The electrical grid is under attack and then the power sector is all too familiar with the devastation storms like Hurricane Sandy can leave behind and the physical attacks like the 2013 incident and the sub cap station in california. 2013 incident in the substation in california. Thankfully in the cases of storms and physical attacks, the sector has strong plans in place and the systems to restore the power quickly and to avoid the loss of life and property. I am concerned about a cyber attack. Are there similar plans in place for the industry and for the state and local government . Will those provide the same types of protection . Most recently i have been discussing this topic with those in my district asking what they will do in their communities if the power is out for a long period of time. Honestly, most of them do not know because we dont know what to plan for. We have brought together the right people here to tell us today. We are also going to discuss what preparedness looks like and the best practices and how to achieve the level of readiness all the way down to the local majors and townships. I am encouraging to hear the talk about an all hazards approach and focusing on the greatest risks, but i think that there are characteristics of the threat that requires specific planning guidelines. I know we cannot gold plate the system but given the daily lives, its crucial that we understand the risks and be prepared for the likely consequences possible from the failure of that system. I look forward to this conversation today and starting with the witnesses, and i thank you all for being here. Mr. Defazio thank you. You certainly laid it out all against the critical and electrical grid. We know that theres probing and being done by the states and in the just terror groups to the u. S. And we need to be certain that we are as prepared that we can be. The ukraine attack was a harbor of things to come. I think that it can cover the cyber attack area. The issue of probably most immediate concerns for us that live in the northwestern United States is the threat of a cascade abduction of a quake of nine or nine plus. That will knock you out our, so knockout our grid, so there are going to be exercises conducted. Two exercises this year with the cooperation of the Homeland Security and all of the local and state authorities in the region to simulate what would be possible in face of that sort of a disaster. Many of the problems that could occur will be the same. The loss of transformers is particularly a concern, and im going to be probing the witnesses today. Theres a question if the federal government should be stockpiling since theyre Custom Orders and take six to 18 months. What if we lose a dozen large critical transformers because of a cyber attack . It seems to me a no brainer that we should either through the governmental sources or through cooperation with the industry be creating an industry here in the United States to deal with any and all sorts of potential attacks and coordinate a physical and cyber attack that could of course be the most devastating outside of a massive earthquake, sonali earthquake, tsunami and again many of the same issues arise and then one that does not get talked about very much but we held a series on it and then called the committee over the nuclear power. There is the potential for a bomb in place. Thats a nuclear plant. If you destroy the back of system and take over the plant, you create a melt down. How good is the security at our Nuclear Plants these days . I know that this hearing is not going to get to that topic. I am not sure that its in the jurisdiction, but its a concern to me and i just wanted to raise that issue. Like aviation and electricity and the grid, and Nuclear Plants theyre of interest to the terror groups and i am pleased that youre holding this hearing today. We have two administrators on the panel. Assistant secretary haufman from the office of electricity, delivery and ability. This is those facilitating the recovery from disruption and emergency and the energy supply. Assistant secretary for the protection from the department of Homeland Security, and mr. Richard campbell and expert at the Congressional Research service and the electric power sector. On the second panel its the president and ceo of the Liability Corporation and those who the mission is to insure the system in north america and mr. Mr. William spence the ceo and the corporation and one of the largest and the Utility Companies and then bobby kill , a nonprofiter organization in northeastern pennsylvania. I asked for the full statement be including in the record without the objection so ordered. Since its made part of the order, you ask that you limit the oral testimony to five minutes. Starting with the first panel. Administrator fugate and you may proceed. Gate mr. Fugate thank you. I want the to address the question of what they need to plan for. Based on the other experiences causes hazards this can be you are measured in weeks. Again with cyber we have seen restoration. If theres not physical damage and you do have it for transformers that will extend it. We do know that its important that in the initial response that you provide the safety and security. When lights are out, power is out. We have had major metropolitan areas go with this. We have had people trapped the elevators and that may mean to go out and wait for problems and not wait for the call of 911. The next steps are again as the members point out and all hazards. You have to provide the needs and hopefully the Critical Infrastructure has power and emergency you power. Emergency power. You have to fuel supply that you need. We have found in many cases that communities have not planned for that. Either they dont have critical equipment on the back up power or fuel supply. They only have enough to run the weekly and monthly test but not for a crisis. Generators are expensive and in my other cases there are options. The idea is what are the things required to keep the community up and running until the power can be restored and the lifeline . Water treatment and hospitals and communication and the 911 and other facilities. They usually have them but they have to be planned. Not just during the monthly test. As you pointed out mr. Chairman, it starts to drive other issues. As we saw the longer that you have them, the longer that you have the affects and not getting to Retail Stores and others and gasoline distribution and as they start to get back to normal, theyre all challenges. So the planning is based on the safety, keeping the life systems up, focuses on the restoration of the grid and the reality that the areas are going to be last to get the power because youre going to try to get the Retail Sectors and Major Centers up first. The industry has shown a lot of capable of doing the structures. We think that it would apply for cyber. Cyber has a lot of unknown. I will differ to my experts to my left on what they are and the potential threats and how likely they are. You said how big is by . How big is big . Well, we look at things and thats jail to the storms. Because of the way that its built and the transformers. We have developed what we would do and the satellites and systems. We are working currently now with the lessons of the previous Power Outages on the annex to add to the natural response frame work to look at the Power Outages and a lot of the agencies that the government brings and this has to be a true working relationship. We cannot do this separately as a partnership. We have to have levels and then we have the power in the states through the utility regulatory management. That frame work the this summer is going to our Senior Leadership in the agency to begin the process of occurrence and updating it. Its the frame work if something were to happen now. Based on the lessons from sandy and other disruptions. The challenge for people to look at planning for not what they do everyday but what happens if the power is out. Not just for hours but for weeks. Do they understand what they need to do and that the critical lifelines have the power . I have been through enough hurricanes and few had enough to pass what was there and in a full load of crisis, they failed. They did not maintain enough fuel in the systems for that. They did not have the contracts for the firm deliveries when the crisis occurred. You really need to get people to focus on this. If youre going to provide the emergency power, it has to be for real and provide it for a long time. You have to do it from a stand approach. A standpoint of a phased approach. We dont know how long its going to be out. We have the response steps, and you have to ask the question if its only on the 72 hours and if were out for a week, what are the things that we have to focus on . The story of the industry is also good. We learned a will the how to get the systems back up and bypass the failed systems. In many cases they have replaced the man in the middle and then come back and run a system and get the power back. So i think theres both a good news story, but theres still a lot that we do not know. So against that, were not going to run a plan for everything that cannot happen. We need the right thing on consequences. As we have the duration of the impacts, thats going to shake the guidance and officials. Were dealing with the extensive Power Outages. Regardless of the cause of it but the time and what would be happening and the next steps are. Again a lot of the lessons have been learned from the hazards and then how wide spread and how they are impacted. Thats probably the one difference that a physical threat as much as a hurricane. We know the geographical area. With cyber it will not be defined by physical or political boundaries and thats a system wide. Thats another area that we ask questions about. Thats probably outside of an ent detonation and thats the largest impact to the utilities and a lot of work is done to minimize. Mr. Chairman i stand ready for , the questions, but i tried to answer them in the opening statements. Mr. Carson thank you for your testimony. Before we move on, i want to recognize the Ranking Member of the subcommittee mr. Carson for the opening statement. I want to thank you guys and for the sake of time we should continue, and i was the one that was late. Thank you. Thank you. We will move on assistant secretary. Thank you for focuses on the attention of being prepared on the outage and to discuss the electricity system in an increasingly challenging environment. Our economy, National Security and even the health and safety of the city depend on the Reliable Delivery of electricity. The mission of the office of electricity and delivering a liability is the strengthen, transform and improve the structure to improve the access to the clean sources of energy. Were committed to working with the public and private sectors to protect the structure and including the power from the disruption whether its caused by man made events, Cyber Attacks. The crucial factor is to be proactive and cultivate what i call an ecosystem of resilience and that owner, operators, vendors and consumers Work Together to prepare, respond and recover. Our Organization Works on indent indepth strategies and product itself and tools on the preparedness activity. This is done from forms, training and exercises that have federal, state and local officials. In the Cyber Security, its the effort to improve the Cyber Security capabilities. The department of energy and Industry Partners have developed the Cyber Security capability model. This is an evaluation tool that helps organizations prioritize and develop the Cyber Security capabilities. In theres a clear path form in april, portland and washington , dc. Its an exercise in testing and evaluating the Energy Sector and roles and responsibilities with response plans and utilized for the abduction zone of earthquakes and tsunamis. The Department Works to access the affects on the disaster of local and federal structure, coordinate assets, monitor and from vied regular situation monitor and provide regular situation awareness and the key to the state, white house and the agency partners. We also provide leadership by requesting and facilitating the development of an energy and sharing Analysis Center as well as the development of electric counsel. This counsel is a group of leaders from across the sector that meet regularly to coordinate and share. When power goes out, the local utility is the first responder. Should anybody receive the capability of any private or sector resources congress did several sectors and this act confirms the Cyber Security and oil and gas information sharing, development of a transform er a transformer plan. In addition the fast act provides them with a new authority. Upon declaration of the Grid Security emergency by the president , the secretary can issue orders to protect and restore the critical structure. The department is actively engaging in the process and procedure. The keys to strengthening resilience is not only through site by innovation. Advance in technology and innovation of storage and mick microgrids will help get ahead of the risks. In conclusion, the threats will continue to evolve. The doe is working to stay ahead of the curve. To accomplish this, we must invest in the resilience, encourage the innovation and use the best practices to help the raise the cyber and physical security and strengthen the local and response of the capabilities. Thank you for your time, and this concludes my remarks, and i look forward to the questions that you have. Thank you for the testimony and you may now proceed. Good morning and members of the subcommittee. Thank you for the community to thank you for the opportunity to discuss on the National Effort to secure and enhance the natures infrastructure and then the response and recovery from all hazardous events. Including the physical impacts of cyber incidents. I want to begin by acknowledging that protecting the grid is a top priority of this administration and the department of Homeland Security. It is worth underscoring that the grid by its design is resilient. Its a complex network of the assets that has built in and can adapt to demand and climate in a host of other factors. In short, the electric grid has one principal in mind. Reliability. Thousands of Companies Work to run the most reliable grid in the world. While over 85 of the nations electricity infrastructure is in private hands, the federal government realizes that we have to work in partnership to protect the the grid because of its importance to National Security and prosperity and resilience. I have the privilege of working with sectors and can say with confidence that the the electric that the electric industry takes a multilayered approach with management and is committed to adaptation based on the Lessons Learned in the real world and exercises and the understanding of the dynamic risk and environment. Industry and government acknowledged that we cannot stop every threat and national hazard. And that we must be prepared to repond to the range of events and consequences. The federal government and the partnership and thats designed under the Protection Plan reached new levels following two important events. The first was a report publiced report published by the adviser commit tee and the counsel in 2011 on the resilience of the electrical and sectors and called for the seen were your executives to convene on a regular basis to craft a Risk Management agenda that was reflect reflective of the threat in environment. Nearly a year later we had a scene of an earthquake of the power plant in japan. That had the United States come together to plan for a tragic incident. For nearly four years, 30 ceos have comprised the electric sector and meet regularly with the counter parts at dhs, doe and other members to address the growing number of the fassetts number of sophisticated factors that put us at risks. This is to insure the consequences are minimize and are minimized and that the , value of our relationship is strengthened by identifying the authorities and the robust and the planning and regular testing and exercise of these plans. Projects conducted by the partnership is action oriented information sharing and then around the physical and cyber events. A 2013 and 2014 outreach is the importance of reporting the suspicious activity. An electric sector playbook and thats a crisis frame work to enable to Senior Executives to coordinate on the response and recovery issues, as well as work by dhs and doe with the sec fors to have the coordination with other lifeline functions. In addition to the work, dhs works with owner and operators to help to enhance the facility and posture. Understand that dependencies and exercise with the state, local and tribal authorities for a range of problems. This engagement would not be possible without a contrary of Security Specialists from around the country that engage with asset ordinary reasons on a regular basis to help them understand the threats, perform assessments and insure that theyre connect today the broad the broader Homeland Community in the s