Skip to main content

tv   House Energy Subcommittee on Cyber Threats to the Electric Grid  CSPAN  September 6, 2019 11:59am-2:17pm EDT

11:59 am
recognize that the history of this. when jim crow segregationists say i'm not racist and today even white nationalists are saying i'm not racist. >> jim mattis recounts his military career and his thoughts on leadership. watch book tv every weekend on c-span2.
12:00 pm
this is a house energy sub committee hearing. it's about 2:15. subcommittee will now come to order. i want to thank all the members and the witnesses for appearing before the subcommittee this morning. the chairman will now yield five minutes to my great friend, mr. mcnerney from california for five minutes. >> good morning, mr. chairman, i thank you for yielding me the five minutes and i thank the witnesses for coming this morning.
12:01 pm
it's an incredibly important issue that we needed to care a lot about and make good policy on. we're meeting today to discuss the state of cyber security in the grid and the continuing threats facing america's energy truer. we continue to see increasing threats to the grid originating both at home and abroad. i'm glad to see the doe and ferc and others taking steps to address the growing dangers posed by nefarious actors. our energy grid serves as the backbone of our economy touching every aspect of our lives and a reliable grid is also crucial to our national security and for a clean energy future.
12:02 pm
for lawmakers to encourage and enable innovative advancements that we can improve the security and reliability of our nation's electric grid, we must work on a bipartisan basis and actively engage with industry leaders as we are doing today here. fortunately the modernization and innovation of our energy infrastructure is already under way. what was once a one-way delivery system has evolved into a dynamic network where information and energy flows both ways. technological advancements are both -- are also born from the need to secure the energy grid against potential physical and cyber threats. for example, technology allowing for the rerouting of power and quick response in the event of attack is being deployed across the grid. the cooperation among federal, state and local governments is essential to protecting americans and our nation's infrastructure. given today's cyber environment it's more important than ever that congress pursue policies that continue to foster these
12:03 pm
exciting developments and support our grid infrastructure. this is an issue that i am very passionate about and vulnerable components -- any vulnerable component is a threat to our physical and national security, making it imperative that we invest in grid modernization and security. that's why i'm proud to co-chair the bipartisan grid innovation caucus with my good friend from across the aisle, representative bob latta from ohio. together we're focused on providing a forum for discussing solutions for the many challenges facing the grid and to educate members of congress and staff about the importance of the electric grid with relation to the economy, energy security, advanced technologies being utilized to enhance grid capabilities. this work has informed our introduction of two bills on the topic, both of which have already been marked up and advanced by this subcommittee. their aim is to bolster america's electric infrastructure by encouraging coordination between the department of energy and the
12:04 pm
electric utilities. my bill, which i introduced along with mr. latta, hr-359, the enhancing grid security through public/private partnership act would create a program to enhance the physical and cyber security of the electric utilities through assessing security vulnerabilities and increasing cyber security training and collect data. it would also require the interrupt cost estimate calculator, which is used to calculate the return on investment on utility investments to be updated at least every two years to ensure accurate calculations. mr. latta's bill which he
12:05 pm
introduced along with me, had. r-360, the critical cyber sense act makes important headway in protecting our critical electoral grid infrastructure. it would create a program to identify cyber secure products for the bulk power grid through testing and verification program. the bulk power system supports american industry and provides all the benefits of reliable electric power to the american people. it is essential that we make this system as secure as possible as cyber attacks do pose a serious threat to the electric grid. any vulnerable component in our grid is a threat to our security and this bill will go a long way to strengthening that system. i thank mr. latta for his partnership and looking forward to working with him. i also want to take a moment to mention my support for hr-362, the energy emergency leadership act sponsored by chairman rush and mr. walberg. this bill would establish new doe assistant secretary position with jurisdiction over all energy, emergency and security functions related to energy supply, infrastructure and cyber security. finally i want to mention my support for one more bill on this topic, hr-370, the pipeline and l & g facility cyber security preparedness act sponsored by ranking member upton and mr. lope zach. this bill would require the secretary of energy to establish a program relating to the physical security and cyber security for pipelines and liquefied natural gas
12:06 pm
facilities. as the bills i had mentioned show, our committee is uniquely positioned to examine the issues before us today as we work to put america on a path to better securing our electric and utility system. now i yield back to the chairman. >> i want to thank the gentleman and on a point of personal privilege, the chair was originally scheduled to be at home in chicago this morning for the funeral of one of my dear friends, ms. jada russell, a trusted friend and colleague and supporter and due to inclement weather last night my flight was
12:07 pm
canceled so i couldn't go. mr. mcnerney graciously agreed to sit in the chair for me last night when i wasn't going to be here this morning, but i'm here now and so i want to thank mr. mcnerney personally to be willing to sit in the chair with me in my absence, but as you can see i'm here. thank you. >> i appreciate the sentiment and i also appreciate the confidence that you've shown in me, mr. chairman. >> thank you very much. the chair now recognizes mr. upton, the ranking member of the subcommittee, for five minutes for the purposes of an opening
12:08 pm
statement. >> thank you, mr. chairman, i'm sorry to hear about your friend and i'm grateful that you didn't get on that plane because i drove home through that storm last night and i don't think that plane would have had a lot of -- yeah. smart. today's hearing continues the subcommittee's ongoing oversight of cyber security threats to the electric grid, a priority that all of us have had. while this is the first hearing specifically on the topic this year, the subcommittee has been raising questions about persistent and emergent threats to the electrical grid in closed briefings and in hearings with federal officials and others over the course of this session. building on the work that we've done over the last couple of congresses. it is unquestionable that ensuring the reliable supply of electricity is vital to our nation's security, economy, our health and welfare. electricity enables telecommunications, financial transactions, the transport and delivery of energy and agriculture, it powers the infrastructure that delivers our drinking water, it enables business and industry to make
12:09 pm
and provide the goods and services of our modern society, it powers our hospitals, our households and everything else. but let's face it, the u.s. has the world's most complex electric grid and while we have a well-developed system of grid operators to ensure that the lights stay on, we're confronting new challenges every day and adapt to go a changing generation mix, new technologies and consumer preferences. we're also responding to new threats and working to strenghten the cybersecurity of the nation's grid. the integration into the system
12:10 pm
of new digital technologies that are essential for keeping up with our nation's energy needs constantly add vulnerabilities. other vulnerabilities are being added with increasing dependence on pipeline infrastructure by will electric generating units, combine that with a rapid expansion of cyber capabilities by more of america's adversaries and safe guarding transmission infrastructure remains particularly urgent. many of the federal oversight and regulatory structures in place today that ensure that the system can mitigate and respond to cyber, can you traced to this committee's legislative work. in '05 we authorized ferc, the commission the north american reliability cooperation nerc to enforce reliability standards and coordinate activities among industry and the feds to confront cyber threats. in 2015 in committee wrote provisions including the fast act to strengthen doe's energy sector specific authorities and to facilitate sharing of the threat information between private sector asset owners and the federal government. as a federal agency with expertise on our nation's electricity grid and the cybersecurity threats against it is imperative that we arm doe with the tools and authorities to protect our electricity system from the transmission lines to the very generating stations and their pipelines. most recently we developed legislation to elevate doe's
12:11 pm
functions oversees cyber security and to improve information sharing, emergency planning and other technical activities in this jurisdiction. that legislative work is continuing, but unfortunately -- or but fortunately the department has used its own authorities to implement, enhanced leadership over cyber security and to improve interagency coordination. against that backdrop today's hearing provides a great opportunity to update the subcommittee on what these agencies are doing to advance cybersecurity practices, protections and response planning. looking forward to hearing from
12:12 pm
assistant secretary karen evans who heads the doe office of cybersecurity, energy security and emergency response. she testified in september last year, she had been on the job for just a couple of weeks. though she brought long federal experience to the table as soon as she sat down. so i look forward to discussing doe's current work, how it's exercising its coordinating role over a cyber security threat and to learn what challenges she sees going forward and how she plans to address those challenges. it will also be helpful to hear today from the regulators of the electric grid, andy dodge who heads ferc's office of electric reliability and from job rob who heads nerc. both these entities serve at the front lines of regulatory oversight of electric grid infrastructure protection, i'm particularly interested in learning what measures they're working on to address threats to ensure best practices and to coordinate response to cyber incidents. the risk of massive blackouts can be hard to think about, but the cyber security realities of today require that we face these risks head-on, that we be sure that our agencies and appropriate groups have the tools in the toolbox and the information that they need to address the risks and what they're prepared for the consequences of successful attacks. thank you, mr. chairman, for this hearing. i yield back. >> the gentleman yields back. the chairman now recognizes the chairman of the full committee mr. malone for five minutes for
12:13 pm
the purposes of an opening statement. >> thank you, chairman rush. today we're here to get an update from federal agencies about how they are addressing cyber threats to our electricity grid. we know our entries are rapidly developing new techniques to compromise and attack our grid so it's vitally important that the federal government and the electricity or the electric industry remain vigilant in enduring the grid is secure. our committee has been conducting robust oversight on this important topic in a bipartisan fashion for years. today's hearing is a public forum to discuss how the federal government is addressing cyber security challenges but the
12:14 pm
committee also is continues to receive closed-door briefings on the issue to understand more classified matters. our witness and their respective agencies all take cyber security of the grid very seriously and i believe secretary perry made the right decision in creating the position of assistant secretary for cyber security, energy security and emergency response to focus specifically on these pressing issues. last month the subcommittee favorably reported out legislation introduced by chairman rush and mr. wahlberg that would enshrine and statue this position at doe. i look forward to bringing this bill and other cyber security bills up. we must be active and vigilant when it comes to cyber security because time is of the essence. in march we had the first reported malicious cyber event that disrupted grid operations of a western utility. thankfully there seemed to be very little effect on the transmission grid and no customers lost power, but we must stay ahead of anyone who is a cyber threat. and i appreciate the work of ferc and nerc to continue enhancing critical infrastructure protection
12:15 pm
standards like the rule last october to bolster supply chain risk management. this rule implement new reliability standards that respond to supply chain risks like malicious software by requiring responsible entities to develop and implement security controls for industrial control systems, hardware, software and services. these are the types of important forward-looking actions we need to proactively protect our grid against attacks. while this hearing today is not specifically about pipeline cyber security, i'd be remiss not to mention how important that is to our grid system. we have a reliable pipeline system but we never want to find ourselves in a different situation. so i remain concerned about the lack of resources and expertise at the transportation security administration's pipeline security program. i look forward to hearing from doe about possible ways this he could help address these safety gaps. as i've said before, if tsa continues to devote scant resources or attention to these matters we must look at other options to keep our pipes secure. thank our witnesses for being here today as we discuss this critical security issue. with that, mr. chairman, unless someone else wants to talk, i yield back. >> the gentleman yields back.
12:16 pm
the chairman now recognizes the ranking member of the full committee for the purposes of an opening statement. >> good morning, mr. chairman. >> good morning. >> delighted to have the witnesses here and have this hearing. by am i measure the reliable supply of electricity is an essential part of anything we do. in today's highly interconnected and digital world the threat of cyber attacks, the reliability of electricity is ever present and it's growing. one of our responsibilities on the energy and commerce committee is to review and where necessary revise laws and policies that concern the reliable delivery of energy. this is part of the committee's black letter jurisdiction and it's something that we all take very seriously no matter which party is in the majority. this morning's oversight hearing continues its important work and
12:17 pm
focuses on the status of efforts to address cyber security threats to the electricity grid. we will hear testimony from our witnesses today, you are key players in keeping the lights on. department of energy, federal energy regulatory commission and the north american electric reliability cooperation or nerc. each of your organizations has a role in supporting effective information sharing, technical assistance, standard settings, oversight of standards, implementation, sound engineering practices, all of that as it relates to the bulk power system. i look forward to hearing updates from witnesses, especially on coordination and sharing among federal entities and industries. that's always been an issue and continues to be. our passed over sites the emergency cyber security responsibilities over the energy sector, includes providing, supporting, facilitating
12:18 pm
technical assistance to identify vulnerabilities and mitigate risk. i have seen some of the work firsthand in our national labs, especially in the northwest, pacific northwest national laboratory in washington state, out to idaho falls to the national laboratory. terrific people working in the labs, doing amazing work on behalf of the country. they provide the analytical tools that are proving helpful for all kinds of industries and systems we rely upon. learned last year new sharing tools, what's called cyber security risk information sharing program or crisp, have proven helpful identifying systemic cyber attacks across the energy sector. i would be interested to hear from nerc and d.o.e. how this approach is being expanded broadly as relates to supply chain risk, operational technology systems, switches and supervisory control, embedded in the grid. we know as more connected devices and grid technologies are added to the grid, vulnerabilities continue to grow. information sharing is central to strong cyber defense. this is important as energy systems are more interconnected.
12:19 pm
republican leader fred upton noted repeatedly how because the nation's pipeline systems, heard this from others, are an integral part of the system, harmed pipelines means harmed supply of electricity. we have to think about pipelines as part of the larger energy system rather than a piece of hardware or mode of transportation. while pipelines fall under separate regulatory regimes, department of energy must maintain visibility over pipelines to ensure delivery of electricity to consumers. they're all interconnected. that's why the committee is pushing to codify the emergency
12:20 pm
response role and strengthen the department's capabilities to monitor for cyber threats and provide technical assistance to industries. also important to enhance coordination of response should attacks succeed at a large scale. members on the panel had the benefit of briefings in the past few years to understand emergency response exercises in the electric sector. an update on these exercises will be useful today. we look forward to that. and testimony this morning will underscore risk to critical infrastructure from nation states and other bad actors is increasing. this means technical assistance, information sharing, and deployment of innovative technologies and best practices to get ahead of threats is ever more urgent. we must be sure critical infrastructure protection standards are up to date, flexible to meet the risk, and make sure we are providing federal agencies tools needed to serve the industry and nation more effectively. we have a real responsibility here, and hearings like this help us do our job better. mr. chairman, thank you for having this oversight hearing and again to the witnesses, thank you for your testimony, guidance of counsel. you will improve our work. with that, i yield back the balance of my time. >> the gentleman yields back. the chair would like to welcome
12:21 pm
our expert witnesses for today's hearing. from my left, the honorable karen evans, she's the assistant secretary of the office of cyber security and emergency response, and u.s. department of energy. next to her, mr. dodge. he is director of the office of electric reliability for the federal energy regulatory commission. seated next to mr. dodge is mr. jim rob, president and chief executive officer of the north american electric reliability corporation. and i want to again thank all of the witnesses for being here with us today. and we look forward to your testimony.
12:22 pm
but before we begin, i have to give you a tutorial. i would like to explain the system. in front of you is a series of lights. the light will initially be green at the start of your opening statement. the light will turn yellow when you have one minute remaining. please begin to wrap up your testimony at the yellow light. the light will return bright, bright, bright red when your time expires. and with that said, assistant secretary evans, you are now recognized for five minutes. >> thank you, sir. good morning, chairman rush,
12:23 pm
ranking member upton, members of the committee. thank you for the opportunity to discuss a continuing threat facing our national energy infrastructure. focusing on cyber security, energy security, and resilience of the nation's energy systems is one of the energy secretary's top priorities. by the administration proposing and congress affirming the office of cyber security, energy security and emergency response, the secretary has clearly demonstrated commitment to achieving the administration goal of energy security and more broadly national security. our nation's energy infrastructure has become a primary target for hostile cyber actors, both state sponsored and nonstate sponsored. the frequency, scale and sophistication of cyber threats continue to increase. cyber incidences have potential
12:24 pm
to disrupt energy services, damage highly specialized equipment, even threaten human health and safety. the release of the president's national cyber strategy, ncs, in september 2018 reflects the commitment to protecting america from cyber threats. department of energy plays an active role, supporting the security of our nation's critical energy infrastructure and implementing the ncs. the efforts reflect a concerted response to emergence of energy, cyber security, and resilience as one of the nation's most important security challenges. fostering partnerships with public and private sector stakeholders is of the utmost importance to me as assistant secretary for ceser. risk reaction difficulties in seven areas, including national security and energy and power. d.o.e. securities for the energy sector align or critical infrastructure section of pillar
12:25 pm
one, which is protecting the american people, the home land and the american way of life under the category to prioritize actions according to identified national risks. in the energy sector, the core of the critical infrastructure partners is represented by the sub sector coordinating counsel, escc. oil and natural gas council, and the energy government coordinating council, egcc. the escc and ongcc represent their represent i have industries. egcc, led by d.o.e. and dhs is where interagency partners, states, international partners come together to discuss the important security and resilience issues for the energy sector. this forum ensures we are working together in a whole of government response. it is critical for us to be proactive, cultivate a security
12:26 pm
energy network of producers, distributors, regulators, vendors, public partners. acting together to strengthen our ability to identify, detect, protect, respond, and recover. the department is focusing cyber support efforts to strengthen the energy sector cyber security preparedness, coordinate incident response and recovery, accelerate game changing research, development and deployment of resilient energy delivery systems. d.o.e. maintains a close relationship with ferc and nerc to be sure they have the relevant information to execute their missions. d.o.e. holds regular discussions with the three energy sector information sharing and analysis centers which include the downstream natural gas, the oil and gas, and electricity, to
12:27 pm
share emerging, potential threats and to disseminate information. establishing seizure is the result of the administration's commitment to prioritizing energy security and national security. ceser is collaborating to protect our nation's critical energy infrastructure from all hazards, including this growing cyber threat. our long term approach will strengthen our nation's national security and positively impact our economy. i appreciate the opportunity to appear before the committee to discuss cyber security in the energy sector and i applaud your leadership. i look forward to working with you and respective staff to continue to address cyber and physical security challenges. >> i want to thank you, madam secretary. now i want to recognize mr. dodge for five minutes for purposes of an opening statement. >> thank you very much. good morning, chairman rush, ranking member upton, members of the subcommittee.
12:28 pm
thank you for the opportunity to testify today. my name is andy dodge, i am director of electrical liability at ferc. through my testimony i will refer to that as the commission. i am here as commission staff witness, my remarks don't represent the views of the commission or any individual commissioner. today i will provide a brief overview of the commission's authorities and activities to help protect and improve the cyber security of the nation's
12:29 pm
power system. our work includes mandatory reliability standards, audits of those standards, and sharing of best practices. we work closely with north american electric liability council or nerc, regional entities, state and federal agents and entities that carry out this important work. as a result of the energy policy act, 2005, section 215 of the federal power act, nerc is responsible for developing and proposing new or modified reliability standards to the commission. the commission oversees nerc's development, enforcement of critical infrastructure protection standards or cip standards. the original set of standards were the version one standards. they were actually developed in 2006 and became enforceable in 2010. they're continuously reviewed and updated to address new cyber security threats and challenges as well as technological changes. we are in version five of the overall standards currently. there are currently 11 active cyber security standards and one active physical security
12:30 pm
standard. in all, there are over 200 distinct requirements. the cip standards are requirements that constitute a defense in depth approach to cyber security based on an assessment of risk. importantly, the cip reliability standards are objective based, responsible entities are free to choose compliance approaches best tailored to their individual systems. the foundational standard in cip requires each utility perform risk assessment of its assets, then to categorize the assets in the low, medium, high impact to the electric grid. the other cip standards require utility companies to develop cyber security plans, train personnel adequately, establish physical and electronic access perimeters, and apply patches in a timely manner, identify, report cyber security incidents, and develop and implement recovery plans amongst other things. recently, the commission further enhanced the cip to address supply chain risk and instant reporting. although nerc and regional entities are primary authorities for cip standards, since 2016,
12:31 pm
they have sampled utilities with respect to compliance to version five of cip standards. they issued two reports that describe lessons learned from audits and best practices. by publishing lessons learned reports, we hope to help other utility companies to help with compliance of cip standards as well as cyber security. in addition to mandatory reliability standards, the commission has adopted voluntary initiatives overseen by the office of energy infrastructure security.
12:32 pm
they engage with partners in industry, states, other federal agencies to develop and promote best practices for cyber security. these include architecture assessments of interested entities, classified briefings for state and industry officials, and joint security programs other federal government agencies in industry. in conclusion, protecting the electric system from cyber and physical threats is important to securing the nation's critical infrastructure. they're taking a standards or mandatory approach and collaborative voluntary approach to ensuring reliable and secure operation of the grid. i thank you for the opportunity to testify today and participate in this hearing and i very much look forward to answering your questions. thank you. >> want to thank the gentleman. the chair recognizes mr. rob for five minutes. >> thank you chairman rush and members of the subcommittee. this is my first appearance in
12:33 pm
front of the committee as nerc ceo since taking the job last year. you noted in opening comments how foundational electricity is to modern society and all of us here on the panel, nerc, ferc, department of energy, we all take our job of strengthening the reliability and security of the fabric of the industry seriously. we know the citizens of the united states and neighbors in canada and mexico demand on reliable electricity for daily life needs. to date, there's no successful cyber attack that resulted in loss of load in the united states. while we're proud of that statistic, we'll never rest on our laurels as the consequences noted are significant. as a result, the electricity sector has taken the cyber security threat extremely seriously, put in place a robust system to protect critical
12:34 pm
infrastructure. we find that boards and executive leadership play strong support, focused on security as one of the top issues. unlike the day in, day out job to reduce risk to reliability, cyber risks emanate from adversaries that use multiple techniques to attack the grid. it requires a multi pronged approach. the approach includes mandatory, enforceable reliability and security standards, information sharing, partnerships with sector specific agency, department of energy, as well as other government entities, dhs, dod, to confront rapidly developing threats, and engagement with industry. together they form a solid foundation of best practicing and strategies to confront this ever evolving threat. with respect to standards, our critical infrastructure protection standards provide common foundation for security.
12:35 pm
our standards are developed using subject matter expertise from industry, reviewed and approved by the independent board of trustees, by the ferc. cip standards require companies to establish plans, protocols and controls to protect critical systems against cyber attack, ensure personnel are adequately trained on cyber hygiene, report security incidences in a timely manner, effectively recover from events. standards evolve with increased understanding of threats. recent updates to the cips address supply chain risk, and improved cyber incidence reporting and cloud computing. noncompliance is subject to penalties, at times significant, requires ceo execution and board level reporting. standards are just one important element of a comprehensive strategy. because security threat, must maintain constant situational awareness, real time
12:36 pm
communication. that's where robust information sharing comes in. that's a service we provide through the electricity sector information sharing and analysis center or ei sack. operated by nerc, working in close collaboration with department of energy and electricity sub sector coordinating council, it is the central hub for sharing of information in the electricity sector. it communicates with over a thousand electricity organizations, via secure portal, with critical information provided by industry and government. through that, we manage a terrific information sharing program called crisp. crisp uses innovative technology developed by department of
12:37 pm
energy in national labs to monitor cyber activity, and developed the capability to rapidly declassify insights from crisp within 24 hours to communicate in sights to industry. they cover 75% of u.s. customers. it is shared beyond crisp members, all members can benefit. we also conduct biennial drill called grid x. it is the largest security exercise for the electricity sector. conducted every other year in partnership with escc and government partners, it simulates a widespread coordinated cyber and physical attack, designed to overwhelm even the most prepared organizations. and exercise their ability to respond and recover. and we invest in education and outreach. we conducts webinars, and all points bulletin to indicate threats to industry. for the most serious threats, a nerc alert provides precise information and mitigation strategies to industry, in many cases reporting back on successful threat mitigation. annual grid security conference
12:38 pm
has proven to be a terrific training and outreach engagement program for nerc, government partners, key industry security officials, key vendors to engage and learn from each other. i thank the committee for being here. >> with that, we are concluding the opening statements from the witnesses. and we will now proceed to members questioning. each member has five minutes to ask questions of our witnesses. i will start by recognizing myself for five minutes. assistant secretary evans, it is
12:39 pm
great to see you this morning before our committee once again. and as you know, i have sponsored hr 362 which would codify your position within d.o.e. as a new assistant secretary position with jurisdiction over all energy emergency and security functions relating to energy supply infrastructure and cyber security. so we look forward to passing that bill up and out of the house, and hope the president will sign it subsequently to it passing in the senate. we want to be invited to the celebration when you're sworn in as assistant secretary. but i have a question for you now. currently there appears to be
12:40 pm
some overlap, some tension among some federal agencies as regards to who is responsible for cyber security when it comes to protecting the energy sector. what makes d.o.e. in unique position to take on a leading role when it comes to technical expertise, knowledge, experience, and resources in protecting the energy specific sector. why is d.o.e. uniquely positioned to address all those issues?
12:41 pm
>> well first, thank you, sir. and when it is signed, we will invite you down for the celebration. everyone on the committee. we applaud your leadership and forward leaning into this important issue. where d.o.e. is uniquely positioned for this is the partnership that d.o.e. has as the sector specific agency out through the entire sector as well as state and local government. what's even more unique about the department of energy is the national lab structure and leveraging capabilities that the national lab has. so when you hear maybe there's some tension, i don't know if there's tension, it is specific expertise of the energy sector. that's why the administration has us as a sector specific agency, under the pdd and national cyber strategy as it goes forward. there is clarity we continue to work through as to the incident response and how that should work, but i think there's no disagreement in the executive branch that this is an important sector and that the public, private partnership is critical, and leveraging the national labs capabilities and our understanding in the energy sector makes us that lead, why
12:42 pm
we are the sector specific agency for the energy sector. >> today we have not experienced large scale cyber attacks on our energy grid. that said, we know that russia and china and even iran are running up their capabilities to potentially attack our energy grid and cause disruptions to our economy. and i know that d.o.e. takes these potential threats very, very seriously, but are there
12:43 pm
any areas where congress should provide more assistance in the form of authority, resources, or anything else that you might think of. i would like to hear from mr. dodge and mr. robb, whether there's anything more that we can do to help you all protect the grid from foreign attacks. secretary evans? >> i appreciate the opportunity to answer that question. as i outlined in my testimony, it is clear from the worldwide threat assessment what the dni said about our adversaries capabilities and what they can do in the energy sector. when we look at it from a national security perspective, what the department is doing, i think the key area really is the partnership and then the information sharing. and so as we're implementing national strategy, we're looking to clarify roles and
12:44 pm
responsibilities to specifically answer the question that you posed. do we need more legislative authority, do we need as a government, what is that administrative package that needs to come up here so we can have that information sharing in a way that will facilitate and ease some of the issues that industry may feel that they have going forward. one area we're also working out that we're looking at is under the fast act, you have given the secretary authority once the president designates grid emergency, what exactly is involved in that, how we would then move private industry resources to deal with a national emergency. at that point industry has also expressed and is working with us how some additional liability protections may be needed. >> the time is expiring. will you respond in writing to that question. chairman now recognizes mr. upton for five minutes. >> thank you again for your testimony. i have a couple of questions. i'm going to try to get through
12:45 pm
them all. i know that we had exercises on grid security that have been i think very helpful. can you tell us what are some things you learned from that, number one, and also whether we've had exercises actually on pipelines, cyber attacks on pipelines in terms of an exercise. >> as specifically relates to pipelines, we have done a joint exercise with ferc in a classified setting to really exercise at that inter dependency, see what weaknesses we need to shore up. there are lessons learned.
12:46 pm
there are things we are applying, taking forward in the whole of government approach and i would yield over to ferc if they would like to speak more about the exercise that happened. >> thank you. the only thing i would add about the exercise, it was actually a d.o.e. led classified security briefing, and it was actually a joint tabletop drill between d.o.e. and ferc, and of all electric officials, rtos, isos, it was a rather extensive event. there were lessons learned as miss evans indicated, it was a classified briefing, and items from those were actively followed up on. >> do you plan on doing any of that this year? calendar '19 or '20? is there another date set or not? >> so let me hop in here. we will conduct the fifth grid x exercise this november, a multi sector exercise, highly focused on the electric system, will also involve communications and fuel supplies such as natural gas. you asked about -- and that
12:47 pm
exercise again is a continent wide overwhelming attack. it is designed to break everybody's system, to push them to the limit, so they understand where their vulnerabilities are in terms of response and recovery. one of the things we're doing this year in the executive tabletop is to take a strong focus on a narrow region of the country and start to focus in on the operational coordination that would be required between gas pipelines, the communication sector, utilities sector, probably even the finance sector in what would be involved in restoring the system after such a catastrophic event. >> and follow-up question. was tsa involved at all with the exercises? >> they have been invited to participate this year, and i believe they will be. >> have they participated in the past or not? >> tsa participates in all of the activities that we do from a government perspective. so we did -- >> they actually had a person there?
12:48 pm
>> yes, sir, yes, sir. they have a representative there, two weeks ago also, we had the oil and natural gas sub sector coordinating council meeting out in oklahoma city. tsa actively participates. we work directly with the industry to actually go through the initiative and update that we have jointly announced with the oil and natural gas that happened last october. so tsa, transportation, d.o.e., department of homeland security, we're all there leveraging our resources to look at the pipeline security and how to make it more robust. >> so i'm looking at a statement, sorry i didn't print it out, saw it just a few minutes ago, it is reported i think in politico this morning that tsa administrator is talking they want to be more
12:49 pm
involved, they realize they're in essence short staffed, and likelihood of operating under a continuing resolution, which means they won't be able to expand anything beyond what they had in fiscal year '19, and as we learned a few weeks ago, they only have i think four people out of 50,000 that work on pipelines. i just question the substantive role they might have, knowing that we have entrusted you all to work together with enactment of the fast act, and really appreciate the work you do. i look forward to supporting the legislation to make you someday a portrait hanging deal as an assistant secretary. with that, mr. chairman, i yield back. >> the gentleman yields back. the chair now recognizes mr. peters for five minutes. >> thank you, mr. chairman. thanks to the witnesses for being here. miss evans, first of all, i appreciate we're in a
12:50 pm
nonclassified situation, you'll obviously tell me if you can answer my questions. do you know how many cyber attacks the electric grid sustains on a regular day, average day? sustains on a regular day, average day? >> so doe continuously monitors across multiple things. so it depends on how we talk about a cyber attack, and so we are in constant communications, and we constantly monitor what is happening in the state of the sector as a whole. so beyond that, i'm happy to come back in a more appropriate setting to give you more details, if you'd like. >> well, you didn't tell me a number. do you know the number yourself? >> that's why i said it depends on how -- >> how do you define the attack? >> yes. >> and how you want to quantity
12:51 pm
fie. >> are you able to determine how much of the activity is coming from state actors? >> so, again, i would be happy to talk about that more, but yeah. the way that we are designing the systems -- >> i'm not asking you to tell me -- do you know whether it's coming from state actors. is that something you don't want to answer here? >> i would like to answer that in a more appropriate setting. >> let me move onto something else. maybe mr. rob to follow up with a question that the chairman asked of miss evans about what needs to be done now from congress. do you -- it's my observation we rely heavily on the utilities private companies to deal with this. and when they came to speak to us last congress, they suggested that the thing that they needed most to modernize the grid, not just related to security, but to
12:52 pm
modernize it was research support from congress that they wanted to be sort of left to their own to be able to innovate, which i think is generally appropriate. how do you -- how comfortable do you feel that individual utilities are able to handle these attacks? is there anything you think congress should be doing to back it up in terms of security? >> i'm not sure i caught the entire question with the door closing. but the point i would make in response to the chairman's question is the biggest issue for us is we're sort of threat actors or so forth is of less interest. what is of interest is the attack vectors. the most important thing for us is for government to be able to more rapidly declassify information to get it into
12:53 pm
actionable incites that we can get out to industry. industry doesn't need to know the origins or sources. we need to know the whats. i think the whats and whos are tied up. i think that clogs the machinery up. that would be the most important thing that i would see government being able to do that would facilitate better information sharing and better awareness in industry. rapid declassification, and/or broader availability of security clearances. >> realtime ability to share information on outgoing attack? >> absolutely. >> right. how should -- what should be the responsibility the legal liability for utilities fending off these attacks? suppose something gets through because of the weakness of a particular utility? what incentives do we have to make sure they're carrying their weight?
12:54 pm
>> i'm probably not the best expert to talk about legal liability. what i would say in response to the question is that every ceo i know of, and this goes from the largest ious to the smallest public powers, take this threat seriously. so they right now i think they all do everything that makes sense for them in their situation to protect against these attacks. >> it's my observation that unless -- i appreciate that. i think that's probably something that every ceo wants to avoid, but unless there's a bottom line impact, sometimes it doesn't filter through the culture of the entire company. i like the way that we rely on private innovators to deal with these problems. i think often they're better situated than the government. but on the other hand, we have to provide the incentives through the private industry to make sure that they do emphasize this as a business matter, and i guess my time has expired. we'll have to continue that
12:55 pm
conversation later. thank you again for being here. >> the chair now recognizes the ranking member for five minutes. >> thank you. as you can see, mr. chairman, it's dangerous protecting the grid. i'm just saying we all have to do our part. mr. rob, in addition to reports of russian and chinese cyber activities you referenced news reports in recent weeks that iran may threaten retaliation. and that could include cyber attacks on critical infrastructure. can you briefly walk through how the owners of the balk power system prepare when they see something like this in the news? are they ready for it? first, i believe that the utilities are on kind of constant alert, because they know that they're a great attack
12:56 pm
target for foreign adversaries, and so i think the security establishment within the utility sector is topnotch. and i think always on alert. in the case of the situation surrounding iran, as soon as we were made aware of the situation, we had an all points bulletin we put together in concert with doe, with an appropriate level of declassification of incite that we head out with within three hours. >> in recent months, the u.s. and its allies have been addressing security concerns about chinese telecommunications technologies such as huawei. this raises questions about the use of similar questions in the power system. if you both could address this,
12:57 pm
which we intend to deploy out to the sector as a whole so that they can then start looking at their own suppliers and then on top of that, the last piece is that the department has announced an advanced manufacturing initiative which is looking at things in the long range for all the innovative technologies, all the different things that are happening so we can make sure we're looking at that up front as we are then forevering these technologies. >> will that give purchasers of technology in the systems?
12:58 pm
will that give them -- can you give them an assurance that what they're buying is certified safe? >> it is -- >> as well as saying that equipment over there may not be? >> the idea of our programs to be able to go for it, which actually married the same type of approach you're taken in the legislation is a voluntary participation. so leveraging the capabilities of the labs and looking at the test beds, it is publishing, and then us working and jointly with the national institute of standards to do the widest distribution of that information so you could then become an informed consumer. what you'll see is industry partners who are actively participating. for example, nist has a very active cyber center of excellence that the energy sector and the industry partners are actively participating. >> i want to know as a simple consumer here, i realize that's not who's buying this equipment in the power grid, but will
12:59 pm
there be a stamp of approval url approval that this equipment meets the standards. you can rest assured it is -- it has no back doors, no chips that are -- >> that is what we hope to be able to identify jointly through the advanced manufacturing institute. so do we have an outcome in mind? not necessarily. but it will evolve through the advanced manufacturing. >> some of this equipment is in different telecommunications systems today. >> absolutely. >> and it gets expensive to take it out. you don't want to buy the next piece of equipment to replace it and then somebody says by the way, that's not good either. and so we want to avoid that. i only have thirty-seconds, but please take it. >> on the last point, we think a supplier certification program is smart. the work the d.o.e. is doing is
1:00 pm
terrific. there's industry groups trying to come together to create a similar program. the initial question around the list of suspect companies, we're -- first, we issued an all points bulletin in march in response to the defense authorization act prebigss rnd the suppliers. alerted industry to that fact. we gave them some time to get their head around where some of the technologies might be deployed in their systems. next week we'll be issuing what we call a level two alert which will require industry to inventory all the instances they still have of those devices, communicate back to us their mitigation strategies around them, and we'll have that information by the end of the summer. >> the chair now recognizes mr. mcnerney for five minutes. >> from california. >> from the great state -- great
1:01 pm
nation of california. >> again, i thank the witnesses. mr. rob you testified as of yet there have been no successful cyber attacks on the utility system. that's a great achievement of your office. i appreciate that. missi miss evans, are you aware of any cyber attacks on our utility grid -- to be used on future attacks? >> i would reference back to the unclassified version of the worldwide threat assessment. i think that the dni has been very specific about what our adversaries' capabilities are. i specifically quoted in my testimony, and i also have it memorized. it's at the bottom of page five and the top of page six. he was very clear about what the capabilities and what our adversaries can do. >> thank you. >> mr. rob, concerning information sharing as a
1:02 pm
security clearance of utility officials and on tackle to effective data sharing of cyber security information? >> i would say yes. just the number of individuals who are waiting for a clearance that don't yet have them is a problem. >> how can we remedy that problem? >> i don't have the answer to that question, but it's a problem that needs to be resolved. >> okay. let's collaborate on that a little bit. miss evans, you know one area of a foundation problem is the cyber security work force development. what is caesar and the dod doing to train workers against these kinds of threats? >> i appreciate the opportunity to highlight the work we're doing there. we have the cyber strike at training, and the executive order that the administration has released recognizes the fact that we have to deal with cyber security work force issues in
1:03 pm
general, but specific about the energy sector. we're looking and leading the effort in conjunction with department of homeland security to see the gaps and how to train and make that more robust. and then the other area that we are really trying to innovate and lean forward on is the use of competitions to be able to use that applied learning. the labs are strategically placed in this area with all the different types of test beds they have so we can use the competitions for a learning experience, and then feed that result back into the training that we need to do for the sector as a whole. >> i've met some of those folks at the national labs. it's impressive what they're doing, and the young people are impressive. they're doing work as well. >> yes, sir. >> again, assistant secretary evans, can you describe some of the unique threats facing small utilities today with regard to cyber attacks? >> i would say that one of the biggest things that we need to do which you hit on a little bit
1:04 pm
is making sure that dissemination of information and the sharing of that information hits at all levels. and that we are working with state and local governments and the associations to make sure that they have the tools that they need, and that they have the awareness and the education that all of them need to have so that you can properly be prepared and make sure that you are assessing the risk that is happening in your area. we are working with those state and local governments with the energy coordinators in the governor's offices and in the states to also then drive down this information. and then also working across with other parts of the government that interact with state and local governments as well to make sure these tools have the hidest proliferation. >> mr. dutch, can you describe some of the work they are doing
1:05 pm
to assist small utilities in addressing their vulnerabilities? >> sure. through the analysis, they work with doe to constantly stay aware of the threats taking place. they also coordinate to find out if threats are taking place. through doe, they conduct classified briefings with the smaller utilities, and they're actively identifying and sharing best practices with the smaller utilities, in addition to that, they're volunteering on a voluntary basis conducting architecture assessments with any of the entities interested in that service. >> so sounds like the availability of classification, security classifications is an issue, then? >> i'm sorry? >> the availability of security classifications for these small utilities could be a problem? >> we work to try to overcome that as much as we can. we work with doe to get one-day
1:06 pm
read-ins for some of the personnel from utility companies to alert them of threats. >> all right, mr. chairman. i yield back. >> gentleman from california yields back and the chair recognizes the gentleman from the only state of the union that includes california as a great state. >> thank you for conducting today's hearing. informative. i want to thank our witnesses for being with us today. it's an important topic that we all worry about constantly on this committee. i want to follow up a little bit from my friend and colleague and co-chair of the great innovation caucus. we talked about it earlier. we introduced legislation earlier this year on hr 359 which one being the enhancing grid security, and hr 360, the
1:07 pm
cyber sense act. on the cyber census, to go through it, because i know my friend from oregon was talking a little bit about it. we were looking at what's happening. a lot of different things that are happening from around the world. we have to be very careful about what's being put in our systems and what kind of devices. but the 360 is the cyber sense act. that program would promote cyber secure products for use of the balk power system. it also establishes testing. i know he brought up about that seal of approval, but we want to make sure that there's that testing of these products that would be going on in a reporting of the cyber security vulnerability. and also the secretary at doe would be required to keep related database for the products to assist electric utilities in the evaluation of the products. both the bills have been reported favorably out of our sub committee.
1:08 pm
hopefully we'll see them and be signing a law soon. if i could ask assistant secretary evans, do you think our legislation we've been working on not only the grid security but also the cyber sense is going to be helpful in making sure you can do your job? >> i appreciate the leadership that you -- that the committee is showing in this area. i do believe that the intent of what you have going forward about having vulnerability disclosures and the idea of constantly or having the ability to verify and validate products as they go out and ensuring the supply chain risk is minimized is important regardless of whether the legislation gets passed or not. and so our offices is working and leveraging that capability and using the national labs and we are moving forward. then the legislation i'm assuming you'll be successful. when the legislation is passed, it will enhance that and allow for us to move on a more robust
1:09 pm
manner. >> thank you very much. in the aftermath of the 2015 ukraine cyber attack, the investigation found that the perpetrators didn't rely on any exploits or software vulnerabilities to disrupt the grid. rather, they gained access to the system over time learning how to moo ma nooufer it and patch it against itself. patching continues to represent the majority of our cyber security efforts. and to the panel, what steps can be taken to prevent potential attackers from learning to use a system against itself. >> so i would like to change the dynamic, and that is what we are attempting to do through our research and development in the suds program we have. because a lot of what we're looking at is after the fact. patching and maintaining systems.
1:10 pm
a lot of the things we're looking at and investing through our portfolio is being able to detect and protect. it's changing the dynamic in a way of using technology so that you cannot necessarily do it after the fact but prevent it up front. so looking at more active dynamic types of things such as software defined networks. looking at quantum key description. how can you use those types of technologies evolving right now to ensure the validity of the data or look at the transactions between the operation technology as well as the information technology systems. we are investing pretty heavily in that, leveraging what is happening in the labs and we currently have a lab call that is out looking for some of ways of how we can accelerate that deployment. >> thank you. mr. dodge and mr. rob, about 35 seconds. >> we recently changed the cyber
1:11 pm
security reporting requirements. it was only required if they had an event related to a cyber security that impacted the reliability of balk power system. now they have to report possible attempts to compromise the cyber assets and impact the cyber assets as well as the balk power system. and that information sharing is associated is a huge benefit. i defer to jim. >> i'll be quick. i would underscore secretary evans' discussion. i think from our perspective, one of the most valuable capabilities to advance would be the ability to monitor what's going on with operational technology systems in the same we can enterprise systems right now. >> mr. chairman, my time expired. i yield back. >> the gentleman yields back. the chair recognizes the gentleman from virginia for five minutes. >> my questions have been asked. i yield back. >> thank you to the gentleman
1:12 pm
for yielding back. now the chair recognizes the chairman from rochester. >> thank you and thank you to the panel for discussing the security of our nation's critical energy infrastructure. as was stating by everyone, this is of utmost importance, and we thank you for your work. i just want to pick up on some of the questioning that was asked before from a work force perspective. i served in our state of delaware as a head of state personnel for a while and secretary of labor, and one of the big challenges is always recruitment, retention, compensation, training, sometimes the first budget that gets cut is training. i'm curious if you could just talk to us about some of the both challenges that you see in terms of recruitment and retention of individuals in this cyber security space, and then -- and particularly from a nonprofit in a public sector
1:13 pm
perspective when you're competing with the private sector, and then the other question that i had was around innovation. are there innovative things that are being done to recruit folks to work in your organizations? i'll start with that, and if we could start with miss evans. >> i appreciate the question, and especially coming from delaware, because the state of delaware based on my previous experience is very innovative and the approach they're taking. in my work as the u.s. surgery, we looked at this and the blending of nonprofit public sector, the education system, and how you do that, and how to identify that, and then make it and that commitment of bringing them in is clearly demonstrated in the way the state of delaware has tackled this issue. there are incentives. there are things we need to do. what gets people excited and you
1:14 pm
have to look outside the more traditional places, some of the people that are best in this field do not come out of stem. and that is clearly demonstrated when you put together teams in the competitions to see all the skill sets that are needed. >> thank you. >> thank you for the question. we're actively monitoring our staffing levels and needs, and we've actually undertook several programs in the last couple years. i'm not going to get the precise names of the programs. basically there's a program where we reach out to colleges and bring people in as they're a freshman and sophomore and spend a summer or part of the year working for us. we're actively working to improve our on-campus relationships with different universities and then we actively go out and do on campus recruiting as a tlofollowup. there's a tuition reimbursement program. that after the students graduate
1:15 pm
that come work for us for a period of time, there's tuition reimbursement where you can forgive the previous student debt. >> thank you. >> i don't have any great incites into the work force development challenge that we have in the sector other than to underscore it's real as we all know. i would see from a nerk perspective, we've been able to attract and retain top flight cyber security individuals. we do them because they're committed to our mission. a number of people in this sector are very committed to the security and the value associated with electricity and so on and so forth. we appeal to that part of individuals. we've had pretty good success with that. it's a challenge. >> yeah. thank you, and miss evans, thank you for bricking up the nontraditional. one of the challenges as well is an aging work force. even when you look at work force planning and who will be retiring, making sure that we're
1:16 pm
staffed up. my other question was more related not so much to the cyber but to our kind of natural disasters and things like that. and whether or not with the severe weather incidences that we're seeing, how are you preparing whether it's -- whether you call it climate change or severe weather, whatever you want to call it, these things are real as well. could you talk about preparation for those? >> we also have the emergency response capability in our group. what we are looking at is our staffing of how to do that. the staffing in the way that our plans are set up mirror the way the fema regions are set up. but we also then use a lot of the modelling that is available within the national labs so we can do predictive types of things. what is key to the success in this emergency response is our partnership with private industry. we have to have that dialogue with them.
1:17 pm
it's their resources we need, and that we work with in order to be able to share that information and be able to respond. >> thank you so much, and i yield back. >> thank you for yielding back. i now recognize mr. ocean for five minutes. >> i thank the chair and welcome to our three witnesses. as my colleagues all know, i love to brag about texas. along that line, mr. chairman, you're correct. one former part of metsco became a country before it became a state. but it wasn't california. it was the republic of texas. the existence from 1836 to 1845. good bless tx -- god bless texas. >> we haven't recovered yet. >> this is not a brag, but our
1:18 pm
grid is the biggest target in america for cyber attacks. we have a free market power system that covers 95% of our state. one by a group called ercott. they manage 46,000 miles of electric power lines. 650 separate generation units. last summer their daily load was 72 megawatts for hourly. that's a huge, huge amount of power. and as we know, if that goes down, that can be very, very bad. along the houston ship channel 52 miles long lies america's largest petrochemical complex valued at over $15 billion and growing quickly. and with the revolution, we have
1:19 pm
more and more oil coming into our region for refining. those are being exported now. nearly 7 million people live within 30 miles of the port of houston and houston ship channel. the bad actors know if they can take down our grid, have us lose control of some of these industrial processes, people will be harmed. and some people may even die. my question is for all three of you. we right now are working hard with the private sector, the government in houston to address these cyber issues. but we all know we have resources that are limited. we can't go crazy. we can't check on the prices. these things have to work. my question for all of you is how do we balance the proper way to achieve what we can best in cyber attacks while making sure we don't jack up prices. how can we balance these out?
1:20 pm
what's the key? miss evans, you're up first. >> the way to -- the way that we're approaching this, and that we're working with our partners at dhs is really doing risk modelling. and so it is really identifying what are those most critical assets that an industry has, and then in my case, what i'm trying to do is develop a set of tools so that the government as well as our industry partners can actually look at what is the best way, what is the highest risk, how do i protect that? what is the cost associated with reducing the risk in that particular asset? and so as we move forward with that, a lot of this is then how do you give them that information so that they can then use that in the marketplace going forward? >> that's the same model governor perry had in texas that
1:21 pm
made our grid secure when he was our governor. thank you. mr. dodge? your thoughts? >> thank you. thank you for the question. from ferks perspective, we have a system actively doing things, conducted classified briefings, identifying interest practices, sharing the best practices. in addition to that, ferka undertook a security investments conference a couple months ago where we brought in people from federal and state public utility commissions and also officials. the goal of that tech conference was to actually identify best practices, share the best practices among protecting infrastructure that's not only ferk's jurisdiction but others. look at ferk or the state should
1:22 pm
take additional action. i was remiss to mention that was a joint deo ferk led tech conference. we're actively working with ferk on that. we received comments back from the public on that tech conference. and we're process reviewing the comments and determining the next steps. >> thank you. the man from neil armstrong's university, mr. rob. >> go purdue. >> 50 years ago that man walked on the moon. >> i think one of the key things we're doing as rk is taking a risk based focus. all the standards applicable to which entities and which standards we audit. i think there's a clear recognition that one size fits all doesn't work in this area. in terms of striking that balance between economics and risk reduction, you have to make sure you're focusing on the most important risk and not leaving yourself exposed on the other side. >> thank you. i want to remind everybody the
1:23 pm
stars at night are big and bright. imperative to ensuring that hospitals can treat patients, first responders can do their jobs, and schools can educate our children. but all of this can be jeopardized if a foreign entity is successful with a cyber
1:24 pm
attack. we know our utilities are on the front line to ensuring our utilities are protected. while i'm pleased to see ferk taking steps to strengthen cyber security standards for our nation's electric system, i have questions about how we can act in a more transparent way. so mr. dodge, my first question is directed to you. could you please explain what happens at ferk, when it becomes aware of a utility noncompliance with cyber security regulations. >> there's a process. and it's in terms of compliance. ferk oversees the development, enforcement of the mandatory reliability standards.
1:25 pm
network and it's regional entities conduct periodic audits of the entities -- >> i'm asking when ferk becomes aware that a utility is noncompliant with security regulations. >> so that the process would take place, is either through an audit conducted by nerk or through a self report from a registered entity. the registered entity files a mitigation plan and mitigates the plan. nerk submits the vice along with a recommendation penalty to ferk for review. ferk staff reviews that and makes a decision whether to assess the penalty or not. >> and that ferk assessment, does ferk disclose to the public the utility that's in violation? >> so through the fast act that was passed a couple years ago, it gives us authority on the
1:26 pm
foya to identify ceii. it's critical energy infrastructure information. critical energy infrastructure information could be engineering, design, print, vulnerability information about specific electric system assets. ferk is a policy, looks at that information, and any of that information that could potentially be useful to someone who wants to impose harm on the electric system we do not divulge that information. so over the past 6 to 12 months, we received a number request, foyer request for cei related information, including the entities who have violated some of the sub standards. we review them in detail and determine which ones to release and which ones not to release. we're working through that. we have released the names of some entities where we did not believe it would be a threat to security of that entity. >> so how would you suggest that
1:27 pm
we keep our constituents informed of the level of risk to them from a cyber attack? if you not going to be transparent with the public, this is a balance for us. if our strents are at risk, we need to be able to inform them to the level of risk. the register entities are monitoring the compliance sub standards. as soon as they find a problem or through a self-report, or through an investigation, a routine audit, conducted by nerk or a registered entities, they work to mitigate that concern. and address that concern. we do go through the process and cei process and review the individual request and make the
1:28 pm
information available as appropriate. >> so if there's a bad actor, you would tell my constituents or anyone else in this country in this congress, tell the public we have had repeated concerns about compliance with this bad actor? >> so we actually review the information that's publicly available, or the information that's filed with ferk. we look at the information and what level of detail, technical details, any information. whether releasing h that information would identify any vulnerabilities or make available any information useful to someone who wants to impose mall intelligent or harm on the electric system. we do not release the names of the identities in that situation. >> i'm just trying to raise the balance of protecting our constituents, but my time is up. i appreciate your response. okay. thank you. >> thanks to the gentle lady. the chair recognizing my friend
1:29 pm
and the gentleman from west virginia who has the best mustache of anyone in all of congress. >> thank you, my friend. mr. chairman, i'd like to ask unanimous consent that this article with comments from mr. rob about the grid be submitted for the record. >> without objection, so ordered. >> last congress as you well know our committee held a number of hearings on the grid in reliability and resiliency, but it's not just the energy and commerce committee that's concerned about the grid and its reliability. we had a report that was produced by the national energy
1:30 pm
technology laboratory that said that without the use of coal, the eastern united states would have suffered widespread blackouts during the 2018 bomb cycle. think about that. iso said the most significant challenge they face is fuel security. and the coal and nuclear power plants are needed to maintain reliability. and lastly, secretary perry said in 2017 that the resiliency of the electric grid is threatened by the premature retirements of these fuel secure traditional base load sources. mr. rob, if i could puturn to y, last week you made profound comments, i believe, regarding
1:31 pm
the grids in texas and new england specifically. regarding texas. you said pardon my french. you said there's no way in hell they can keep the lights on, and yet, they do. regarding new england, you said the grid operators constantly are finding ways to pull another rabbit out of the hat to keep the lights on. any of us would look at that situation as engineers and say it's got to break. mr. rob, should congress be more concerned with this situation? >> so i'm not sure i used exactly all the colorful language that was reported in the article. >> it's in the press. whatever is in the press you know we believe it. >> i think the point around those -- and i threw a third market in there, california. i think all three of the markets are demonstrating the challenges associated with the transformation that's going on
1:32 pm
within the electric grid. in california it's around the deployment of solar and natural gas balancing the resources. texas has a contemporary problem of just the reserve margin which is one of the planning statistics we look at to assess whether or not there's enough resource to meet load, that's below levels that traditionally people would say are reliable. new england has a fuel security problem as noted there. i don't know that these are congressional issues as much as they are market issues, and state policies around resource development and deployment. and the point that i don't think got reported quite as clearly as i would have hoped is that what we're seeing in these areas are market operators innovating and finding ways to make the system work in ways that aren't consistent with traditional rules of thumb. >> thank you.
1:33 pm
>> and i think the key is for us to modernize our thinking. >> let me try to get a couple more questions in if i could go to my fellow colleague from west virginia. miss evans, and also mr. dodge. in your experiences, are fuels secure, base load power plants critical to maintaining grid reliability? both of you, please. >> so there's been a lot of work done in this area, and what you really to look on overall is -- >> it's a yes or no, isn't it? >> so what you -- >> i ask the question again. are fuels secure, coal and nuclear bois load power plants critical to maintaining imprid reliability. >> i'd like to get back to you in writing with the answer to that question. >> you what? >> i would like to get back to you with an answer on that question.
1:34 pm
>> okay. miss evans? >> i believe that the secretary has and the administration has expressed its commitment to multiple sources as it relates to the reliability and our commitment as it goes forward in our budget request also reflects our commitment to new sources such as nuclear. if you need a more detailed answer, i'm happy to take that question for the record and get back to you as well. >> thank you. i yield back my time. >> thank you, mr. chairman. especially for letting us know that arizona is a great state. since i came from illinois originally, it's also a great state. thank you. thank you, mr. chairman. ranking member for holding today's important hearing on ways to as a government ensure
1:35 pm
our electric cal grid remains protects and our agencies are fully empowered to defend against cyber threats. my state of arizona is one of the most diverse states in the country when it comes to electric generations and sources. it is essential the reliability of the grid is never interrupted. if cyber attacks continue to increase across multiple sectors, it's become clear the threats from information sharing collaboration and partnerships between government agencies in industry are necessary to achieve a full defensive cyber posture. assistant secretary evans, in your testimony you highlighted the cyber analytics tools and techniques, programs, as one of the several doe initiatives to promote cyber security defense with the energy sector who owns the critical infrastructure assets.
1:36 pm
what is doe doing to support threat information sharing analysis and timely. i repeat timely return of intelligence back to energy sector entities and is the energy information flow reciproc reciprocal? >> i appreciate the opportunity to talk about that specific initiative. we refer to it as cat. and the key to that is the timeliness of getting the information back. so i would like to share one particular piece that is happening on that project. one of the things that is important is getting the contributions of the information from private sector. i think what you've heard today is that there is a lot of information sharing that happens. what we have to do then is be able to put it into a big pool which our national labs have worked with us on that and keep enough information with it so that as they identify something across a big trend, that we can
1:37 pm
then take it back out of that pool and give actionable information either through the i-sack or directly to that entity. that's what the platform is doing through the multiple pilots in the research and development. we talked about chris. that's one of the contributions to that. and the whole key to that is to keep our portion of it declassified so it will end up being machine to machine in the long run by using the advances of technology. >> i have some other questions prepared. in general as i've listened today, i've heard the word whole of government mentioned. i've heard best management in practices mentioned. the shortage of obviously potentially the work force that's going to be needed. and then i took a look at your budget, the department of energy, and found that i don't know how you're going to get that all accomplished with that
1:38 pm
budget. i don't know -- i'm not going to leave you here today secure to be able to tell my constituents that we are in a position to fully defend the electrical grid at this moment in time. i would like to make sure i can eventually be able to see a timeline on these projects that you've mentioned today. the cost estimate on how much it's going to cost us within that time line, and within a more aggressive time line, because this is something that we continually -- is continually changing, as you know, but also continuing to be a threat to our country. i am concerned about the -- some of the more value tiering reporting structure that i heard about today. especially as we get down and down into having less personnel available, and that are at a level of competency to be able to address those needs on an ongoing basis, and we have newer
1:39 pm
and newer energy sources coming online with much smaller budgets and getting into the grid than some of the other major competitors that are out there. so in general, i think this is -- this has been a good enlightening process today. as far as enlightening me, it's been one that has left me with more questions than answers. especially in the integration of how that whole process is working in that timely fashion. so i want to thank you all for being here today, and i yield. >> ladies and gentlemen, the chair recognizes mr. griffin from virginia, the great state of virginia for five minutes. >> thank you. assistant secretary evans, you and i spoke last year discussing pipelines and some of the concerns that my constituents
1:40 pm
have, and i was going to ask you some questions on updating me on what you all were doing related to pipeline, cyber security, and coordination. you answered those questions earlier when ranking member upton was asking questions. i appreciated the answers. i'm going to skip the questions i would have asked because i don't believe in asking the same question over again just so it gets on my video clip. if anybody back home is watching this, i encourage them to look at your answers and mr. dodge's answers to ranking member upton in regard to the coordination you're doing, and it sounds like although it was classified, it sounds like you all are headed in the right e direction. are you doing the same kind of coordination on physical threats to the pipelines as well? >> the short answer is yes, sir, and that then is also then demonstrated through the exercises and that information is also shared through the esec
1:41 pm
meetings we have when the government partners are there and talking about the physical threats that happen to the pipelines with the voluntary reports and the fbi is there, and that has been highlighted from our industry partners to the fbi. >> all right. mr. dodge, did you want to add anything in regard to the physical threats? we talked about the cyber. >> i would only add that in terms of the pipeline, they work with doe to conduct a security briefing threats. in addition, they're actively involved with the om g sec as well. >> because there are continuing concerns, i think the questions just asked are also important in some of the questions we'll continue to look at at this committee, and if you need our help passing legislation or something, we want to make sure that we have as much safety as we can. i appreciate that. assistant secretary evans, tsa has developed voluntary
1:42 pm
guidelines according to reports, they have only a hand full of people working on cyber security for pipelines. do the tsa staffing and resource constraints concern you? and this is a lob in hopes that maybe i think maybe doe ought to take the lead. >> so as you know through the oil and natural gas sec as well as the government, we, the government coordinating council, we work jointly with department of homeland security and tsa, and so our resources, we use to leverage the tsa resources because we recognize as a government that we need to address this vulnerability. >> and i appreciate that, but am i correct, and i may not be, but am i correct that doe is actually putting more capacity and his more folks working on this than tsa? >> i would not presume to answer a tsa staffing issue, sir, at this time.
1:43 pm
because i know that that's an internal discussion to dhs, and it's more appropriate for that question to go to dhs at this time. . >> maybe you can encourage them to talk to us about this as well. i appreciate it. would you describe the energy government coordinating council and doe's role in that counsel? >> we're the co-chair of the government coordinating counsel with department of homeland security. we help craft the agenda. going forward we work with dhs and our government partners. a good example of that work, we just recently did a top secret sci briefing for the interstate natural gas association of america. so keeping with the pipeline theme. so we could really share with them and coordinate through the intelligence community what risks they are facing and that was to the executive board of that association. >> and i don't even remember who it was.
1:44 pm
they didn't reveal any secrets but they felt that was a useful -- somebody reported they felt that was a useful -- a good use of their time and a useful meeting. in this space should doe have the lead role to ensure the safe flow of energy across the u.s.? >> i believe sir right now we do have that role as it gets to the sector specific responsibilities that we have that are outlined both in the fast act and the presidential directives. >> well, and as i've revealed my prejudices in this regard, i do think that doe is probably where -- i think doe should probably be in the leadership role in coordinating repairedness and cyber security efforts on all aspects of our pap lines -- pipelines. you can't talk about staffing, but would you disagree with me on that? >> i believe we have unique expertise, and as the sector specific agency, we use it
1:45 pm
across the sector. >> i appreciate it very much. thank you mr. chairman. i yield back. >> the gentleman yields back. the chair now recognizes tgentl lady from washington. >> thank you, mr. chairman. i appreciate the witnesses being here today to share your perspective on this important topic. assistant secretary evans, i understand that one of the most exciting projects is looking at how software define networking, sdn technology developed by engineering laboratories in washington in partnership with the pacific northwest national laboratory next door in the tricities can be used to help secure the energy infrastructure at critical national security facilities. can you share more about this project with the committee and tell us how it is going? >> so that is a promising
1:46 pm
project that we are funding, and we -- this particular project is -- it's called suds. everything has an ak kro anymore. it's the strategic engagement between the department of defense and department of energy. it includes the veteran's administration as well as the coast guard, and what it is really looking at is a different way to manage the network and network trafficking, and so that's the idea behind software defined networks. it's divorcing it from static types of architecture to make it more dynamic so you can then address on an ongoing basis, the threats, and doing analytics, and then adjusting your configurations as it goes forward. right now there is a successful implementation happening in virginia, and pnll is continuing to work to roll this out with our partners. i believe the next place is
1:47 pm
nevada. as that information comes in, we're using that to invest in other efforts across the national labs so we can add that into the overall solution brought up earlier. >> it is crucial that information about vulnerabilities such as cyber attacks is shared between government entities and electric grid asset owners. i believe the creation of caesar was an important step, and i applaud the department's commitment to engaging the public/private critical infrastructure community. but there's more work to be done, especially regarding engagement with critical infrastructure equipment manufacturers. again, to assistant secretary evans, what steps has your office taken to include not just asset owners but also vendors such as the designers and manufacturers of critical infrastructure equipment like sel in my district? >> well, the initial piece several of this is done through our research and development programs we have that we fund
1:48 pm
where we are requesting that manufacturers and folks that produce hardware that are in the grid participate. there were 11 projects that were recently funded that are looking at firmware down to the level of how these things are done, and then being able to say okay, that's a more secure product. we've demonstrated that, and now we're going to go ahead and implement that and show that information. those are some of the short-term things. the longer-term things are like our side tricks program, looking at bigger types of manufacturing activities. and being able to share that information out. and the longer term play that we have is the advanced manufacturing institute. that's really going to look at how can we improve this in the long run on an ongoing basis to address that manufacturing up front and be able to share that information and then be able to take advantage of the innovation that we have. >> thank you. there's a growing concern about
1:49 pm
the presence of certain foreign manufactured components in various aspects of our 21st century infrastructure. whether in communications, telecommunications or electric grid. for the panel, what potential risk does the growing dependence on foreign manufactured components in our energy supply chain and how do we mitigate such potential risks while recognizing that it would be impossible to completely phase out all foreign-made equipment? >> approximately two years ago we directed nerk to address a standard. they filed it and we approved it. addresses somes a pelkts of supply chain risk. we asked them to do additional work in this area and to look at the supply chain risk with physical access control systems as well as look at the potential
1:50 pm
supply chain risk for low risk or low impact cyber security asse assets. they conducted a report on that, and they're in the process of information on that. >> so andy is right. where this is an ongoing exploration of a very complicated topic. our next step is we'll be issuing later in august what we call a 1600 data request, which will go out to all the utilities in the nerc registry and collect more information on what suppliers and equipment is out there. we'll have a better sense of the extent of condition, which will form what the next steps might be in order to mitigate whatever other steps might be out there. >> i look forward to seeing more of that. thank you and i yield back my time. >> the gentlewoman yields back. the chair now recognizes grant,
1:51 pm
co-sponsor of hr-362. mr. waller of michigan -- great state of michigan. upper michigan, not lower. >> lower michigan. thank you mr. chairman. having been born and raised a part of my life in your district as well. i appreciate serving with you and also drawing attention to the fact that we were successful in getting $3 million amendment for cesar past the house. and that's the first step. secretary evans and the rest of the panel thank you for being here. as i'm sure you know, chairman rush and i, as he just mentioned, have hr-362, the energy emergency leadership act which would codify the functions assigned to your office as permanent assistant secretary. can you briefly address for us
1:52 pm
today how you think such an authorization could improve cesar's ability to carry out its important mission in the long term? >> i think it -- first, i appreciate the leadership that you're showing with that and the commitment to the office and the administration. what it will do is ensure the ongoing establishment of the office. it'll ensure continuity as it goes forward. that has already been done with the line item in the budget, that helps. so this would be the conclusion to solidify what this assistant secretary position is intended to do to realize what you had envisioned with the fast act of 2015 as well. >> appreciate that. secretary evans. due to the fast evolving nature of cyber security risks, security cannot be achieved
1:53 pm
through standards alone, it depends on constant awareness and information sharing between utilities and the government and coordination among the government's efforts. as you know, the fast act that you mentioned codified d.o.e. as specter specific agency for cybersecurity for the energy sector. this provision requires d.o.e. to coordinate with the department of homeland security and other relevant federal agencies. can you provide an evaluation of how your office and d.o.e. have coordinated with other agencies? >> we take our responsibility very seriously as the specter specific agency. and we lead those efforts in conjunction with the department of homeland security. the department of homeland overall has responsibility for all of the sectors. we're just one of those sectors. we view that critical to that effort. we work in multiple ways jointly
1:54 pm
with the whole of government. i know everybody is talking about the whole of government approach but that truly is the way we need to do this. we are one piece of the puzzle and it has to be looked at across the board both within the intelligence community as well as the department of defense, department of transportation, all of this is interconnected and we do lead that as the energy specific agency. and it does work well. and so, there is -- there are examples upon examples of where we can show it's working well and it's being mobilized right now as we are watching the hurricanes approach. so i do believe that us, as the lead, as the sector specific agency, we are committed to doing that and our partnership with our fellow agencies, it does work well. >> the -- thank you. the fast act also amended the federal power act by introducing new tool of grid scale emergency
1:55 pm
declarations that can be provided by the president if the executive branch were to ask or order a utility to take or not take certain actions with regard to the intrusion or vulnerability. there are concerns that they may act contrary. has caesar or the department considered the possibility and in such circumstances that are not grid scale emergencies are you aware of these concerns over this type of incentive structure creating ambiguity or strain? >> so that is one thing that we are working in partnership with our industry partners, as well as state and local governments. should the president declare a grid emergency, looking at the way department of homeland security through the national risk management center identifying work, also through our office with the north
1:56 pm
american resiliency model you can see what kind of risks there would be based on the way the infrastructure is set up. we are working in conjunction with them to be able to highlight these issues through a policy process in the administration to make the determination should additional legislation or liability protections are needed, if and when that happens. >> mr. dodge, if i could, has ferc looked at this issue as well? >> thank you. i yield back. >> the gentleman yields back. the chair now recognizes mr. jocelyn for five minutes. >> thank you, mr. chairman. thanks to our panel for being
1:57 pm
with us today. miss evans, because doe is the sector specific agency for cyber security for the energy sector, the work your office does is so very important and that importance will continue to increase as our dependency on technology grows. last time you testified we discussed d.o.e.'s role in the trisector working group, which as i understand it was organized to help us better identify and ideally safeguard some of the interdependencies of the critical functions of the groups, our electricity, financial sector and telecom industries. last time we talked this was just beginning and discussions were under way on how best to direct that work. can you please provide an update on how the conversations have been going and if this work is helping to better safe guard these critical industries?
1:58 pm
>> i'm happy to provide the update. the work is continuing. there is an industry side of this, the industry group has identified and fed into the process that dhs released the national critical functions that work of the trisector group, the government side and the industry side fed into what are those national risk indicators. based on that, now the groups are going down, both on the government side as well as the industry side, looking at those interdependencies, and then in essence it is a risk register and looking at those interdependencies between those three sectors and what can we do to mitigate the risk as we go forward. so the work is continuing. it is getting to a more granular level. but that is to be expected so that we can then inform how are we going to then deal with it as we go forward.
1:59 pm
>> i'm an i.t. guy in my profession before i came to serve here in congress. how can congress be helpful with this work moving forward? >> what i believe is going to happen, and this is what with we're going to have to look at going forward is, as you see these interdependencies, especially as it relates to technology, we've covered some of the issues going forward, there probably will be help, there will be things that we'll need to discuss with you that could say maybe the legal framework in order to share the information needs to be more robust. that is a path we're exploring. we're looking at it from the government side. i know the industry side is looking at it as well. >> switching gears to the entire panel, looking at strengthening our workforce. i spent 26 1/2 years in the air force doing large scale i.t.
2:00 pm
projects, many of them very secure programs. lots of experience and skills among our military veterans getting out. what are you doing and i'll give each panelist an opportunity to comment on this, what are you doing to incorporate individuals such as veterans in your hiring initiatives. miss evans, do you want to go first? >> as you said, sir, they have a series of skills that are readily transferrable. we do do -- we're doing targeted recruiting as we're going forward. we do partner with dod. there are a series of programs that are out there that some of them have already been mentioned today. that allow for that transference to go back and forth. and so, there are programs that the nonprofit sectors are also looking at so that military
2:01 pm
personnel know how their skills translate into civilian sector as well. i think a lot of times what i've seen in my experience is they don't necessarily know that it translates into this particular job. >> it's been that way since 1999 when i retired. the information -- the amount of information going to our veterans and letting them know where their services might be useful has not gotten better. i hear you. mr. dodge? >> sure. thank you for the question. we received a similar question earlier today, and we responded to that. i'm not an expert in the federal government, human resource policies. i can tell you that we have recently hired several recent veterans into our organization. >> mr. robb, quickly? >> kind of a similar answer as andy. i would say this transcends cyber. we found military veterans to be a great fit for our mission in a number of areas.
2:02 pm
i would guess -- i won't give you a number, but a material part of our workforce are ex-military. >> mr. chairman i yield back. >> the gentleman yields back. the chair now recognizes the gentleman from texas for five minutes. >> thank you, chairman rush, appreciate you holding this hearing and the witnesses that have taken the time to come before the subcommittee. it's clear that electrify indication of our world has brought many benefits, but we also face the risk of foreign actors that would like to disrupt that. they understand that it's a benefit and know how disruptive that it would be if they could cause any sort of havoc in that. advancements in best practices would be useful in helping that risk and we should continue to partner to ensure our defenses are strong. my question today, and anybody
2:03 pm
on the panel can answer it, i think that it was referenced in testimony from ms. evans in particular that the assessment released earlier this year by the office of national intelligence details the capability of russia and china to cause massive disruptions to our energy systems. i was wondering if you could expand more on what a disruption to a distribution network or gas pipeline would mean for those citizens and companies impacted? can anybody touch on that? >> could you repeat the last portion of your question? >> yes. just expanding on a little more on what a disruption to an electrical distribution network or natural gas pipeline would mean for citizens and those companies that would be impacted by that disruption. >> sure. thanks for the question. we have not had a disruption up to this point, i want to point that out and make that very clear.
2:04 pm
we've actually improved the cyber security reporting standards to actually report attempts as well as actual events. so from an actual customer perspective it could be an interruption whether it's an electric distribution system or natural gas system and it could be a disruption for some period of time. the period of time could vary quite a bit and they'll really have additional insight to your question other than that. >> anyone else have any thoughts? >> i would just make the observation that one of the key tenants of the nerc and ferc reliability regime is that if an incident occurs it quickly gets contained so it doesn't cascade beyond kind of a local boundary to allow the various parties that would be required to do restoration are working on a small problem rather than a large one. the one thing i would say, the
2:05 pm
highest likelihood in that area is an electrical disruption would be contained to a fairly specific area and in the cascade. the other point i would make, probably a better comment from the gas industry, a disruption of the natural gas system is complicated from a safety perspective because of the nature of the fuel. >> right. exactly. secretary evans, you talked in your testimony about d.o.e.'s role on the national security council and mentioned the unclassified threat briefings that d.o.e. provide to partners that go with the classified threat briefings to members of the cleared sector. can you talk about the importance of working with industry to head off threats and the importance of the doe interactions with information sharing and analysis centers? >> i'm happy to discuss that. we do try to get the information declassified to the greatest extent possible so that it can
2:06 pm
be distributed through the information sharing and analysis centers that you mentioned. we hold regular meetings with those folks who manage that, the technical teams that manage it, they come. those are handled at classified levels so they can understand the context around the threat. but we also then work across with the energy sector and the associations and through the sector -- the sector coordinating councils to do both classified and unclassified briefings. so that they can -- the more you can say in a classified environment is great but you want to be able to give them information that's actionable so they can go back and talk to their entire company and what kind of actions they can take and what kind of risks they're posing. so we work at multiple levels to make sure we get the best information in the hands of those who can turn it into actionable information for their
2:07 pm
constituents. >> thank you very much, i yield back. >> the gentleman yields back and that concludes the witness question. i want to thank all the witnesses for your participation in today's hearing. pursuant to committee rules, they have ten business days to submit additional questions for the record to be answered by the witnesses who have appeared. and i'll ask each witness to respond properly to any such questions that you may receive. the chair now requests unanimous consent to enter into the record the following documents. a letter from the western governor's association. a letter from protect our power.
2:08 pm
and a letter from the r-street institute. without objection so ordered. and the subcommittee now stands adjourned.
2:09 pm
2:10 pm
2:11 pm
2:12 pm
here is a look at our primetime schedule on the c-span networks. at 8:00 p.m. eastern on c-span, the house modernization of congress committee holds a hearing on developing future political leaders. at 7:30 eastern on c-span2, former defense secretary jim
2:13 pm
matz about his book "call sign chaos." and at 8:00 p.m. on c-span3, american history tv, with programs commemorating the 400th anniversary of the first africans arriving in virginia. watch c-span's campaign 2020 coverage of the democratic presidential candidates at the convention. our live coverage is saturday at 9:00 a.m. eastern on c-span, online at or listen with the free c-span radio app. old glory coming our way. a better place right here in sheraton, wyoming. >> you see the culture is mostly -- it is western-based. we got more horses than people in wyoming. firmly convinced of that.
2:14 pm
>> the c-span cities tour is traveling the country as we explore the american story. this weekend, we take you to sheridan, wyoming, located along the big horn mountains, the city of about 17,000 is known for its cowboy culture and open ranges. with the help of our spectrum cable partners, this saturday at noon on book tv, a look at sheridan and the state through its local authors. >> no state in the union, 100,000 square miles, 75,000 people, a single driver economy, no ocean, no major city. we are utterly singular when it comes to state narratives. >> on sunday at 2:00 p.m., we'll explore the history of sheridan and the surrounding area on american history tv. >> the landscape is our artifact. so when people come in, you really see them start to absorb how crucial the artifact that we preserve in wyoming, our
2:15 pm
landscape, how that has shaped westward expansion. >> watch c-span's cities tour of sheridan, wyoming, this saturday at noon eastern on c-span2's book tv and this sunday at 2:00 p.m. eastern on c-span3's american history tv. this weekend on american history tv, saturday at 8:00 p.m. eastern on lectures in history, the california gold rush and the environment. at 10:00 on reel america, the 1977 film on italian newspaper journalist marino demenici. sunday, scholars on the history of u.s. policy towards iran and iran's nuclear program. and at 6:00, historian dan albert talks about his book "are we there yet: the american automobile, past, present and driverless." explore our nation's past, on
2:16 pm
american history tv, every weekend on c-span3. up next, a discussion on diversity and free speech on college and university campuses. among the speakers, berkeley law professor john yoo, who served as the deputy assistant u.s. attorney general during the george w. bush administration, and author and political commentator steve hayward. the pacific research institute in san francisco is the host of this forum. it is about an hour. >> professor john yoo will be introduced in a second. i want to set the scene for our event today. they're going to be talking to us, the audience, about the administrative bloat in running universities, the deepening ideological skew of factle fac university enrollment is already starting to decline because of


info Stream Only

Uploaded by TV Archive on