy issues. Prior to joining he sefbed in staff positions on the senate Homeland Security and governmental affairs. And security committees and as an attorney with a the washington dc law firm. Welcome sir. Doctor peter pry is a nationally recognized expert on electromagnetic pulse. Doctor pry was most recently chief of staff of the Emp Commission. And has served on the staff of various congressional commissions related to National Security as well as the House Armed Services committee. And was an Intelligence Officer with a Central Intelligence agency. Welco welcome, sir. Thank you for being here today. We recognize cilluffo for Opening Statement. Thank you for the opportunity to testify before you today. On such a critical set of issues. North korea poses an increaseingly complex and multidimensional threat to the u. S. Homeland. The many facets of the challenge include the Nuclear Threat, missile threat and the proliferation. My own remarks will focus on the cyber threat. Regards to the cyber aspect it should be flagged up front. It is not one dimensional. To the contrary, it may manifest itself in three ways. As a stand alone cyber threat. A component in conjunction with the broader campaign. Military or connectic means. And an indicator of an attack or campaign that is yet to come. The cyber equal of intelligence preparation of battlefield or mapping of Critical Infrastructure. A conference we cohosted with the cia last week, a senior official described north korea as between bookends. The fear of chinese abandonment on the one end and fear of u. S. Strike on the other. Official stated further that north korea exists to oppose the United States. And that kim jong un defines winning as staying in the game. It is against this background the over riding survival of the kim regem. And the military first policy that the north korea cyber threat must be considered and evaluated. In terms of the bottom line up front. The cyber threat is already here. It is persistent, ongoing and comes in various disguises and forms. The battlefield includes the traditional air, land sea space. But cyber space. Which is simultaneous its own domain and transcends all other domains. The question is if and when the north korea cyber activity escalates. Moving higher up the chain of conflict. Going beyond traditional computer net work exploit. And cyber crime to bigger and more destructive attack. If so, what are the primary targets. And how can we tlart the attack or minimize the impact through Contingency Planning and building resilience. At the high end of the threat spectrum are nation states. Military and intelligences are integrating attack and exploit into the war fighting strategy and doctrine. North korea is one of a small handful of countries that top the list from a u. S. National security perfective. Many of the details of the actual cyber warfare capabilities are shrouded in secrecy. We know north korea has invested heavily in building out cyber capability. 2015 report by the south Korea Defense Ministry estimates the nor korea cyber army employs an elite squad of 16,000 hackers. This number likely increased and worth noting that many of the hackers operate outside of in northeast china and Southeast Asia. While not yet up to par with the likes of russia or china, what north korea may lack in capability it unfortunately makes up for with intent. Thort yee engaged in extensive es pea knowledge recent reports of classified information from the south korea military. In the targeting of u. S. Energy companies and Industrial Control Systems here is troubling. And reflective of the espionage. The attack on sony is only one example. Perhaps what differentiates they turn to cyber crime to raise revenue. Including funding nuclear aspirations. Given recent sanctions that are lev ried upon them. They have been pegged the likely culprit as you have highlighted behind a string of cyber Bank Robberies as far as poland. Also the swift hack opt central bank. Hacks against bit coin and other current si exchanges. And the attack which impacted. If pasdsed this prologue we ought to be prepared for a further spike in cyber crime. The cyber twist maybe new, such behavior is not. North korea has long turned to criminal activity such as counter fitting, current, cigarettes and foorm suarm su p. With the country using diplomatic cover to pursue illegal activity. In essence theyre using National Collection means. Using all Source Intelligence for criminal game or more aptly to be compared to as a state sponsor of cyber crime. One word on what to do about this. Bottom line. Train more and better. We need to exercise i think contingency plans are important. Make the big mistakes on the practice field. Not when its game day. And dhs has done good work in terms hof sharing of information and intelligence such as hidden cobra. Where that i provide north korea activity. This is so vital. That will be the warning. That will be the indicator that something bigger maybe a foot. The broader threat picture other scenarios like emp that will require a much broader response and need to include partners like dod. As dhs and the utilities would be overwhelmed. I hope theres more time to get into that. Thank you, mr. Chairman. The chair recognize mr. Rougier o for opening state. Chairman, Ranking Member, and distinguished members of the subcommittee. Thank you for the opportunity to address you. North korea Nuclear WeaponsMissile Programs are expanding after a decade of failed american policy. And now pose a direct threat to the u. S. Homeland. Threatened our close allies south korea and japan. As well as the u. S. Troops stationed for decades on allied territory. The progress of north koreas programs shouldnt be surprising. Since conducted its First Nuclear test eleven years ago. And its long range Missile Program lasted 20 years. Twice tested in a Ballistic Missile in july that could target los angeles, denver and chicago. And possibly boston and new york. The kim regime tested a massive weapon designed to ob lid rate cities and could be delivered by long range missiles. These developments are more concerning when we consider that it has a that pyongyang has a proclivity for selling weapons to anyone who has paid for them. It has sold items related to Nuclear Weapons, chemical weapons, and Ballistic Missiles. Among north koreas most troubling relationships are those with iran and syria. The threat we face is acute and growing. After years of strategic patience the time has become for a policy of maximum pressure that actually stands a chance of restraining the north korean threat without resorting to war. The Trump Administration is pursuing iranstyle sanctions to force north korea to denuclearize. And absent that result protect the u. S. And its allies from pyongyangs activities. Both critics and supporters of the 2015 nuclear deal agree that sanctions were the main driver that brought iran to the negotiating table. Modeled on the successful iran sanctions program, the Trump Administrations efforts clarify the choice we are asking other countries to make. Do business with north korea or do business with the united stat states. It cannot be both. This approach includes diplomatic efforts to convince other countries to cut ties with north korea, reinforced by the threat of losing access to the u. S. Financial system. The wall street journal reported that a yearlong effort by the state department resulted in over 20 countries cutting off diplomatic or commercial relationships with north korea. In prior testimonies i detailed flaws in the current sanctions regime, including a failure to prioritize the north Korea Sanctions Program and the need to focus on pyongyangs overseas Business Network as well as nonNorth Koreans facilitating sanctions. North koreas shipping network plays a crucial role in supporting this evasion, including the prohibited transfer of commodities. The countering americas adversaries through sanctions act contains several provisions for the department of Homeland Security that require it to highlight the role of north korean vessels in illicit transfers and the role of thirdparty countries facilitating these transfers. The Department Must publish a list of north korean vessels. Treasurys office of the control currently list 40 vessels as blocked property of north korean designated persons but our Research Indicates that smore than 140 could be linked to north korea. The department of Homeland Security and other elements of the u. S. Government should focus on the activities of north koreanlinked vessels including increasing the number of entities and individuals sanctioned in north koreas shipping sector, compiling a complete list of vessels linked to north korea, and naming ports in china and russia that facilitate north koreas sanctions of asia. The urgency of the threat should call for the department to take these actions before the 180day grace period granted by the sanctions law has elapsed. North Koreas Nuclear weapons and Missile Programs are a threat to the u. S. Homeland and our allies. There are two basic policy options for the United States. One accepts this dangerous situation as reality. Under the false premise that north koreas provocations can be contained or deterred. The other path was successful in bringing iran to the negotiating table with crushing sanctions that could force the kim regime to realize the futility of continuing its Nuclear Weapons and Missile Programs. The only peaceful way to protect the u. S. Homeland is to ensure kim jong un feels the full weight of sanctions implemented by the u. S. And our allies. Thank you again for inviting me, and i look forward to your questions. The chair thanks the gentleman. The chair now recognizes mr. Terrell for an Opening Statement. Chairman perry, Ranking Member correa, distinguished members of the subcommittee its my honor today to testify on the north korean wmd threats to the homeland. Views expressed in this testimony are my own and do not reflect those of the National Defense university or the department of defense. We do not yet face a clear and present existential threat to the American Homeland from north korea but its getting closer each day. The threat will be very real very shortly. But its nevertheless potentially manageable. Today north korea possesses nuclear, chemical, and potentially biological weapons that can be unleashed direct ly or through others against u. S. Vital interests abroad and in the homeland. Under kim jong il and kim jong un or kim ill song and kim jong il, Nuclear Weapons development progressed at a steady pace. A very deliberate pace. With kim jong un weve seen this extreme increase in pace of intermediate and intercontinental Ballistic Missile testing and Nuclear Weapons testing to include the most recent one in september. This acceleration has north korea on the verge of a functional roadmobile icbm capable of delivering Nuclear Weapons to the continental United States. While questions remain about the overall trajectory of the program, north korea could have by some estimates enough fissile material for up to 60 Nuclear Weapons. Not all of those would be their most sophisticated design but they could still be employed and whatever minute churized warheads they have managed to manufacture to this point could be used against guam and the continental United States. While the reliability, accuracy and survivability is questionable we should expect that north korea could endeavor to use these weapons in a time of crisis. Additionally, north korea maintains a large stockpile of Chemical Warfare agents probably mostly consisting of blister and nerve agents, which while intended for war fighting the korean geography supports strategic employment against the 25 Million People living in the greater seoul metropolitan area, which would almost assuredly result in exposure to some of the 140,000 american citizens living in south korea and raise the potential for the need of returned chemical casualties to the United States for longterm care. The assassination of kim jong nam with vx in kuala lumpur this february demonstrated koreas ability to transport and use chemical weapons overseas. While we know far less about their biological Weapons Program its believed that given the infrastructure that they possess within north korea they can conduct research and development and possibly produce small batches of chemical agent or biological agents. For the koreas long history of shipping conventional arms, drugs, and counterfeit money could facilitate attempts to move chemical or biological weapons into the u. S. Homeland for attack. While not on the scale achievable in south korea they could be impactful enough to foment fear. While no one has clear insights into kim jong uns thinking we can surmise he has two primary objectives his personal survival and the continued existence of a kimled regime. To that end watching iraq and libya could reinforce his belief that he is more likely to remain in power by demonstrating a credible operational wmd capability intended to deter attack on the Korean Peninsula. We also know north Korea Remains intent on breaking our Alliance System in asia. And believes that threats to the homeland will cause u. S. To abandon south korea and japan during a time of crisis. We also know that both kim jong un and his father believed they could manage provocations and the escalation and that by possessing a Nuclear Weapon he believes that the u. S. Threshold for war may be heightened allowing him to be more provocative and belligerent. We must strengthen our homeland and develop a mod earn proech to deterrence. Regional economic lenkz and 34ir89 posture are essential to demonstrating u. S. Presence as a transpacific leader financial diplomatic and other pressures must be applied to cut off potential trading partners. Next the u. S. Must protect all of our territory from north korean attacks and 1307bd should one occur. Many of the actions of the department of defense, department of Homeland Security and others have taken to prepare for wmd attack by terrorists would also apply to north korean attacks against the homeland. We must enhance our preparedness to include planning for large scale attacks perhaps with multiple Nuclear Weapons. Im not sure we have fully grasped how difficult the logistics and coordination will be for immediate lifesaving actions, shortterm relief efforts and longterm rebuilding following multiple nuclear detonations, particularly if one is 2,500 miles away in hawaii or over 6,000 miles away in guam. Finally we need a tailored deterrent approach for the unique challenge of north korea. Kim jongun must understand that any conflict with the u. S. Will end his regime and he will be denied the effects hes seeking to achieve. He should see how his Nuclear Threats strengthen our alliance. Reds ovl is demonstrated not by words but by deeds. Proper resourcing, training of of Response Forces demonstrating our Ballistic Missile defenses, hardening our Critical Infrastructure against astack and possessing a ready, reliable, and survivable nuclear triad. Again, thank you for this opportunity, and i look forward to your questions. The chair thanks mr. Terrell, and the chair now recognizes mr. Greene for an Opening Statement. Chairman perry, Ranking Member correa, thank you for the opportunity to be here today. Weve been tracking the Lazarus Group which the u. S. Government has linked to north korea for over five years and have watched as their targets have evolved and their Technical Skills have improved. Lad rus is different from other attack groups that have been linked to nation states in several ways. First their attacks are unusual both in the breadth of their targets and the goals of the attack itself. Second lazarus shows little hesitation to engage in activities that other groups might take pause. And finally lazarus targets a variety of disparate industries, many simultaneously, and is very quick to move from target to target. Their technical capabilities have improved dramatically over the past few years and we view them as above average in overall capability and actually expert in some areas. In particular theyre skilled at conducting Reconnaissance Operations and the quality of the malware theyve developed has improved dramatically in the past few years. The combination of this increased quality malware and new steps theyve been taking in Operational Security will likely make it harder in the future to connect operations back to lazarus. In other areas theyve made simple mistakes that have at times hampered their ability to complete an operation. These are usually, however, relatively basic and we dont expect to see them making the mistakes in the future given their zralted edemonstrated ada. Theyve been connected to attacks on a wide variety of sector from the Entertainment Industry to critical nfshlth to Government Systems to the Financial Sector and the defense base. Unlike other groups that have been publicly connected to nation states, lazarus has attacked individual Internet Users en masse. Their methods run the gamut. It includes the denial of service, highly targeted and sophisticated intrusions, destructive attacks and the use of ransomware. You both mentioned in your Opening Statement the theft 81 million from the Bangladesh Central Bank in 2016. But thats only part of the story. They actually targeted as much as a billion dollars and but for a fairly simple mistake might have got anne way with it. They exploited weaknesses in the banks network to steal credentials and then initiated fraudulent transfers. This was a wellplanned and sophisticated attack. To cover their attacks they installed malware which printed doctored confirmation receipts. The fraud was detected because they actually misspelled the names of the recipients of one of the fraudulent transfers which led to inquiries. Another lazarusconnected attack is the Wannacry Ransomware outbreak that happened in may. This was fairly significant. Within the first hours the National Health service in the United Kingdom was taken down and the Spanish Telecom provider telephonica was impacted. It was unique and dangerous because it propagated autonomously. It was the first ransomware as a worm that has had global impact. But while wannacry was very good at infecting computers and encrypting data, it was really bad at collecting ransom. Because of some fairly simple coding errors the attackers do not appear to have yet collected the ransom that was paid by some of the victims. Finally you both mentioned i believe the sony attack. This is probably the bestknown lazarus incident out there. It was late 2014 they were hit with malware that disabled networks, destroyed data and stole emails. Most of the Media Attention after this was focused on the salaries of respective movie stars and other salacious details. But from a Cyber Security standpoint the big story here was the permanent destruction in the United States of a significant number of computers and servers. By one report the attack impacted as much as 3 4 of sonys systems and Sony Pictures headquarters. The fbi as you probably know and the dni attributed this attack to the north korean government. Our Technical Analysis has linked sony to numerous other attacks including the Bangladesh Bank heist, wannacry ransom ware, dark soul which was destructive attacks in korea in 2011, the polish bank heist that mr. Cilluffo mentioned. In some lazarus is an aggressive and increasingly sophisticated attack group that has a demonstrated willingness to disrupt networks, steal money, and destroy computers and data. Unlike other major attack groups, which typically focus on one sector or even one industry, lazarus has shown no such limitations. As a result everyone has to assume that they could be a target of lazarus and prepare accordingly. Thank you for the opportunity to be here, and im happy to take any questions. The chair thanks the gentleman. Dr. Pry, the chair now recognizes you for your Opening Statement. Thank you for the opportunity to be here today to talk to you about the threat from north korea. Particularly the threat from electromagnetic pulse, emp which would result from the High Altitude detonation of a Nuclear Weapon. It is in effect a super energetic radio wave or super lightning that might destroy Electronic Systems including electric grids and all the Critical Infrastructures that support life in this country and that depend upon them. This threat has been described a couple of times. In the beginning of this hearing as unlikely. I would recommend that we not use that term in reference to an emp. Maybe a better word would be unknown. I suspect people will continue to describe an emp threat as unlikely right up until the day before north korea actually attacks us just like we did with the 9 11 attack that the day before it happened would have been regarded as highly unlikely. What we do know is north korea has the capability of an emp attack right now. And does right now constitute an existential threat to the United States. They detonated a Hydrogen Bomb on september 2nd. The new estimated yield on it is 250 kilotons. That single weapon could put an e. M. P. Field down over not just the United States but over north america that would cause the collapse of electric grids, transportation, communications. All the lifesustaining Critical Infrastructures. It wouldnt be a temporary blackout either. We might not ever recover from it. If we are not prepared to defend our electric grid now and put in place the measures and if they were to strike us now when we are unprotected, millions of americans would die. Look at whats happening in puerto rico now if you want to know what the consequences of an emp attack would be. Theyve only been without electricity for a few weeks and many people are in fear of their lives, legitimately so. Imagine in puerto rico with no u. S. Government coming to the rescue, all right . And they were on their own for a year. Youd have most of the population of that island perish if we werent there to come in and help them. Thats what would happen to the United States in the event of a north korean e. M. P. Attack, which they could do today. All right . And with a single weapon. The Intelligence Community, the e. M. P. Commission has been virtually alone i think in having a more accurate estimate of the threat from north korea than the Intelligence Community has over these years. This summer should have been a humbling experience for those who want to dismiss or minimize the north korean threat. Just six months ago many people were arguing that north korea only had as few as six, perhaps as many as 30 Nuclear Weapons. Now the Intelligence Community estimates theyve got 60 Nuclear Weapons. They werent thought to have icbms that were capable of reaching the United States, maybe alaska and hawaii. Now we estimate that they can reach all of the United States. So the Intelligence Community hasnt had a good record on this. The Emp Commission on the other hand has been right. Two days after that hbomb test, north korea also released a Technical Report accurately describing the way a super emp weapon would work and we think they probably have that too, which would generate emp fields even more powerfully than that of the hbomb which they successfully tested. When we think of Nuclear Weapons in the United States we think north korea would never cross the nuclear line because for us thats a big deep dark red line that we would very reluctantly cross. North koreans dont think that way about emp, nor does russia or china or iran. In their military doctrine emp is part of cyber warfare. Its part of a combined arms cyber warfare campaign. The likelihood of a nuclear emp attack is exactly the same as the likelihood of getting into war with north korea. If we get into a war with them where they feel the regime is at risk, they will use everything within their power including a nuclear or emp attack, to prevail. So how likely is a nuclear war with north korea . Its not just up to us. Its also up to the North Koreans themselves. They are entirely capable of miscalculation. Last, id like to point in terms of what we should be doing. Were going in exactly the wrong direction in terms of our preparations for emp. Just two weeks ago a senior official at the department of Homeland Security described the emp threat as theoretical and something we needed to study a lot longer. Thats basically the plan the u. S. Government is on now. The department of energy, department of Homeland Security and National Labs want to spend millions of dollars continuing to study the e. M. P. Threat way out to 2020 and beyond when the Emp Commission has already spent 17 years studying the threat, has repeatedly told congress this is a real threat here and now, and we know how to protect against it and it can be done Cost Effectively, and that is all true. I hope a project called the louisiana project that the Emp Commission started with the decht Homeland Security with secretary kelly will survive the death of the Emp Commission. In this project we have been working with the state of louisiana to prove you can protect a state electric grid very Cost Effectively. I think people will be surprised if its allowed to go forward at how little it will cost and it would provide a paradigm for all the other states to follow. Thank you so much for hearing me out. The chair thanks the gentleman. Votes have just been called. Ive got to figure out what were going to do here quick. This is what were going to do. Since votes have been called, im going to defer my questions. Because i am going to come back. Im going to go to mr. Duncan, mr. Correa. Then to the other side. And then when the times up im going to leave, were going to vote and then at least you know im going to come back. If mr. Higgins or anybody else, miss bare gann, anybody else from the other side wants to come back or anybody else from our side, theyll have that option and i hope you guys can indulge us and stick around. But this is how things work here. With that, i recognize mr. Duncan. I thank the chairman and the thank the panel for being here. Its been very informative. Dr. Pry, im going to skip north korea for just a second. Because of your past experience with russia and arms treaty verification, could you just touch on how difficult it is in iran as a closed society and a closed government for our arms treaty folks and the iaea to actually do inspections there . Then ive got a followup question about emps. But i would love to get your take on that. Iran has actually practically told us theyre cheating on the Iran Nuclear Deal. There is a military textbook called passive defense that is a major textbook taught at their general staff academies that describes in admiring terms soviet successful cheating on arms control treaties during the cold war and how they managed to fool us in terms of the number of weapons, the quality of their weapons, and that this would be a good paradigm to follow for iran. Its there in black and white. Congressman trent franks has a copy of the book. Unfortunately, its not unclassified. It should be unclassified but its for official use only. So it can only be used by u. S. Government officials. But in effect they have told us in their military doctrine black and white that they plan to cheat on agreements in order to get Nuclear Weapons. In terms of the difficulty, ive written a number of articles on this. One of these military bases, theres a photograph thats actually available from unclassified satellite imagery that shows four High Energy Power lines, each one carrying about 750,000 volts, going down underground into a facility. Something is going on in one of those underground military facilities that require these are at the military installations . Yes. That the iaea has never looked at. They dont have any ability to investigate them. That requires millions of volts of electricity. That could be running uranium centrifuges that they have that have not been declared. That could be running Something Like the krasnoyarsk 76. The soviet union had something called krasnoyarsk so they could cheat on Nuclear Weapons and cheat on the treaties. Something that needs to be declassified is under president reagan there was a thing called the general Advisory Committee report on arms control compliance. 1959. I think it was 1983, 84 up to that point. Which the state department has never allowed to be declass 2350id. And it goes through all of the major arms control treaties we had with the soviet union, demonstrated how they cheated on virtually every one. So we have a long history of the bad guys cheating on these treaties and at least half the problem is our own willingness to acknowledge that because there are interests in this town that are very much in favor of not wanting to face the reality that arms control doesnt work. Just like there were people, oh, around Neville Chamberlain before world war ii that didnt want to acknowledge the nazis and japanese were cheating on the Washington Naval treaty and other arms agreements that existed before world war ii. Thank you. The chair thanks the witness. The chair recognizes the Ranking Member mr. Correa. Thank you, mr. Chairman. Mr. Ruggiero, question to you and some of the others. Have we ever gone after the Bank Accounts of north korean genera genera generals, business folks . You hit them in the pocketbook at an individual level, that would get a reaction. Have we ever attempted to do that . Have we done that . If you lose a couple billion dollars in a swiss account it may get your attention. Certainly that would be useful. I think on leadership funds theres a question of where that money is. I think you made a good recommendation there in terms of countries in europe that have bank secrecy is the best way to look at it. In 2005 the United States went after Banco Delta Asia in macau, which was very successful. But since that time more recently weve started to go after North Koreans. The issue here is that in a lot of ways this money is held in china, in chinese banks or in the name of chinese companies, and thats why its important now to go after chinese companies, chinese banks so weve essentially lacked the technology, the information, the knowledge to figure out how to get at that money . I would say were starting to do that now. Okay. Since may the Trump Administration has taken six actions against china if i may interrupt you. Sure. Sorry. Nuke testing 11 years ago, rocket testing 20 years ago. You figure theyre preparing for that even before that and its just barely now that were figuring this out. Certainly. Very quickly, dr. Fry, you talked about an e. M. P. Pulse not being theoretical but essentially a clear and present situation. Why havent we reacted to this as a country . Is this a question of politics or is this a question of costs . If this is a threat here, were going to have to invest a lot of money to harden our systems. It isnt chiefly a question of cost. You can actually protect against emp quite Cost Effectively. The Emp Commission testified that for 2 billion we could protect the electric grid. And thats what we give away every year in foreign aid to pakistan. I think its a complex question as to why we havent acted yet. Politics is mostly what it has to do with. The electric utilities in this country are not controlled by the federal government. Theres 3,000 independent utilities. No agencies at the u. S. Government include the federal Regulatory Commission has the authority, has the power to order them to protect the electric grid. And they have spent vast amounts of money and huge effort lobbying against emp and not just emp but thats kind of what were going through with Cyber Security right now. Exactly. Private sector. Some folks want to step up. Some folks dont. Even the federal government. Some folks, you know, agencies are there. Some are not. The nerc has even approached the tree branch threat. The great neeflt blackout threat of 2003 was cause whend a tree branch hit a high voltage line in ohio and it put 50 million americans in the dark. Ferc begged them to come up with a plan for the future because we cant have 50 million americans in the dark. Its taken them ten years and nobody knows if it will work. The chair thanks the gentleman. The chair now recognizes mr. Higgins. Mr. Chairman, in the interest of time i defer my questions till we return. Yes, sir. The chair now recognizes miss rice. What effect would plnt trumps attempt to decertify the Iran Nuclear Deal have on the north korean issue . I would just say that the North Koreans are not waiting by the phone to have a negotiated settlement. That would be the first. The second is that from my perspective its the iranians looking at north korea and seeing their pathway to a Nuclear Weapon. The concern i have is there are many people who are suggesting we should stay in the iran deal that are the same people that are saying we can accept the threat from north korea right now and just deter them. I think thats the wrong message to iran. I think we have to when were looking at north korea, we have to make sure that we underscore that our policy is denuclearization so that the iranians dont see that in 20 years they have a path to a Nuclear Weapon. If i could make a comment on this, you know, we have this summer been surprised by the advancement of the missile and Nuclear Weapons threat from north korea. I think the next big surprise thats going to face us is iran because we have grossly underestimated the Iranian Nuclear threat. If one reads carefully the 2014 International AtomicEnergy Agency report, while they did not come to the conclusion, the iaea doesnt draw these conclusions but members are commissioned and former members of the reagan and Clinton Administration intelligence communities looked at that report, there are indicators, technological indicators that iran already has the bomb and that they may have had the bomb since before 2003. Before 2003 they were actually manufacturing bridge wire detonators, neutron initiators and they had conducted an implosion experiment. In the Manhattan Project during world war ii when the United States was at that technological phase we were three months from getting the atomic bomb. Now, these were things they were doing before 2003. Whats going on in those military facilities . Personally, i think theyve already got the bomb and that were going to be surprised just like we have been about north korea. Anyone else . Okay. Thank you. The gentleman yields. The chairman recognizes miss barragan. While im looking for my questions, i just want to do a quick followup to that. Ive read a lot of people whove opined on the iran deal and a lot of folks who did not support the deal are still coming out very publicly and saying even though this is not the best deal the manner in which the president wants to do it is not the way to do it, and that is a risk. Does anybody have any thoughts on the manner in which its being done, just having the ill just leave it at that. Id like to volunteer my opinion on this. I think the biggest risk is remaining in the deal. And i see it in the press. The defenders of the Iran Nuclear Deal describing it as that at least it has constrained the Nuclear Threat from iran. That it has contained the nuclear deal from iran. Thats not a fact. Theres no evidence it is contained. Theres plenty of evidence it hasnt contained the threat from iran and that we have basically deluded ourselves in this deal into thinking weve contained a threat that actually i just want to respectfully do you think the process in which the president is following is the right approach on this . I think anything yes or no. Yes. Anything that gets us out of that deal is going to be in the interests of our survival. Thank you. I want to go ahead and follow up on just in the last ten days between attack the press and the First Amendment and blaming Puerto Ricans for the disaster caused by Hurricane Maria the president tweeted the following in regards to north korea our country has been unsuccessfully dealing with north korea for 25 years, giving billions of dollars and getting nothing. Policy didnt work. Next tweet, president s and their administrations have been talking to north korea for 25 years. Agreements made and massive amounts of money paid. Hasnt worked. Agreements violated before the ink was dry, making fools of u. S. Negotiators. Sorry but only one thing will work. The president s next tweet. Just heard foreign minister of north korea speak at u. N. If he echoes thoughts of little rocket man, they wont be around much longer. And lastly, we cant allow this dictatorship to threaten our nation and our allies with unimaginable loss of life. He said at a meeting with top military officers. And finally, we will do what we must to prevent that from happening and it will be done if necessary, believe me. Mr. Greene, how would you characterize this administrations north korea strategy, and what are the implications of the president s diplomacy by tweet foreign policy, especially considering the rift between the president and his secretary of state, Rex Tillerson . So unfortunate so im the cyber expert here. Unfortunately, im not qualified to opine on the merits or lack thereof of a diplomatic approach. So i apologize. Im not capable of responding on that. Does anybody on the panel believe that the president s diplomacy by tweeting is the proper way to go . Its a yes or no. Yes. Okay. Mr. Ruggiero. I think thats tougher to answer via yes no. Theres a lot in there in terms of north korea policy. I think the president is right when he talks about diplomacy has not worked north korea. I think dont you think theres a threat of us getting into a nuclear war because because the president makes tweets to set off the other side . That was going to be my next point, which is essentially when youre talking about deterrence its important to telegraph to the other side what the consequence of an action will be. He think the u. S. And north korea have done that but on both sides its gone too far. I think the evidence of miscalculation can happen. Thank you. I have one more question, and its for mr. Greene can the gentle lady yield until we come back . Weve got a minute to vote. I apologize. But i want to adjourn the committee at this time. A recess correction. At this time. A vote has been called on the house floor. The committee will recess until 10 minutes after the last vote. Thank you all for your indulgence and your patience. The subcommittee on oversight and Management Efficiency will come to order. So the chair will now recognize himself for five minutes of questioning, and just be apprised were back to the fiveminute schedule since we dont have votes impending. Let me see if i can get my head here in the game quickly. Mr. Cilluffo, 6,000 hackers employed in china and Southeast Asia. I want to talk to you about that a little bit and the indicators in the intelligence prep of the battlefield just to set your mindframe. These hackers that are employed in china and Southeast Asia, and maybe i should also include mr. Greene because maybe this is some of the lazarus folks i dont know. But do we obviously, its a little tougher for us to track these people in china. Do we track them at all . If not china, Southeast Asia seems like it would be more opportune intelligence target for us. Do we track them . Do the countries, the host countries where theyre operating know that theyre there, such that we could impose a sanction or some kind of financial penalty or some kind of penalty on that host country that is hosting these individuals . Is that a possibility . Mr. Chairman, i think thats an excellent question. To clarify, the 6,000 is not exclusively those operating overseas. But a vast majority or many of them actually do. But i do think you raise a great question here, and thats finding levers and points of leverage we can have with other, including allies, by the way, where we can apply greater physical pressure in addition to cyber means. I mean, if you take if you look at a photo, a satellite photo of the koreas at night, south korea is lit up like a christmas tree. North koreas dark. So theres very little connectivity there. So obviously, when we look at some of our own capabilities and capacities, the retaliation in kind is going to have minimal effect and impact because they dont have a whole lot to take down. So when you start looking at these outposts that they do have, i think that we do have opportunities to apply new means of pressure and i do think that many of these countries are unwitting to some of these operatives. I think that is a path that should be pursued. And we should light them up. And what about the indicators . When you say essentially ipb and these are indicators when you talk about standalone, the broader campaign, and indicators, for instance, keeping with dr. Pry, if were to be, and i think we should be, rightly concerned about emp as a method, or any of the other things, but lets stick with emp, for example. Would there be specific indicators in cyber that would clue us in to impending testing, utilization, et cetera . I think dr. Pry rightfully framed the issue that at the end of day its not the modality, its the question or whether or not they get into the game. If they get into the game, theyll come in wholesale if they feel threatened. I think that the indicators are significant in terms of potential target selection. But im not necessarily sure there would be any specific to emp other than theyre going after the grid, so if theres one Critical Infrastructure that every other Critical Infrastructure is dependent upon, all the life line sectors, its electric. It is the grid. And they could come at that through cyber means or obviously catastrophically through emp attacks. I can see were going to go to round two. So im going to try to limit my comments here. But mr. Greene, im going to get you to hang on a little bit but i want to stick with mr. Cilluffo for continuity. You mentioned in your remarks the targeting of u. S. Energy companies. Have they done that . Do we have the indicators i mean, can we prove that at this point . Thats known information to us . This is now known information, yes. There have been actual reports put out by the information sharing and Analysis Centers for Industrial Control Systems and for the Energy Sector in particular. Theres a news report that just popped earlier this week, specifically about a particular Energy Company that was breached. And thats based on information that it was breached by the North Koreans . Allegedly, thats what the attempt is. So i think one thing to notify, to keep in mind, in addition to ipb, where it could signal targets, it could signal intentions, its also worth noting if you can exploit, you can also attack. In other words, if youre in the system, youre in the system. It all hinges around intentions and if theyve got a foothold in the system and their intention is to attack, they can also attack. Im going to yield and at this time ill recognize the gentleman from louisiana, mr. Higgins. Thank you, mr. Chairman. Dr. Pry, my questions will be addressed at you, sir, so that you can get your head wrapped around where im going with this. Im specifically going to be asking about north koreas Satellite Program and their socalled space program, and the kms4 satellite launch in february of this year. I read your entire testimony. Its fascinating, quite informative. You refer to massive intelligence failures, grossly underestimating north koreas longrange missile capabilities, the number of Nuclear Weapons, warhead miniaturization, the development of an hbomb, et cetera. Do you do you stand by that statement, sir . Absolutely, as does dr. Graham, thch moving on. In 2004 you stated that two russian generals, both emp experts, warned the Emp Commission the design for russias super emp warhead, capabile of generating high intensity emp fields, was transferred to north korea. Not long after that, in 2006, north Korea Nuclear tests indicated yields that were consistent with the size of a super emp weapon. The timing and indicators of that Illegal Nuclear test were reflective of the warnings as stated by the two russian experts. Is that correct . Yes, thats correct, sir. In a super emp weapon, according to your testimony, can be relatively small and lightweight and can fit inside north koreas kms3 or kms4 satellites. These two satellites, specifically im referring to kms4 because it was launched in this year, presently orbit the United States and over every other nation on earth through the southern polar trajectory. The south polar trajectory evades u. S. Ballistic missile Early Warning radars and National Missile defenses, which also resembles a russian secret weapon developed during the cold war, similar super emp weapon. Is that correct . Yes, thats correct. Two experts cited in your testimony stated similar concerns, one confirming that current Ballistic MissileDefense Systems are not arranged to defend against even a single icbm or satellite that approaches the United States from the south polar region. Another expert stated that north korea might use a satellite to carry a Small Nuclear warhead into orbit and then detonate it over the United States for an emp strike. Now, considering the fact that it appears that north korea has had access to a design for super emp warhead for over a decade now, according to the russian experts that were accurate in their predictions of north korean Nuclear Tests two years later and the indicators of that test, that would suggest that it was a detonation of a super emp device, would you would you concur that its possible or even probable that kms4 is currently super emp armed . Were very concerned about that. You know, we dont know if theyre Nuclear Armed or not, but we know kim jongun is a high risk player. And we think the threat is intolerable to pose an existential threat to our society that passes over the country several times a day and has recommended that the satellites be shot down over a broad ocean area, over the arctic region so just in case theyre salvage fused for emp, they would go off over an area that would limit the damage to humanity. Yes, were very concerned about that. Would you assess, sir, that the emp threat is significant enough, the existent emp threat, specifically with regards to kms4, would you assess that threat is significant enough to warrant legislation out of this body as suggested to this subcommittee, mandating the hardening of our grid and the shielding of our grid as you mentioned earlier in your testimony . Well, absolutely. Sir, even before the North Koreans launched these satellites back in 2008, that was the recommendation of the Emp Commission because we feared exactly this kind of development. There are two satellites currently on orbit. One launched in 2012. They may launch them in the future. What they appear to be trying to do is create a constellation so they will in the near term always have a satellite in close proximity to north america. If we dont act to defend ourselves and or take out those satellites, eventually, well be in a situation where we cant easily take the satellites out without the United States being at risk. Thank you for your testimony. Mr. Chairman, thank you for indulging my time. I yield back. The chairman thanks the gentleman. Deviates from protocol and in the interests of time recognizes the Ranking Member mr. Correa for the beginning of the second round. Thank you. Question, mr. Greene. In terms of north korean cyber attack motivation, undermining the u. S. , do you think whats higher probability, them going after our Critical Infrastructure or stealing intellectual property from us . So with the Lazarus Group, which has been linked by the fbi to north korea, its hard to say because they have not shown any limitation in what theyre willing to do. They have gone after Critical Infrastructure. They have gone after financial. They have gone after intellectual property. The recent report that mr. Cilluffo talked about is concerning because it shows this probing of the battlefield initial effort to get their way into electric systems. And we had a report not lazarus, a different actor just a couple weeks ago, about compromises of control systems at energy facilities. Previously, we had seen this actor working on the back end Management Systems and two years after that, they moved on to control systems. So there clearly is an effort. The group that was reported publicly this week has been consistent with the Lazarus Group. So to see them moving into the electric grid and have public reporting on it suggests to me a renewed interest there, which is worrisome, and depending upon what outcome they want, youre going to get a better geopolitical outcome by going after the grid than after an intellectual property. Following up on that train of thought, if you go after sony, if you go after Bank Accounts, you may be doing it out of a hotel room in japan or maybe somewhere in china. Or now based on the fact that russian stateowned company transtelecom is now working with north korea, i mean, you could have those kinds of thefts directly and indirectly. Theyre kind of vague in terms of who did it and where the smoking gun is. But after you go after our power grid and you shut it down, thats a little more direct of an attack. Thats kind of a declaration here. If youre trying to track back technically looking at whos doing it, its going to be the same technical means to see where the attack is coming from. You rarely see the last hop to an attack actually come from the bad actors computer. Theyre going to compromise someone elses computer. A lot of the attacks that happen in the u. S. That are based from overseas, the attacking computer is actually in the u. S. But its compromised, its a bot. From that standpoint it could come from anywhere. In terms of the motivations, we have seen the Lazarus Group over the past couple years focus on financial gain that has coincided with when the sanctions have gotten worse. The ransomware, wanna cry, there was some speculation if they really wanted to get money out of wanna cry. Theres been a fairly robust debate in the media circles that i spend my days in. But what we saw in wanna cry it was originally miscoded to collect ransom. Within i believe it was 13 hours they released a new version when they realized they werent correcting ransom collecting ransom. That suggests to me that was actually an effort to get money and again, that coincides with the increase in the sanctions. Same thing with the Bangladesh Bank and polish bank heist. Theres been an uptick in the effort to get money. At the same time, that was soon after the sony attack. I guess what im saying perhaps inartfully is that this group works on multiple different attacks. Multiple different goals. Let me put down the question and ask you, you have seen those coordinated attacks coming. Has our response worldwide been a coordinated offense like it was when we got the ransomware where most of the world reacted very quickly . Do we have that kind of coordinated response to north korea . Are they part of that, you know, folks that were looking at to make sure they dont surprise us with these kinds of attacks . With respect to their main actor, Lazarus Group, yeah, theres pretty good coordination, Public Private partnership. The wanna cry response was probably the best Public Private partnership we have ever seen. We were on the phone with dhs and the white house friday night throughout the weekend connecting up our experts. They were sending us indicators of compromise for analysis. We were sending them back. Theres a growing ability to coordinate in Cyber Response that is kind of like the snowball going down the hill over the last i would imagine the key to the coordinated Cyber Response is time. You have to do it almost instantly, in split seconds. When i first heard reports of wanna cry, i confirmed this was real. I shot out a couple emails to the white house, to dhs, and i got almost immediate responses. We were talking in a matter of minutes. The concern i would have is still somewhat relationship based. We need to have that happening not because these are folks i know and they know me. There has to be something more structured in place. Thank you. Mr. Chair . The chair thanks the gentleman. Im going to start the second round, which looks like its going to be me. Are you leaving . Youve got to go . No comment. All right. So it will just be us. Well have a good time together. Let me start with mr. Cilluffo and finish where we were heading there. The targeting of the United StatesEnergy Companies and indicators. Do you know whether we, the federal government, Homeland Security and related agencies, are aware of the indicators and are monitoring the indicators and are monitoring the indicato indicators, developing that intelligence so to speak . You know, in germany terms, mr. Chairman, they are. And we recently, the federal government recently stood up ctic, the counterterrorism the cyber threat integration and Intelligence Center under the office of the director of national intelligence, which is meant to provide the Situational Awareness of all the overseas intelligence we may have and combining that with what we may have domestically. Who is collecting domestically . Fbi would have different indicators. But the private sector. Theyre the owners and operators. Theyre the ones with better insights into their own Critical Infrastructure, into their data, and into particular breaches. So it really is, we talk Public Private partnerships and i have said long on nouns, short on verbs. We have been talking about it forever, admiring the problem, but we are starting to see genuine solution sets there. And i think this gets to the bigger set of questions. I mean, at the end of the day, the private sector is on the front lines of this battle, and very few Companies Went into business thinking they had to defend themselves against foreign militaries or foreign Intelligence Services. Its an unlevel playing field. How can the federal government provide information, but on the flip side, the private sector provide some of the solution sets, too. Its in where the two come together that the magic is. Do you have do you have recommendations in that regard, regarding a governmental for the homeland in particular, understanding that the Intelligence Services may be handling foreign threats, but threats in the homeland, im a little uncomfortable, quite honestly, feel like were laid a little bare, just counting on the private sector, which with all due respect, theyre focused on their business and trying to make a living, right . Absolutely. This isnt supposed to be their primary focus, but it seems like it should be one of ours. I think you should have a specific tiger team set up to deal with the dprk with the north korean threat in particular. We talk about cyber and cyber deterrence. You dont deter cyber. You deter actors from engaging in certain activity whether Nuclear Cyber or otherwise. I do think there is an opportunity to build a team here specifically. Theres nothing currently you know of. I may be unaware. Hopefully there is some activity inside the federal government. But is it as whole and wholesome as it needs to be . Probably not. Okay. Fair enough. All right, is part of your name because i noticed mr. Correa kept some of it silent. Please tell me how you pronounce your name. I want to get it right. Ruggiero. Ruggiero. Thank you. So you talked about the Department Must be publishing a vessel list regarding north korea. Saying we think they have 40, but youre saying its up to 140. It seems to me a bit odd, so it might be out of place, and you can walk me through it, is this the department of homelands responsibility . Should it be their responsibility . And under what kind of authority, i guess. Then i want to talk to you about the 180day grace period regarding sanctions. Im not sure i understand that fully. If you could elaborate on those two things. Sure, in the sanctions law that was signed by the president i believe in august, there are some authorities for the department of Homeland Security, probably would have to work with the Treasury Department in terms of vessel lists. The issue with north korea now is its easy to identify vessels that have the north korea flag or the ones that visit north korea. But they are very good at deceptive practices in the commercial and financial sphere, where they use chinese and hong kong and other front companies, and we believe that that is some of what theyre doing in the shipping sector, which makes it harder. So thats where that delta comes from. Thats why we use the phrase, at least. There are other lists that are much higher than that. And so i think, you know, this is an area where my experience comes on the iran side, where we targeted irans shipping sector and it was very successful. Thats an area now that were not doing enough on north korea. I think Homeland Security could help with that. They have some authorities that could be used. I think Treasury Department, state department, and the point on tiger team, we dont see that in the u. S. Government sort of going at sanctions in this way. So i think theres some focus on it, but we need to have more. Okay, and the 180 days . Theres a prohibition or a restriction regarding the sanctions regime . Thats the requirement. When the Homeland Department of Homeland Security has to make some of these judgments in the law. The point i was making is, you can do it earlier than 180 days. Okay. Do we know, and keeping with you, sir, do we know, you mentioned in your testimony the sale of Nuclear Materials, and i dont know if were talking about equipment, et cetera, and also chemical. Do you have any examples of those that we need to be aware of that were maybe not aware of, at least on the committee . In terms of nuclear, the biggest case was in 2007, when israel destroyed a Nuclear Reactor in syria. Theres been, you know, rumors that north korea exchanged Nuclear Material with libya. In that same timeframe. On the chemical weapons side, i detail in my briefly in my testimony about the syria connections, which are not linked to the more recent ones, but talking about chemical weapons, suits and other items. These are relationships that are very strong between syria and north korea. At least theres a documented history, maybe its not updated or maybe its not current from a known fact standpoint, but that might just be because we dont know yet. We havent found out. Given my experience is that, as i said, north korea will sell anything to anyone who is willing to pay. And you know, there was a time where we thought that nuclear was a line they were not willing to cross. And they proved that they were willing to do that. Okay. Excuse me just one moment. [ inaudible ] okay. Mr. Terrell, i know youve been youre almost exhausted with your participation here. Blister and nerve agents, and i think the world, at least i do, fundamentally believe that vx was used on kim jonguns half brother in malaysia. And you know, i have a little bit of military experience as well. My chief of staff is a chemical officer. And with that, those eventualities were very concerning to anybody who knows what theyre seeing there. Maybe first, let me ask you this. I dont know what your background is, but i want to get for the record and hear from you folks. Conventional artillery. Conventional. We have assessed the North Koreans have as many as 10,000 conventional tubes pointed at the 25 Million People living in seoul, 60 plus or minus miles away, right . And that is and nerve and blister agent or chemical agents are deliverable by conventional artillery, are they not . Yes, sir, they are deliverable by conventional artillery, rockets, and shortrange Ballistic Missiles. Do you know, and can you comment on whether conventional artillery, rockets, missiles, et cetera, all require electronics or electricity to operate . Not all of their tube artillery would. Right, so thats just pulling the lanyard, right . Its down range. So thats a concern there. And they have sufficient stockpiles according to your testimony. Or at least what i read and you didnt dispute. South korean minister of defense estimates between 2500 and 5,000 metric tons. Right, so thats certainly enough for a first round exchange, right . What about deliverable from for a long distance. You mentioned rocket or Ballistic Missiles. This is literally something, lets take vx, deliverable by Ballistic Missile over a Large Population or large area . They could deliver vx or mustard blister agent by scuds. Most likely targets for those would be places like pusan, look at stopping force flow into the theater. But were not talking about in your opinion, were not talking about those being used against the homeland by icbm, no. Not the United States or United States territories. At least from that delivery system, right . If they chose to package that up, put it on a ship, put it on a plane, somehow deliver it to the west and use some other methodology, vx is a credibly pervasive it only takes a little bit to go a long way. They could use that if they so desired in some kind of attack in the homeland or somewhere, one of our territories or one of our significant allies, right . Correct, yes. Okay. Mr. Greene, back to this Lazarus Group. Do you know how they were identified, and do we track them . How do we know do they identify themselves . Do they claim responsibility for certain things . Whats the story on these folks . They dont claim responsibility. What we do is we see hundreds of attacks, thousands of attacks every day. We classify them. We analyze them, and are able to compare snippets of code, techniques, code obfuscation, ip addresses. Different techniques and able to Group Certain attacks. Based on that, the first grouping im aware of is 2009. They were reported as being behind some service attacks. So moving forward from that, moving forward from that what we see is code reuse or other techniques and tools that are reused. Thats how you identify them. Correct. Do they call themselves the Lazarus Group or is that our common terminology to describe them . Thats our name and there are other names for the same group. For us, thats a large group that encompasses eventually all of the activity attributed to north korea. Because youre attributing that those actions to different techniques and the markers that you already discussed, we dont know them by name, individual persons, or locations, or can we glean that at some point from the work that theyre doing . Its getting harder. Oftentimes, you can determine back to a location. We can often find with some high level of confidence a city or even a time zone where something is coming from. But thats through a variety of means. Sometimes we can tell, they leave time stamps when they compile code. They work 9 00 to 5 00. A certain time zone may take holidays off. They have gotten better at hiding that. What we as a Technology Company have a hard time doing is seeing who is sitting behind the computer. We may know theyre in a particular Eastern European country, but what you see is an overlap, sometimes you have criminals working. Sometimes criminals will work for the government. Sometimes government workers will moonlight as criminals at night. Sometimes you have these socalled hacktivist groups that will work for the government. We leave that last mile of attribution from intent, not something we can peer into. Are these countries typically these are probably countries, i dont know, are they typically countries that are not necessarily openly hostile to the United States but not necessarily welcoming as allies in the fight against terrorism . Or otherwise . Can you characterize that either way . With the Lazarus Group, i would have to go back. I can get back to you. Im not sure how well we have defined the actual origination point of the attacks or the code. We are grouping them, were relying, as i said, on the u. S. Government to tell us this is a north korean actor. We can tell with a high level of certainty that a number of attacks are the same. For instance, when wanna cry came out, we knew it was relatively quick, we had a high level of confidence this was lazarus. We didnt know that it necessarily came from north korea, but we knew this was the same actors for a bunch of different reasons. And that became more certain over time. So i dont know, and i can get back to you, that we can tell you specifically. And actually, im quite confident, lazarus, no one really knows who patient was with the bad outbreak of lazarus. That hasnt been resolved yet, but thats one that spread autonomously on its own. Youre a private entity and you record your findings and work with the federal government and various agencies whether its intelligence agencies or otherwise, regarding your findings, but you dont know if they go the last mile or not or do they ever report that to you . Do you ever get feedback regarding your inputs to know that they were ever resolved or how does that work . Split that in two. With respect to attribution to a nation state, very rarely i can think that we didnt find out by picking up the paper, looking online and seeing the government has attributed x to y country. We do get feedback on the quality of work we do and the assistance we have provided, going back to wanna cry because its fresh in my mind, we got a lot of quick feedback from the government saying this was helpful. What do you think about that . That was uk also. Working with other countries as well. We is a give and take on the technical level. And we were sharing our thoughts on where we thought it was coming from in terms of a connection to lazarus. We didnt get a, youre right, we agree with you on that. We just pass that part along. And you dont know whether treasury or any other federal Government Agency has pursued these individuals for prosecution or the host countries for notification apprehension or investigation . You dont know any of that, do you . Not with lazarus. With other groups, they have indicted chinese hackers, iranian hackers. Extradited some from i believe ukraine, maybe bulgaria. We know of some actions and have assisted in some Law Enforcement actions, but with respect to lazarus, dont know anything. Okay. We might ask you to comment further off the record in an effort to determine what can be done from your viewpoint. Its one thing to identify them. Right . But theres in my mind, theres really, i mean obviously, theres a reason to identify them, but if you skip the next series of steps where you go get them or deter them through the host country that may even they might be victims as well, right . But if we know and we dont take the next steps, i mean, thats pretty foolhardy. We have spent the energy and the time and the money, and then were moving on to the next threat, right, which is coming momentarily. From our perspective as a Company Looking to protect ourselves, our customers, were more focused on the how than the who. The who sometimes informs us. Theres one thing you might find interesting. There was a group of Security Companies who got together a couple years ago for something we called operation blockbuster, which was a joint effort to go after lazarus, to try to degrade their efforts. Sharing a lot of telemetry across different companies. Thats the kind of thing going to what mr. Cilluffo was talking about, you see a lot of Security Companies were competitors but we also were all working toward the same end. With some degree of success. It is the proverbial marathon, not the sprint. Sure. And while you may be looking more at methodology than the the what as opposed to the who, i think the federal government has to be looking at both and were glad youre looking at and your expertise might be in the what but we have to i think be interested in the who. You cant be, right . Youre not a Law Enforcement agency. But the federal government is. Okay. Dr. Pryor. Why did i write louisiana projects on my notepad . Oh, probably because thats a project that the Emp Commission launched in cooperation with the department of Homeland Security to develop a plan to protect the to develop a plan to protect the Louisiana Electric grid. Captioning performed by vitac have to keep studying the problem for years and years, that we know how to protect the grid now. We can do it now, do it in a Cost Effective way, and the people of louisiana actually, theyre the ones who took the initiative through their Louisiana Public service commission, to act secretary kelly, who was then the secretary of Homeland Security to help them come up with a plan to protect the Louisiana Electric grid, and dhs is currently doing that. Its already done some good work. What we want to end up with is a detailed blueprint that they could actually implement in a Cost Effective way that will prove to those who disagree with Emp Commission that we can do the job now. We can do it with the current technology, and it can be done Cost Effectively. And we dont have a detailed blueprint at this time . Not yet. Whats it going to take to complete it . Its going to take some time, for one thing. Right now, dhs, the people who would normally be working on the plan are helping out in puerto rico right now, so that delayed it. Okay, but it will take, once they are over that and they can focus on this plan, it will take three to four months and dhs has been putting 300k into it, it would have been good to have another 170,000. The Emp Commission was going to kick that in, but now were out of business so we werent able to do that. For less than it could probably be done for the 300k. You said its a matter of months. Understanding and agreeing that we get past the situation, the disaster in puerto rico and getting those folks back in power, et cetera. About a month there. And less than 200,000 or Something Like that. Why is the Emp Commission out of business . Well, we were scheduled legislatively, thats a good question. And complicated one. Under our charter, commissions typically last about 18 months. All right. And so we reached the end of our life. And nobody asked the commission to be extended. The department of defense didnt, the department of Homeland Security didnt. You know. Does that take legislative action as far as you know or something that can be done from a regulatory side . It would take legislative action to continue the Emp Commission or it could be done by the chair i think the chairman of the committee, for example, chairman johnson asked about the power of the chairman of the committee to basically continue or establish a commission. He wouldnt be able to pay for it on his own. He would have to have the cooperation of the chairman of the Senate Appropriations committee if it was to be appointed. However, i could tell you, Emp Commission has been working for 17 years pro bono. Commissioners do not get paid. I havent been mostly paid, so you know, were used to working for nothing. Okay. I, like mr. Higgins, am concerned i didnt realize ms. Jackson lee is here, so im going to suspend my questions. Im going to come back to you, dr. Pry. But im going to recognize ms. Jackson lee for her questions. Mr. Chairman, thank you very much. And to the witnesses, thank you for yielding to me. This is a very important discussion. I wish i could spend the time that the chairman has now spent, but i know that well have a very extensive record and appreciate you for that. Let me just go directly to mr. Greene and pursue recent reports about north koreas capacity for attacking the grid. We understand, those of us who have been on the committee, i chaired the Transportation Infrastructure Committee and cybersecurity. I have seen all the nuances of Homeland Security and National Security. And we now have a new hurdle, and i think one of the most difficult and challenging parts of the hurdle is that 85 plus of our Critical Infrastructure is in the hands of the private sector. So what capacity does north korea have in the attack on the Critical Infrastructure . What would be their inclination . What i suspect they would say, let me drop my other options and this looks like this is either more fun or more devastating or far reaching impact or i can readily see how the impact is. What is your assessment on that, and whats your assessment on our protection against it, and whats your assessment on our steps to address Something Like that . So i would say the reports that came out in the past week have been about really the first steps of an operation to implicate the grid and the reports that i saw were by the group that we call lazarus, spearfishing emails, attempts to get a bridge head on control systems, im sorry, any systems these energy facilities, most reports have said they have been unsuccessful, but cyber can be like seeing one bug in your house, where theres one, theres usually a lot that you cant see. So that suggests to me theres a lot of other activity going on. Cyber is one of those things where you really are subject to the weakest link theory. Eventually, theyre going to find a way onto some system. That goes also to your question about the preparation of the grid generally. There are a lot of companies that have taken significant steps in recent years. Nerk did take a long time to get regulations out, but theyre being followed. But the problem is you do have over 300,000 different utilities and you dont need to compromise the biggest to have some kind of impact. In terms of whether theyre there yet, i havent seen evidence to sunl they have actually gotten onto the control systems. We have seen that with other different actors, but not yet with lazarus. Doesnt mean theyre not trying. One thing that may be in our favor is 6,000 sounds like a big number of cyber warriors, so to speak, but it is not as big as some other countries, and control system knowledge, the ability to compromise control systems is fairly specialized. I dont know yea or nay whether they have that. Very will could be trying to develop that, but there are a lot of hurdles they have to go through. As with the progress we have seen with nuclear and elsewhere, its not going to stop them from trying. I hope i answered the breadth of your questions. Do you think were a year away, months away, years away in terms of their capacity to hack a very, very Vital Network here in the United States . We are sophisticated. We are dependent on technology. Our power grid is in varying states of repair or disrepair. And our technology is questi questionable in light of the private sector ownership as to whether the sufficient nlt firewalls are there. You mentioned the concept of breaching someones, i call it the technological wall, in that there is that kind of activity going on. Where do we need to be in terms of the government . I believe we should not be in a voluntary mode of getting the private sector to be required to document that their systems are secure. We dont have a requirement of secure documentation. And to take down our grid is weaponry. So how far away are they from that . I dont know the specifics of their capabilities, but i can draw an analogy to this group, the dragonfly group, even extremely sophisticated. We saw them take about two years to go from Management Systems back end systems to control systems. We detected them on those systems earlier this year. So depending upon the level of experti expertise, it could take them, it also depends on luck. They find the right vulnerable system and the right human frailty, they could get on sooner. Just being on the system wouldnt be enough. You have to have a certain amount of knowledge of the energy grid, but one thing we have seen lazarus to be quite good at is the reconnaissance element of the operation. I suspect what we saw reported earlier this week is the proverbial tip of the iceberg of the efforts going on. You believe there is a will and theyre making a way, meaning they will be interested in doing this. This would be one of the elements they would find attractive in terms of attack on the United States or any other country that theyre at odds with . Yeah, and i think theyre not alone in that. There are other major likely nation state actors looking to get on the beachhead onto the systems. The question becomes at that point, we talked about the intent and understanding of the implications of doing it. With respect to dragonfly, we have reported that there are no technical limitations left for them to be able to cause impacts, Significant Impact to energy operators. The bridge they would have to cross is a willinginize to do it, understanding the implications to themselves and their own economies and potential retaliation. You think russia would have any collaboration on this since they would engage with power attacks in ukraine . I just dont have any knowledge on that. Im sorry. Mr. Chairman, would you yield me a few more minutes . Appreciate it. Madam. Thank you. I see a head going on, dr dr. Sulafo. Do i have it almost right . Close enough. I have been called much worse. To read it from this distance. This is something that i think im beginning to believe that there are some elements of business choices and the respect we have for the capitalistic system that requires our very keen study and one of them is the infrastructure of cyber thats in the private sector and what firewalls that have an overwhelming impact. So i yield to you and i want to go to mr. Terrell on another matter. Ms. Jackson lee, thank you for the question. I think you raise an important point here. Firstly, not all Critical Infrastructure is equally critical. When you get to the most critical, those that affect our so hp called lifeline sectors that affect public safety, National Security, and economic security, the grid is top of the list. I dont care how robust Everything Else is, if you dont have power, its kind of futile. There you are. So yes, they are a unique set of entities. On the russia side, what they demonstrated boat in 2015 and 2016, a rubeicon was crossed in that case. We all thought woulda, shoulda, coulda, those were threats, but in this case, they intended to signal a capability because they followed up the disruptive attacks with a denial of service attack. Basically an in your face, haha, we got you response to the first attack. The reason i jumped into this fray was because obviously, north korea is dependent upon china for much of its support and the like. But youre slowly starting to see russia fill that breach. In fact, there was a Russian Company that just moved in to provide Internet Access service to north korea since the chinese capabilities have been minimized. They have back end capabilitiec, so i do think youve got a bigger set of issues here. There is quite a bit of chatter that russia has been supporting and working, whether the state or whether through its proxies, organized crime, hard to discern whos behind the clicketyclack of the keyboard, but there is a lot of interest there. And this comes to a point, mr. Chairman, you brought up earlier. One of the most vexing challenges is that you are there are digital safe havens. A vast majority of these bad actors are playing in china and russia. And we have we lack extradition treaties with both of these countries. And the reality is that we have to get more and more creative to be able to extradite them when we go to countries that the u. S. Does have cooperative relationships. This issue, as complex as it is, the cyber issue cant be seen in isolation of all of these other matters because it really is about the safe havens and russia and china are there. I think russia is filling the breach that china has been abrogating in north korea. Well, hes given me, i can look in his direction because his gavel might be moving. Im going to take the time, im glad he had this hearing. I think you should give us maybe in writing our marching orders, and dont think im asking you to be presumption. You said safe havens. I would like five points for the record, if you have five points you can say quickly, the safe havens. Im concerned about the vastness of the private sector in these critical areas you talked about, and the firewall that we have, its in the private sector. We have voluntary, if you call us, we can come. What more can we do that strengthens their protection if in fact their own internal systems are not where they need to be . Because this is National Security issues with another country hacks x, y, z dealing with the power grid or hospitals or research. Its very important. Is that a qfr, a question for me to follow up on or give me one because im going to go to the professor. So this is not its not to punt the issue, but quite honestly, i dont think were ever going to firewall our way out of this problem. By that, i mean the initiative remains with the attacker, so if you think of it in the traditional red blue military kind of environment, we have to shape the environment so its in our best interest. So its not to abrogate all the cybersecurity responsibilities, but the initiative will always be with the attacker. The attack surface is growing exponentially. Every day, it grows and security still tends to be an afterthought when we think of the internet of things and the Network Devices that are coming onboard, were never going to simply be egg to firewall our way out of this problem. I feel the private sector has been given an unfair theyre defending against nation states. So we have to we have to level that playing field. And without going into a totally different direction, i think we need to be a little more proactive in shaping the environment so its in our best interest. Thank you. I just need to be pursued along other lines. I have probably a different view, but i thank you for that view. And the safe havens is something we need to ascertain. I want to get to the question of north koreas danger to the homeland. And maybe get you to first of all, let me say that i am a proponent of the nonnuclear agreement with iran, and you might offer to comment on the idea of first of all, that doesnt mean that you do not look at the compliance and other elements that may need to be of concern. That is not a blanket. That is a vigilance on the other elements of irans terrorism propping up assad and other things. When you look to the agreement, you have to look to the four corners of it, whether or not there is compliance, whether theres access, and all of those at this point have not been negated. But i think the point that i want to raise is if you can ascertain, if you said it, please forgive me, but i would like to hear it, where north korea is right now in their capacity, and i dont want the news articles. They can get to alaska or here, whatever. Their head of government chooses to say on any given day. But your ascertaining his, where he is, where the country is and the likelihood of his efforts, if you will. That would be helpful. Yes, maam. With respect to a difference between iran and north korea, quickly, we have to deal with every country and every threat in the unique situation that that threat exists in. So iran doesnt match perfectly to north korea. North korea doesnt match perfectly to russia. So approaching each one tailored to that threat is important. So where north korea sits with their willingness and ability to attack the homeland today using nuclear or chemical weapons, you know, the nuclear program, he has an ability to employ Nuclear Weapons today. Its a matter of where can he employ them and when and why would he employ them. So in understanding north korean rationale, theyre an extremely rational actor. From their perspective. They do things that are in their national interests. In solidifying his security as the head of state, in solidifying his security within the region. And he has a population surrounding him that almost nobody remembers a time when the kim family was not in charge. For 67 years, they have all been told, everything that is wrong in north korea is the americans fault. So when pushed into a corner, he will have reason from his perspective, he can create a rationality to attack. He if he feels he needs to. Hes going to try to deter us because he still has two operational regional objectives to try to accomplish. The family has always said, unification of the Korean Peninsula is important. So can he do that in such a way where he can keep the United States from not supporting the republic of korea and not supporting japan . And keep japan out of a war. And can he do this either or if he cant reunify initially, can he reach an actual peace treaty on the peninsula that solidifies his position, because in solidifying his position with just a peace treaty can say i have finished what my grandfather started. And he sets himself up for longterm control in north korea. Which is why a Global Campaign pressure or Pressure Campaign that cuts off funding from the outside, cuts off support, weakens that position. So the challenge becomes, can he attack us . Yes. Can he attack us effectively yet . Hes almost there. And the North Koreans have also demonstrated theyre not nearly as interested in the actual precision that we may be interested in. If he can attack seattle, does he care if he can attack directly at and hit directly on top of the space needle . No. But if he can hit seattle, he can hit seattle. If he can hit the United States, he can hit the United States. So his threshold of use will probably may be lower than us. His threshold of accuracy will be lower than ours. So were not we may not be there tonight. We may be there next week. Or we may be there next month, but were at the point where hes going to have the ability to attack the United States and with an intention of killing americans. You know, just hurting us a little bit isnt as important to him as it is killing us. In north korea, they remember, the u. S. Bombing campaign during the korean war was theres two bricks stacked on top of each other, United States is going to destroy those two bricks. Theyre going to want to inflict as much damage as they possibly can if they attack. Will the gentle lady yield . I have a hard stop. I would be happy to yield. Mr. Chairman, could he be allowed to say the one action to stop that . I would be happy toyearold. What is our action . Other agreements being abandoned . We dont have an opportunity at diplomacy, but go right ahead. You know, the overall means of dealing with north korea today, were at this point where we have to continue the Pressure Campaign, we have to demonstrate our resolve, and we have to be able to talk to them. And it may not actually end up being a negotiated solution, but over the entire course of the cold war in deterrence with russia, we talked to the russians. We talked to the soviets. They understood our message. We understood their message. We have to have those means of being able to talk to the North Koreans. So we can have an effective deterrent while we get to a solution that hopefully does not include going to war. The chair thanks the gentle lady. Dr. Pry, i want to finish up with you if i could. I, too, like mr. Higgins am concerned and interested in the satellite array and the capabilities therewith that north korea has. Can they potentially launch an emp device from one of those satellites . And is it something thats launched from the satellite . Does the satellite come out of orbit . Does the satellite deploy something . House does that work . Were concerned because the satellites, the orbit, the trajectory, the purpose of this resembles this secret women the soviets came up with in the cold war. And basically, the satellite has a Nuclear Weapon inside of it. And you orbit the satellite so its at the optimum altitude already for putting an emp youre saying its currently there now . Yes, it is, and it passes over us several times a day at that place. All you have to do is det nade it when it arrives. Because we dont have Ballistic MissileEarly Warning radars facing south, were blind defenseless from that direction, which is why its on a south polar orbit. Now they have two of them there. I find it we might have actually seen a dry run of a north korean total Information Warfare operation back during the 2013 Nuclear Crisis we had with north korea after the Third Nuclear test. You know, that was on april 16th, 2013. You know, it coincided with lots of cyber activity attacks from north korea, but that was the day of the metcalf transformer shooting. Okay, we dont know who did that, but when the people who train the u. S. Navy s. E. A. L. S went in there, they thought it was a nation state operation. This was done the way the s. E. A. L. S would have done it in terms of all the techniques. And on that very day is the day the kms2 passed over washington, d. C. And new york city. You had events that threatened the western grid and the eastern grid simultaneously on that day. We dont know if it was north korea that did metcalf, but for sure, that was their satellite passing over washington, d. C. And the new york city corridor. So the two satellites they have right now, they apparently one at least passes over new york city, the east coast, new york city, washington, d. C. , and the other one . Well, they actually they pass every time they do an orbit, do an orbit they pass another 90 miles to the east so there are times i see. When its right over to center of the United States and passes over the eastern and times that are potentially none. Yes. But your testimony indicates they would like to fill the array so theres ever one present. Right. It used to be that basically would have to wait 90 minutes. All right. Now its ha 45 minutes. And we dont know whats in the satellite. We dont. According to the North Koreans official position its an earth observation satellite for peaceful purposes, but then kim jongun and north korean press have actually included it in their descriptions as part of their nuclear deterrent, and there are quotations from them to that effect. Wn