Unfolds daily. In 1979, cspan was created as a Public Service by americas Cable Television companies and is brought to you today by your cable or satellite provider. Executives from electric utilities testified on capitol hill recently about Cyber Security and threats to the nations electric grid. Good morning, everyone. The committee will come to order. Over the years, we have conducted a number of hearings designed to examine the vulnerabilities of our nations electric grid system. This congress we held hearings focused on cybersecurity, electromagnetic pulse at both the full and subcommittee levels. We will add to that by looking at advanced and emerging cyber technologies developed in our National Labs and private sectors. These are technological improvements and sometimes breakthroughs that could be used to protect the grid as well as other future sectors from future cyber attacks. I have mentioned outside the committee around the country, sometimes we get the sense that folks believe in this Immaculate Conception theory of energy, that it just happens. We all recognize, i think, there is a lot more to this than that. A related question is what happens what happens when the lights dont turn on . When you flip that switch and just expect it to happen and then theyre not there . What happens when electricity is out for an extended period of time . Were certainly seeing that in puerto rico right now, the u. S. Virgin islands, the real world impact of extended power outage. Just as we can harden our infrastructure to protect it from natural disasters, we must look to ways to constantly evolve from cyber intrusions as well. Seems like everyday now we hear about an attempted hack or actual breach that has taken place and the list is long and getting longer. Opm, ukraines power grid, wanna cry ransom wear, home depot, targety the list keeps growing and growing. Just last friday the Homeland Security issued a threat to Energy Systems. In this midst of all this we have to continually look for ways to mitigate or diminish our vulnerabilities, whether application of quantum encryption, Artificial Intelligence or moving control of grid infrastructure off the public internet the witnesses we have today will help provide our committee with insights how we can protect our National Energy infrastructure now and into the future. I mentioned quantum encryption. Id like to note a recent article about the advances china has made on this topic. Earlier this year china announced a satellite and ground station 745 miles apart had communicated through quantum particles. Last month, a Video Conference between china and austria, this is a distance about 4600 miles, was held via chinas quantum satellite. Theyve established a 1200 mile quantum link between shanghai and beijing and announced they will build a 10 billion Quantum Research facility. According to that article, some scientists believe with the amount of resources that china is putting into the field, a quantum computer may be built within a decade or less. Whether or not these claims are accurate remains to be seen. It is Clear Circuit research is under way Significant Research is under way in the cyber realm. I look forward to the efforts you have been involved with to combat and deal with this threat particularly to keep our Energy Electric grid reliable. I want to thank you, senator kemp, because you have been dogged and persistent when it comes to the issue of Cyber Threats particularly as they relate to the energy grid. Thank you. Thanks for scheduling this important hearing so we can continue the discussions of what technologies to protect our electronic grid and cyber attacks. I want to say at the outset i spent much of this summer working on this issue as well and spent a great deal of time at our National Labs with secretary perry, focusing on some of our cybersecurity collusions. I hope he understands the pressing need here and budget proposed by the administration. Its very important we continue to have the resources as a nation to fight and protect key Energy Infrastructure. I am dismayed that instead of focusing on Cyber Security as one of the key issues of resiliency he is instead trying to get a command economy approach with ferc by trying to change marketbased rate prices for consumers and instead try to push a rule that would drive coal into the marketplace and raise rates on consumers. I think ferc operates best when it operates on market rules. I am requesting, madam chair in light of yesterday or two days ago amazing news about the huge increase in park fees we would have a hearing on this in the future. Many of my constituents woke up to literally shock over the fact that these exorbitant rates would be charged in our park system. I hope we can have some input on this and show that our constituents are extremely concerned about it. For us in the northwest, our Outdoor Economy is a big juggernaut. I know it is in your state as well. Anyway, thank you for having this hearing and thank you to the witnesses for being here, its such a critical issue and getting your input is very important. Id like to especially welcome mr. Carl inhofe arguing on behalf of the northwest lab. Thank you for hosting us and the secretary earlier this year and for all the impressive work that you do. Cybersecurity is the one issue that keeps me up at night worrying about how foreign entities and actors might attack us in the next provocation of National International effort. We used to think of it as a plane that might fly into airspace or sub that might Cross International waters. Now, what we have to worry about is provocations from actual grid attacks. If we dont make necessary investments to prevent and defend against these impacts our enemies can succeed in widespread blackouts or devastating economy or threatening to bring millions of americans to the point without power being in great disarray. As i referenced earlier, the Trump Administration proposed budget cuts that the cyber put us at risk. I sent letters and spent a lot of time this summer hoping they would see the impacts here to our budget and what they would do. Since our committees last cybersecurity hearing when we discussed the ukraine outages of 2015 and 2016. We have witnessed numerous large scale cyberattacks as the risks continue to grow. In july the Washington Post reported the hackers were into the systems. In september, revealed the hackers accessed the personal information of 143 mn americans through the data breach of equifiscal. Just this week, the department of Homeland Security issued a equifax. And just this week they referenced the july incidents i just mentioned. With each day with Cyber Threats to the grid and multiple efforts under way its important to combat effectively our security risks through innovation we need to take action. The good news is our National Labs are ready to play a key role in bolstering our cybersecurity and do so in close collaboration with the cyber sector. The firewall blocks 24 million suspected internet communications, 25,000 confirmed cyber attacks. Thats what they do each day. I have no doubt they know how to protect our country and important missions. Our Witnesses Today will demonstrate the breakthroughs that result from these productive Public Private partnerships and why they need to continue. In that vein im calling on increase in collaboration of government, militaries and academia. I know we are going to, in our state, try to continue the discussion at the university of washington, in a symposium on increasing cybersecurity workforce, although on the Commerce Committee attended some of the hearings they had and we know from our doe Energy Review this is what the secretary said we need to do, to build the Cyber Workforce for tomorrow. Hopefully it will bring the expertise and experience and all aspects we face. Its clear to me Cyber Solutions require us to leverage world class expertise of our labs and private sector and all of us working together. Thats why i hope secretary perry and the president will reverse their harmful 32 cut to the Cybersecurity Budget hopefully without delay and help us make the investments we need for the future. Thank you. You, senator cantwell and know i join you in your concern with the recent announcement from park service about the fees. That is something we will look to. I welcome each of you to the committee this morning. Thank you for giving us your time. I will introduce each of you, give you an opportunity to present approximately five minutes or so, know your full statement will be included as part of the record and when each of you have presented, we will start asking questions. Carl inhofe j from the northwest laboratory. Welcome. Dr. Raines from the Oakridge National laboratory and we have another national lab expert with us this morning. Mr. Zachary tudor, from the national Homeland Security at idaho National Laboratory. Dr. Dunkin earl is with us, president and chief Technology Officer for quibetech incorporated and the last member of the panel is dr. Daniel rydell the new ceo of Contact Services inc. Delight to have each of you. Mr. Inhofe, if you would please lead off. Thank you, chairman murkowski, Ranking Member thank you, chairman murkowski, Ranking Member cantwell and members of the committee. My name is carl inhofe, i lead the research at Washington State. For more than two decades pnl supported resilience for utilities across the nation. I also chair the laboratory consortium, a team of four National Laboratories including oakridge that supports the initiative along with 100 partners from academia and industry. I would like to offer two points for the Cyber Resilience of the nations cyber system. Point one, sharing with doe has significantly improved our National Grid cyber readiness. We must continue to advance in scope, speed, industry inclusion for full Situational Awareness of operational control systems as well as utility enterprise networks. Two, it offers important opportunities for defensive tools for the challenges and grid edge as well as core Grid Operations and in this area ill offer three examples. Looking first at improving grid cyber Situational Awareness, doe developed and deployed, first for doe assets across the u. S. In early 2000s, it was successfully tested and transitioned over the past three years. With industry investing in infrastructure and doe funding the evaluation this program gets Cyber Threats and shares that with over 70 of the utilities in the United States. It expands coverage and speed and accuracy and affordability in awareness tools. Going for doe is expanding it and other independent utilities. Cyber risks spanning the it and ot elements. Requiring significant sense of the environment. Pml is applying it leveraging science of High Performance computing and statistics and reemerging field of deep learning referring to dedededede advances in artificial concepts in the 90s delivered on profoundly improved high these control system anomalies resulting in better faster Automated Systems and exchanges. The nation must also develop resilient paradigms for networks, open data and system controls. Networks are important because the emerging grid is substantially more dependent today than 10 years ago. Pml recently teamed with Washington State using a product for a new software called defined networks and Communication Networks through software commands and provide an additional defense layer for the grid. The concepts are important for ecommerce and Utility Market constructs. The challenge is how to protect data in open environments. One is block chain, the Technology Bitcoin uses for secure transactions. Distributive Power Generation and Energy Storage systems and transsacktive energy. A 30 Technology Innovation is adaptive control systems that adjust to realtime based on conditions. It provides a more level cyber Playing Field by adjusting on the fly to confuse and obfuscate as they attack a system. It is absolutely essential but not sufficient to deliver National Cyber readiness posture. Small midatlantic size grid operators must implement fundamental best practices applications and utilities must have new evaluation tools and data to evaluate Cyber Technology investments and deliver these improved technology aspects. In conclusion the sharing efforts have significantly advanced, cyber Situational Awareness. The next challenge is to integrate controlled system, Situational Awareness to achieve full awareness across it and ot systems and in parallel leverage High Performance computing to new control theory to develop inherently Resilient Systems and systems designed for network, data and controlled systems. Thank you. Thank you for the opportunity to appear before this distinguished panel. Im dr. Rick raines at the department of Oakridge National laboratory. I previously served as director of cybersecurity at analytics and followed by military and federal Service Career where i founded and directed the air force Cyberspace Technical Center of excellence at the institute of technology. The department of energys National Laboratory system has a long history of providing solutions to the nations hardest problems. Our structure and operations encourage partnerships with industry and others for challenges. Cybersecurity of our critical Energy Infrastructure is a National Challenge. Today i want to talk about the electrical grid and Technology Break through to harden the defenses as youre well aware our electrical grid is a Vital National asset and system becoming increasingly vulnerable to cyber intrusions due in large part to connectivity with the public internet. Operational risks have increased. Energy sector devices and systems are experiencing an increased exposure to savvy and nefarious cyber actors. As a result, were in a highly dynamic cycle of developing cybersecurity measures and capabilities to address these rapidly emerging threats. Our challenge is to produce solutions to better protect Energy Sector communications and controls while continuing to make the grid smarter and better able to recover when problems do arise including the devastating effects of hurricanes harvey, irma and maria. Scientists are engaged in research to defend and monitorize the grid including monitoring and sensing of the grid state and new technologies to better control and utilize distributive Power Resources such as Community Micro grids. We have cyber technologies that can detect intrusions like Malicious Software code and direct threats and realtime Cyber Awareness tools in communication traffic. Among our cyber communication work is a cyber called dark net that shields the nations from hostile cyber intrusions while maintaining stateoftheart. Dark net is a way to get communications and control of the electric grid off the public internet. Moving these functions into a private system could be accomplished using existing and underutilized optical fiber, commonly known as dark fiber. Its estimated over 100,000 miles of optical fiber exists within the u. S. Bundling with multiple fibers, communication techniques can easily increase this capacity tenfold. Id like to be clear that dark net is not just about moving the grids command off the public internet or unused fiber we have but its about a whole tool kit of capabilities to make it harder for an adversary to exploit our systems. Working with our private and Public Partners we envision dark net as being a Technical Assistance solution supporting all elements of the electric enterprise and supply chain. Our goal is to develop methods so attacks are automatically detected, isolated and defended achieving a selfaware selfhealing network. We believe the dark net project can provide costeffective collusions to include the use of new dark fiber and Cyber Technology and a Living Laboratory where we test Computer Technology and in conclusion oak ridge National Laboratory and the other eod National Labs stand ready to work with public and private partners to develop and employ Innovative Solutions to protect the nations grid. Thank you again for this opportunity to provide this briefing. I welcome your questions. Mr. Tudor, welcome. I know that senator rish wanted to make a comment before you spoke. Thank you. Welcome to the committee. Ive gotten to know mr. Tudor in his capacity as associate lab direct at the National Laboratory. He is responsible for the labs national and Homeland Security mission. And that includes Nuclear NonproliferationCritical Infrastructure protection, obviously very important to this hearing in Defense Systems missions. He has incredibly impressive res may, which im not going to go into here. But hes the right man for the job, and hes the right person for this hearing. So welcome, zack. Thank you, senator. Mr. Tudor. Thank you for holding this hearing and inviting us. I appreciate the opportunity to address this committee and express my utmost respect for your leadership and continued interest in this topic. I also want to acknowledge my partners and peers who share the vision of innovation in areas such as Situational Awareness, modeling and visual simulation and visualization. In the u. S. High profile illustrate why regulators are concerned in increasing burdens due to more frequent and consistent cyber events. Industry must have the skills not only to protect but to respond when there is an impact. It requires the National Laboratories capabilities. Inl enables research and development of Cyber Security solutions to understand and manage the multifaceted between the grid and other infrastructure, protect andround and develop top tier defenders. As part of our National Leadership role in addressing this National Challenge inl advocates that an effective grid is achieved not only with advanced technology but also requires innovative engineering approaches in a deep pool of top tiered cyber defenders. Such the development and processing of departments and priorities of the cyber core center. This initiative is designed to create and align technical pexper tease and Collaborative Partnerships to make sustainable solutions. In response for your request for inls participation, i submit written testimony. For gravity i will quickly summarize four examples. In collaboration with the partners of the California Energy systems for the 21st century, an innovative concept for machine to machine automative threat concepts being developed, utilities and not only california utilities will have access to threat and prioritization capabilities that will reduce the time from discovery and response from illicit behavior. The inl will enable systems to more easily design, implement and monitor Cyber Security networks. The goal is to automate, identify threats on Network Traffic with very high accuracy. These two advanced Technology Examples the next examples emphasize an engineering approach and Work Force Strategy for grid protection. Recognizing that just chasing vulnerabilities has not been sufficient our consequence driven cyber informed engineering is a transformational process that fully leverages organizations deep Engineering Technologies and understanding of their own situation. I thank the committee for allowing us to share our examples and opportunity to protect the grid infrastructure and i welcome your questions. Thank you, mr. Tudor. Dr. Earl, welcome. Good morning. Members of the committee, i am dr. Duncan earl. Thank you for inviting me to appear before you today in discussing the vital Role Technology can play in protecting our electrical grid. This is a testament to the hard work of the men and women who maintain the grid as well as the many Smart Devices that we depend onto monitor and control it. However, the grid has never faced a threat of the type and severity as it is experiencing today. Over 70,000 power substations throughout our country depend and rely on Smart Devices to maintain the delicate balance between the Energy Generation and energy demand. Effective coordination between these devices is only possible when they share data that is accurate and uncompromised. Unfortunately as weave seen in other countries the ability of hackers to infiltrate Grid Networks and corrupt these communications is real and growing. To prevent a devastating attack on our own nations electrical grid we must implement the best if you ask utilities today at this very moment are these Communication Channels secure, many will admit they do not know. A new technology, kwaptm technology can allow them to answer yes. Quantum Technology Enables communications that cannot be intercepted or altered. Any attempt to do so can be immediately detected and deported. This new solution is rooted in physics and uses hardware to use a new channel that is secured, today, tomorrow and a thousand years from now. It develops secret keys that cannot be cracked. The keys are transmitted as light through optical fibers to devices in the field. Articles existing in parallel universes can sound like Science Fiction its application to Grid Security is real and nearterm. At cuba tech with funding from Cyber Security delivery Energy Systems or seds program, were conducting preliminary tests with utilities in california and tennessee. In 2018 and 2019 larger Pilot Testing was in substations as planned. We are also working closely with your industry and National Laboratory partners to develop protocols that allow Traditional Communications systems to integrate with these new quantum systems. To speed the adoption of this new technology, though, will require government action. With Government Support a nationwide Quantum Protected Network between our substations can be built, creating an impenetrable shield around our grids communications channels. With increased funding to existing deal programs, cyber enhanced Security Solutions can be developed to protect every substation in our country. Ultimately as occurred with the internet early Government Investment and Communication Infrastructure and equipment will be needed. Finally senators, let me suggest the most important reason yet why we must embrace and pursue Quantum Technology, and ill echo what senator murkowski said. China has already developed and installed the foundations for a nationwide Quantum Network that leverages both optic and sal lite communications. Last month they demonstrated the first ever quantum call between china and the european union. Earlier this month they promoted 10 billion to the technology in eastern china. Although most was developed here in the United States our hesitation in its implementation has left us far behind in the quantum race. Quantum networks are just the beginning of the quantum revolution. Quantum technology will revolutionize cybersecurity, computers, chemistry, medicine and ultimately the world economy. It will not only strengthen americas security but will also create sustainable first market for Quantum Technology here in the u. S. It represents a significant step towards challenging and eventually overtaking our counter parts in asia and the european union. With that i look forward to your questions on this technology. Thank you, dr. Earl. Mr. Riddell. Its an honor and privilege to testify. It was founded in 2013 with the vision of keeping the connected world safe. Our mission is to use security to its working with edison, pacific gas and electric and San Diego Gas and electric in partnership with orens national lab and liberal national lab. That work has resulted in our involvement in the standards that are becoming the default for governmental agencies, enterprises and information sharing communications to distribute threat intelligence. It also offers Engineering Services to many industrial and financial services. There are five services i will discussing today. Identity, trusted data, attributed isolated networks, Threat Detection and sharing, and automated response mediation. 20 billion automated devices we have to ensure the identity of the operator and the Operational History of that device. The best format for sharing threat intel. Sticks is just the first step. Several information sharing organizations have begun, but we still heavily rely on human analysts. If there were a coordinated attack on the grid, those analysts would not be able to respond. Discovering and sharing threats of machine is a huge step in the right direction. But the logical next step is an automated response. The first hurdle is trust by third party. We will need to ensure there is trust in remediation. Then our utilities, National Labs and agencies can distribute the remediation to the energy grid. These remediations can be deployed allowing them to rapidly respond to attacks. In summary, automated response from mediation are technologies to focus on for advanced cyber defense. The battlefield continues to change. Our adversaries are formidable. This is a hid den tax on the economy. Investing in these technologies will lower the cost to defend our infrastructure and raise the cost to attack our infrastructure. This will allow more innovation to our industry and build the appropriate framework to build these devices. Thank you for the opportunity to testify. I look forward to todays questions. Thank you, all of you. Very interesting testimony. Very important testimony. I just really appreciate it. I think we look to some of the breakthroughs that are out there and these technologies that we hope will allow for that level of protection. Several of you have spoken to the human factor. You know, we recognize that most of the control systems today are separated from the public internet by a fire wall or an air gap, but we can still see intrusions through human error, whether its transferring data via a flash drive from a Public Network to a secure one or vice versa. So even with all of the advances that we have out there and the processes that you have mentioned, were still in a situation where we have exposure to security breach. You had mentioned the dark net. How do we work to protect the dark net from this type of activity, the breach through the human factor . And then i also want you, dr. Earl, to speak a little bit. You mentioned the Quantum Technology that i had raised in my opening, and you have suggested that a Quantum Protected Network will create an inp impenetrable im interested in this aspect. Technology is great. Sometimes its the human factor that is our weakest link. Thank you, senator, for that question. Addressing, first of all, the human link certainly is going to be with us. How do we take and do better education and training of people who have not been exposed historically to these types of things. We have a lot of folks in the industry that are very good at operationally providing those capabilities and safety paramount. When you Start Talking about Cyber Security, its a little bit of a foreign issue in terms of some of the Industry Partners out there. How do we take and raise this awareness so they understand the threats that exist. Additionally making sure the systems are patched, updated. These are mainly i. T. Type systems that are being utilized. So there are steps we can take from that standpoint to help out the industry. With regards to the dark net and concept that were proposing here, moving the command and control communications away from the internet at least separates us, air gapping, if you will. There are exploits that get across air gaps, as we know. But having a separate control and communication capabilities via these fibers will give us some enhanced capabilities to understand and immediately determine if there was any type of exploitation that may hit. So as long as we can take and have that separation that we dont connect back or add additional vectors for exploitation, we believe theres going to be the added level of zhaurt c security that can occur by going to this dark fiber implementation. Let me ask dr. Earl to speak on the Quantum Technology side and the vulnerabilities there. Absolutely. So Quantum Technology is a very powerful technology, but the grid is going to require many solutions. Its just a piece of that puzzle. However, Quantum Technology solves two very important problems and its the Foundation Upon which you can build a more secure grid. It provides a way to immediately detect if someone is tampering with your Communication Channels. It can provide encryption that cannot be broken. There always is a concern about insider threat. Quantum technology doesnt address that. It addresses the securing of channels, but you need that first before you can build up the rest of the solution. Very quickly, youve mentioned that traditional systems can be integrated. How easy is it to do that . Youve got does the technology need to be built into the grid during its development, or is it relatively easy to add it to existing structure . We can retro fit it. We argue that its actually easier than other approaches that we might use for the internet for securing and establishing secret keys. It is very grid secret, very easy to implement and retro fit. I yield to my colleague for a question. Thank you. I appreciate that. I was going to go take care of us in Small Business, which probably should be part of this discussion. This is womens Small Business month. So the hearing is on that. I knew youd be very interested. We do have to think about how we help small have the least ability to put some of these things in place. So we need to think about that. Go ahead. Thank you so much. You mentioned the cce methodology during your testimony, and youve provided written testimony and i havent the chance to look at that. Can you expound on that methodology in your testimony that you submitted . I did, sir. That methodology was first introduced as inls unique Cybersecurity Innovation in april by mr. Andy balkman to this committee. And since then, its attracted some positive attention, but in addition to that, it seems to have created some confusion indeed, some might even say criticism, that discussing whether its really a process thats a step backwards from Technology Innovation. Could you address that, please . Thank you for your question, senator. We feel that consequence driven cyber informed engineering or cce is actually a step forward in some of our engineering processes in that we look to use the right technology for the right purpose in implementation of cyber controls. I think some of the criticism has been about the mention of using analog devices. Its a step back into the stone age. But in some of these cases where we can use the cce methodology to understand the critical consequences and the attack paths that lead up to them, we can identify choke points for various of these different attacks and do what we call disruption zones. Areas where we can place a discreet nonprogrammable component, potentially an analog component, that cant be hacked by software means, and well drive that attacker work factor way up, because their normal methods of internet based, of softwarebased activity will be thwarted at that point. As you work with an organization, and this is not just something the national lab or another provider can do. The National Organization works very closely to understand what those consequences are, what their engineering processes are, identify those paths, work with them, understand who might potentially attack and develop those mitigating ideas and identify the disruption zones and implement them. We found with our partner that they felt that the entire process helps give them a different perspective on how to protect their environments. Thank you. I think thats a clear explanation. Thank you for yielding. Senator cantwell. I want to thank all the witnesses again. This is excellent testimony across many fronts. And actually, the diversity of ideas yet cohesiveness of the ideas is so important. So i thank you for that. And i obviously want to thank mr. Imhoff, again, for the leadership that you have helped the state of washington provide on this, everything from working with our National Guard to creating a response to the technologies weve been able to deploy. I think when we think about this the synco phaser technology that the lab has worked on and was part of your testimony, actually saved california customers an estimated 360 million, plus a 90 million average savings due to improved utilization of the existing systems and making these systems more resilient to cyberthreats. We can see already theres work and application being done to help us strengthen the grid from blackouts. And we need to keep going. And mr. Earl, your testimony obviously the department of energys electricity cybersecurity Delivery Program helped fund the work youre doing. So i feel that one of the key aspects here is the need to continue to do r d and innovate and test and apply. I see youre all nodding on that. I guess what im trying to help our colleagues understand here. Sometimes i say in the Information Age were only in the third inning of the ball game. Here im not even sure weve started the game in the context of actually we have because of the great work you all are doing, but how would you characterize where we need to go with both research, work force and this continued collaborative effort in the context of where we are today and how this will evolve . And mr. Earl, i think you said it or mr. Riedel did, that this is ever changing. Whatever were doing today is going to change and evolve. So where are we with the level of investment and work force and level of interconnected responses . And i mean people responses that we need to build here. Im going to start with you, mr. Imhoff. Thank you, senator. Its a complex question. I would say on the department of energy side programs like the seds Cyber Program and others are funding a lot of the innovations here and others to date where the injection of funding is adding value. In terms of the good modernization initiative, the congress appropriations, that initiative is strong and moving forward at this point in time. I think one of the challenges we had over 100 Industrial Partners working on these projects, the Public Private partnership is essential. You have to have the field validation so that the people, the operators, the switchman, et cetera understand and can get their arms around the new concepts and what they bear to offer. The industry is a little challenged now because theyre facing flat sales and a lot of challenges on cyber and other things. So industry is stretched thin from a human workforce standpoint. They have a challenge adding more things onto their plate. But the manpower issue is part of that, clearly. The training and access and large number of utility workers are retiring. And theres a lot of work in terms of development and feeding the pipe for next generation whether its cyber or other grid activities. So i think its all very closely interwoven in terms of getting the work force right, getting the training done. And i would say that there are many some of the new topics around analytics and other things are new dimensions that need to be added, i think, to the workforce. Focus that needs to go beyond enterprise cybersecurity, which i think has been the dominant folk for the pa decade. Were having a hard time keeping up with the volume of cyber analytics. But we need to look how do we refresh the development, how do we build the partnerships between public and private to train the new employees and develop new staff and continue to look for the Public Private partnerships on new concepts coming out of the r d portfolio. Thats what it takes at the regional level to get comfortable making the investments to deliver. Thank you. It might have been a complex question, but you did a very good job. Anyone else want to weigh in quickly on that . I can briefly. Thank you for the question, senator cantwell ranking, sorry. So we deal with this a lot in our company. Were trying to hire qualified people and finding enough qualified people out there is, i think, a challenge for every organization. We try to train and making sure everyone understands security inside of an enterprise and a corporation is not one persons ability or one persons responsibility. So the things that we look at are how do we educate our workforce . We would love to work with schools and universities to make sure theyre educating folks. I think that the thing that we will try to tell enterprises as they deal with this and utilities as they deal with this, that security, Cyber Security is a group responsibility, that you cannot just expect the Security Professionals to take care of this. You need to take ownership of that while you build and engineer your products. And so those are things that were looking at. The only thing i would add to that is our focus is automation. We want to be able to be able to roll out this automation that we talked about today into the grid. But to do that, we have to be able to trust that we understand where the automation comes from. So not only do we have to make sure we educate and bring these people to be professionals, we also have to make sure as we bring them onto our networks and as we have them work on our networks, were able to identify those people so we can trust the information that theyre giving us and then trust remediations they create. Thank you. Thank you, madam chair. Senator cassidy. Would you mind if i this is cooperative committee. So if senator cassidy doesnt mind, we will certainly turn to senator manchin. This is a great committee. Appreciate both of you. Thank you, bill. Appreciate it. Let me say quickly, the reliability of the grid system, basically the base load, do any of you all have concerns that the base load might not be able to energize the grid or we could be concerned about a relapse or collapse . Does anybody have that concern . Base load im Understanding Nuclear code to the base load 24 7 rain or shine. Gas, were depending on gas being base load now. And all our renewables are coming on with the new battery storage, that will eventually move into that. We havent gotten there yet. You all have no concerns in different sectors across the country . Pjm collapsed the last polar vortex we had, you know that, right . They came within that sliver of going down. Anybody want to talk . So weve seen no evidence that theres a lack of capacity to deliver in terms of response and other things on the power system. Clearly there are changes on some of the resources mix and the nerc bodies as well as the reliability councils and all have not indicated that there is a gap that is an issue. Theyre having to change some of the processess in all, but i think were at adequate capacity Going Forward. Feel the same . Senator, yes. Dr. Earl, on quantum of course cyber is what were concerned about. Im on intel and every meeting we have deals with cyber or some type of cyberattacks were getting regularly and how we can stave that off. In this, i have been to an awful lot of power plants. We have an awful lot of coal plants, and there are switching stations. When they produce the power coming out, it goes into kind of a switching station and puts it out on the grid. Youre saying you can protect that from the internet or being hacked by the internet, correct . So maybe a slightly different way to define that. Were trying to protect the communications between those switching facilities, the substations and those command centers. Its imperative youre able to trust those communications. And so the channels theyre communicated over are not defended. These might be fiber optics, airways. You dont have complete control over those Communication Channels. Its important we have technology to ensure that communication channel can be secured first. And you said that can be retrofitted also . It could be, it does dove tail well with what they described about the dark net where you use existing fiber optic cables to basically put this system in place. Let me ask any of you all to answer this question, because ive been to a number of these power stations and however theyre operated, but the switching stations, its not all that secure. If i want to do some kind of criminal act i can walk up to it and make it happen. Have you all suggested or basically lobbied for securing, making every Utility Company responsible for the securing of those switching stations . Natural gas also, were concerned about the pipeline pumping stations. So youre voicing concern around fiscal security . Yes. And we have expensive infrastructure across thousands of miles out west, some very empty miles, and theyre favorite target practice opportunities. But i will say that over the past year peter nell has worked with nerc to help develop whats called design basis threat, which is a systematic approach at looking at what are the series of threats that could be done on a pipeline, gas pipeline compressor station or out of the coal plants, et cetera, and helping the utilities walk through and classifying the degree of consequence and risk and identifying what are the options to provide physical security, because you can do that, but you cant do it on every single substation or every single transmission tower out there in the power system. What they are doing is putting in place a systematic process to help prioritize the risks and identify their options for protection. So that process is beginning and its been well received by the utilities in the last 12 months. I think theyre moving in that direction. You can really advocate and help us because i see a lot needs to be done. Were talking about the internet and technology and all this and that. Im talking about just plain attacks, just criminal activity. Okay, thank you. If i could just follow up on that, isnt it true that most im just thinking of the bonneville system, if you go into their command center, they have pretty good eyes on most of everything in their grid system. I would assume utilities are similar. They have eyes everywhere, right . Is that correct . I mean besides the technical detection of whats happening on a line, they also have eyes on practically every aspect of the infrastructure . I think it depends on the utilities. Theres small ones and large ones and they approach it differently. Definitely for the large utilities, i think youre absolutely correct. Its a fairly sophisticated operation. Thank you. We worry about those smaller ones like we have up north. Senator cassidy, where are you now . I think it was you that spoke of the dark net. Does the dark net require a lane of different fiber optic cables or can it go through the same fiber optic cables . Thank you, senator, for the question. Certainly we can use existing fiber that is not being utilized. Generally speaking theres a lot of bundles that are laid, multiple fibers that occur and not all the capacities are being used. In the instances where you have smaller utilities or cooperatives that dont have the fiber, there are other avenues we look at in using some of the advanced communication capabilities and emerging capabilities to also take and look at hardening. But yes, sir, certainly, we can utilize those existing fibers where they exist. To what degree could we now go to dark net . I once went to a dod facility and they had their internet there and a closed system there. It was two different terminals, but somehow i understood this is this and that is that. To what degree do we have that now for our utilities . Sir, i cannot answer in totality of that for you now, sir. We have people as i mentioned before, over the 100,000 miles of existing fiber that we have, to see exactly where the connectivities are relative to the commercial entities, the industry out there. So certainly i can get back with you on that question, sir. Well, thats a nice segue to my next my staff gave august 17, the president s National Infrastructure advisory committee. And they have 11 recommendations. And theres a sort of kind of urgency behind and a sort of assumption that we should have done this yesterday, and we havent done it yet with agencies and congress required to put things together which apparently we have not. So i appreciate the chair and the Ranking Member holding these hearings, but to what degree is leadership being exerted by the federal government to make sure that all of this happens asap . Because i gather you all think it should happen asap . Fair statement . Mr. Tudor is smiling discreetly and diplomatically, but to what degree are we providing that leadership . Mr. Tudor. Thank you, senator. I am nothing if not discreet and diplomatic. And i would say that i do believe the department of energy, the department of Homeland Security and others are taking leadership within the bounds of what were able to acco accomplish, what we understand we should do. But i also think leadership understands we all can do more. Let me just pause for a second. There have been some very good suggestions from yall, ranging from quantum mechanics, which i dont understand but im always fascinated by, to put in an analog switch in there. Really two different approaches with a dark net overlay. So those are very tangible this is what you could do now and would probably work really well. So do we currently have what is the state of play . Are we moving towards that or waiting for someone to propose it . Sir, if i may answer that for you. One of the test cases that were working with now is electric power out of chattanooga, which we have fiber connections with, and were looking at how we can establish some of that test bit capabilities with them. So on a smaller kale, we are moving forward. So youre telling me although dod has a parallel internet and you mentioned the dark net, is this a strong recommendation, yes, we should do it, or no, we have to test it before we go fully to scale . Sir, we believe the technology exists to increase our capabilities to defend the electric grid from communications and control standpoint, if we go forward with this. And thats what were proposing. And is it generally agreed upon . So one thing we could appropriate the dollars to immediately begin putting in the dark net for everybody who is connected to the grid, except maybe a distributed, if im selling electricity off the roof of my house, maybe not, but other than that. Is that something we should be writing legislation now, in your opinion . We currently have utilities with Fiber Optic Networks ready to start implementing this today or testing this today. The quantum or the dark net . The quantum and dark net. It really is tied together. So thats not all utilities and its going to have to start small let me ask you, just to interrupt, because when you say not all utilities, i always mispronounce it, i dont know if its miso or miso, but you have this exchange of electrons through the whole mississippi valley. So if theres someone whos a weak leak, doesnt have quantum, doesnt have analog can that be going through the whole net w, getting those who dont have it . Ultimately, youre only as strong as your weakest link, but your biggest links need to be secured first. The propagation can be limited by focusing there and prioritizing there initially. And there are three separate grids, of course, that would be independent from one another. Let me echo the question of can we implement this quickly. It is a question of funding. The Program Within doe is doing a great job, but they dont have a large enough budget really to take on dark net yet. From my perspective, i think increasing the funding to that program is an excellent thing to do right away. The other point id like to quickly make is these technologies will take time to be implemented. It could take five or ten years for some of these technologies to be implemented. You think where hackers were ten years ago and think about where hackers are going to be in ten years from now, thats where the urgency is coming from. We really have got to get ahead of this. I would like to say across the industry our Utility Partners are beginning to move out even faster in developing pilots, working with commercial industry, working with National Labs to develop the process and procedures to implement these new technologies. Mr. Riedel mentioned the ces21 is a great example of the three major utilities working together to implement and prototype and demonstrate these technologies and get Lessons Learned to utilities across the nation so we can understand what the scope of the issue is, how to deploy these, and also provide that expertise as others do it, similar to the utilities here in the east coast as well. I think were moving out faster than we have been. We would all love to do it faster. I yield back. Thank you, senator cassidy. Senator franken. Thank you, madam chair. I know this is about cybersecurity and the grid, but dr. Raines, i was struck in your testimony by your discussion of Microgrid Technology and its potential application to puerto rico. The chair knows im very interested in this, and i think all of us are. After the devastation of irma and maria, millions of americans in puerto rico and the Virgin Islands are still without power. This is really inexcusable. Im going to read from your testimony. Most recently oak ridge National Laboratory has considered how its scientific expert may be leveraged to help an area in which the local power grid is essentially being rebuilt from the ground up. Puerto rico was devastated by Hurricane Maria last month, the islands Critical Infrastructure including its Power Transmission and distribution grid serving more than 1. 4 million customers was nearly demolished by the powerful storm. As the relief and recovery effort continues were mindful that many of the solutions developed for Grid Resilience could be purposely built into a completely new robust system for puerto rico. Through distributed energy resources, for instance, Puerto Rico Electric Power Authority could benefit from microgrids. With more Power Generations spread through its territory cited locally in its neighborhood and communities and providing greater flexibility when the larger grid is disrupted. Complementary opportunities exist to support the development of a more secure and resilient puerto rican infrastructure, which will ultimately lead to a better quality of life for its residents and reliable electricities to support its businesses. This is something that we have been talking a lot about, a number of us, including the chair and the Ranking Member of this committee. Dr. Raines, could you elaborate on the work that oak ridge is doing to improve resilience for the grid and how that might relate to our responsibility after these hurricanes to approach rebuilding the grid, getting them up again as fast as possible, but then building something that is resilient and sustainable. And if anyone else wants to weigh in, please do. Senator, thank you for the question. Ill start that and turn it over to carl. Earlier this year in the spring we had a team down in puerto rico that was actually looking at the infrastructure, understanding the infrastructure and looking at how we could possibly take and redesign or enhance the architecture, the existing architecture. We certainly did not foresee the devastation that occurred in september, and the agony and things that people are going through down there now. We have for a number of years been looking at microgrid technologies, how we can take and build those where given different types of Power Electronics and charging and sensingtype systems, that they can have the isolation from other the larger infrastructure and be able to operate in the events of and island mode if they need to. Yes, from that standpoint. So with that i know that carl is leading an effort among the different labs, and he can probably address it quite well as well. Please. Specifically for puerto rico, d. O. E. Has asked the 12 laboratories to frame some options that could be add value in one to six months, six to 12 months, and 12 to 5 years. And the notion of evaluating what critical loads in terms of drinking water, purification, health care, island communications, et cetera, how do they come down and identify where it might be worth the incremental expense for microgrids to harden those against future events. And leverage some of the work we have done on the grid modernization in new orleans and other places to coordinate microgrids that during bad storms can adjust and focus just on the critical loads for emergency applications. Thats i think a Good Opportunity for us to bring new concepts to the rebuild of puerto rico over the next couple of years. I think its just responsible to do that and smart to do that. And, you know, their grid and i know im out of time but their grid right now is powered so much by diesel. And a lot of people in minnesota in the winter go to puerto rico and the Virgin Islands for the sun. Im just saying. So i think that perhaps in rebuilding this grid we can make it more resilient and use more Sustainable Energy as well. And its something that im glad the National Laboratories have been asked by the Energy Department to look at. I think everybodys rowing in the same direction is what im saying. I feel good about that. Thank you, senator franken. I think thats a good question, an important one. And we will be having a hearing focusing on the Current Situation in puerto rico and Going Forward, the future of that energy grid there. And we will look forward to input from the national lab so to know that youve taken point on that, mr. Imhoff, is important. Well look for that in more detail in the next couple of weeks. But very, very important so thank you. Senator duckworth. Thank you, madam chair. I want to thank you and the Ranking Member for todays hearing. And i definitely want to thank our witnesses for participating today. And recently as my colleague, mr. Franken, mentioned weve seen frightening weather patterns and infrastructure instability in puerto rico and the ukraine even in 2015 when malicious actors destabilized the countrys power grid. I had to learn that Cyber Security can take many forms. I come to this from a military perspective where its all about enemies hacking and also cybersecurity also applies to trying to prevent technological failures from occurring as well. And im proud that the National Labs are partnering with industry to develop solutions to modernize our grid, including illinois own argone national lab. Were leading eight programs under the laboratory consortium. We heard this earlier when you responded to my colleague from louisiana about the investments that need to be made. Thats where my question is going. It seems to me there is a cycle of scientific discovery that then provides necessary impetus to develop technologies that address those known concerns and then we develop, once we develop the initial technologies and prototypes, we move towards bringing them to a place where they can demonstrate effectiveness and be deployed to the marketplace. And id like to further elaborate on that. Of all the witnesses where in terms of this cycle of discovery, prototype development, and development towards deployment as it relates to cybersecurity threats, where are we in that process for our Energy Infrastructure . And are there specific investments we should be making . You mentioned that informing municipalities and communities, but is there anything specific . It seems this is a continual cycle we go through. Anyone want to take that . Well, ill get it started and hand it over to my colleagues. Were in all phases of that cycle. Okay. There are many dimensions to this grid modernization and many dimensions to cybersecurity. In cybersecurity, i mentioned in my testimony that we have roughly 3,000 utilities in the United States. The largest thousand are pretty far along on their cybersecurity journey. The smallest thousand dont have any digital devices, so its not much on an issue. And middle thousand have very small engineering staffs and very limited budgets, so its harder for them just to do the basic fundamentals of maintaining good enterprise discipline on their infrastructure. So theyre in a very different place on the Development Cycle than some of the larger utilities who are looking at quantum encryption and other activities. So were in all phases. I think itll always be that. Some things are near the more mature stage, but you have to work them out across 3,000 utilities that are in 50 different jurisdictions. It doesnt happen overnight. Takes time for things to unfold. And the thing id like to add with that, our partnership is absolutely critical. Because our National Labs will take and produce lower Technology Readiness level type solutions. So to take and transition those to Industry Partners is absolutely critical in this arena. I come from a military background as well. From the standpoint of rapidly getting those products to the field where theyre needed, and in cybersecurity, like i said earlier in the testimony, we are in that very tight loop of adversaries are far outpacing us in terms of how we can respond to them, so the Industry Partners are absolutely critical. Senator, id like to respond to that as well. Ive been involved in Technology Innovation for cybersecurity for about ten years in other jobs. One of the things we do realize between the development and deployment of cyber technologies is whats called the valley of death. I think a lot of times the National Labs theyre placed in developing those Readiness Level technologies to solve particular problems at the time have not had the emphasis on commercialization, probably not the labs major role to do that, however, in the last few years, we have seen more and more emphasis from dod, dhs, and others to bring these technologies to bear. But we do need commercial partners, whether its venture capitalists or others to come and help invest in these. I know the dhs transition to Practice Program did a wonderful job of coming to the National Labs, Pacific North national lab, oak ridge, and inl all have technologies that were transitioned in some of those, but we need more of those types of activities, and we need more emphasis on it if we really feel we can get those out there and then entrepreneurs like dr. Riedel and mr. Earl can take those technologies forward. Is it okay to add to that as well . In terms of development shortening that time, i think one of the biggest challenges, we have over 3,000 utilities. Some big, some small. And theyre going up against very sophisticated adversary. These nation state hackers have much more sophisticated operations and utilities are used to. So were asking big and small utilities to come up with solutions on very rapidly changing technology. One of the things that the government can help to do, National Labs can help to do, partnerships can help to do, is to identify a template, a solution sort of cookie cutter solution that at least could be a starting point for these utilities. And then ultimately they need assistance in implementing it and maintaining it. That right now doesnt exist for those utilities. Senator duckworth, thank you for the question. I wouldnt be here today with out the support of d. O. E. , the state of california, and some of the funding so im very appreciative of that. For me, the funding is critical. Its a holistic approach we need to take. Theres no one technology thats going to solve this problem. I think we talked a lot about networks today, about the dark fiber and quantum, but you know, we also still need automation to be able to respond to these things in a timely fashion and to support the growth of the devices were getting. At the end of the day, we also need to trust people who are operating on the devices so we need to move beyond current credential technology and look at new ways we can actually assert that the people who are operating are who they say they are, which helps sort of, i think, bring everything around. For me, a holistic approach and we need to continue investing in all those areas. Thank you. Madam chair, you have been very generous. Thank you. Senator cortez masto. Thank you, madam chair. Let me follow up. And ill open, this question is for all of you. Do you think the small and midsized utilities are more challenged to really find the programs to address the Cyber Threats than maybe some of the larger utilities . Senator, i would agree with that statement from the standpoint of the resources the smaller utilities have available for this. So the programs are there, its just a matter of having the capital or the resources to access those programs or for those programs, is that right . I would have a tendency to agree with that, maam. I agree but i must say that some of their representing organizations like for the coops and the power association, they do have relationships with d. O. E. And they help aggregate numbers of small utilities for them to be involved in demonstrations. In general, smaller utilities have smaller engineering staffs, smaller resources. So its more of an uphill walk for them than some of the larger entities. I think its worthwhile to note like some projects on the east coast that the intent is to have the large Utility Partners who have those resources to help validate a lot of these approaches and then share that information into the rural cooperatives and other types of environments that dont have those resources. They wont need to spend the time to do that validation, but it will be able to be handed down to them. And you may have already addressed this, i apologize. I had another committee hearing. But im also curious how the states play into this. I know in the state of nevada, governor sandoval has created a new office of cyber defense, which will serve as a primary focal point for Cyber Threats and security for the state of nevada. With the addition of that, the ocd will serve as a primary conduit with the federal government as well as a primary entity managing cyber threat issues across the state of nevada. Do you see that as a role most states should be involved with in coordinating with a state level and particularly the private sector to address the cyber threat . Thanks for the question, senator. You mentioned the important word, coordination. I dont think every state should spend resources to go off on their own and potentially have redundant systems. As we mentioned with california, their work, their regional things that have happened, Pacific Northwest, i know pnl, inl, and others Work Together with regional entities. I think that coordination with leadership from the government can help rapidly advance some of these technology areas. I do think as well and utilities, there is a follow the leader mentality. If a set of utilities, larger utilities in one state identifies a solution that works well and they can share that with their counterparts and other utilities, well see that filter down. Just to echo what was mentioned, california has the ces21 project, which involves utilities across the state. Theyve really developed some Innovative Package Solutions that are being adopted in california. If that is successful, then hopefully that will spread to the rest of the country as well. Great. Please . Senator, thank you very much. Cs21 has already made an effect, and were already starting to work with other organizations such as sticks so the research coming out of that is actually having real world effects not only for the u. S. But also thats propagating around the globe. And thats all based on the funding thats come in to make that happen. So if we can continue that, thats only going to grow and i think thats a very good thing. Great. Thank you. And dr. Raines, im actually very intrigued with your dark net concept. Assuming adequate funding, how many years away are we from being able to implement a dark net solution for our nations electrical grid . Senator, thank you for that question. As we mentioned earlier in the testimony, there are different phases that are occurring and can occur with the dark net concept. Utilizing existing infrastructure, such as some of the fiber, there are capabilities that dr. Earl and others have been developing that can be implemented relatively quickly. There are also other advanced communication capabilities that can be implemented for some of the smaller cooperatives if you will. So there is a lot of things that can be done near term. But it is going to take, i think as dr. Earl mentioned earlier in testimony, some of these advances may take five to ten years to fully mature. Thank you. Gentlemen, thank you very much. Appreciate the conversation. Thank you, madam chair. Thank you senator. I have just one last question. Mr. Tudor, you had mentioned in your comments the need for control room operators. To have handson training opportunities. And you referenced the ukraine in a box. How ready are we with this program . Do we actually have utility room operators that are training kind of hands on to how to handle ukrainelike attack . And really, to what extent do the men and women that are on the ground or on the front lines being trained to handle a cyber attack . Thank you for the question. I want to say that the people who operate our grid are highly capable and highly trained. Its really enlightening when you go into some of the command centers and some of the utilities to talk about how they train, what they do, how they respond to events, what tay do in the off time to provide the amount of training that is required. Our ukraine in a box is another tool in the training environments since for the most part our utility operators are not constantly responding to cyber attacks, being able to add this into the training regimen will be something that will allow them to see kind of real world, you know, techniques that may be deployed against them. Some of the indicators and how they might respond in a nondisruptive desktop environment. I do think that from a operational perspective, were in very good shape here in the u. S. One thing that i think about coming from a state that is rural and isolated and more microgrids than large integrated grids is that you have you have Different Levels of opportunity for that kind of training that youre saying you think is pretty much in place. And im thinking that perhaps with our bigger utilities, they do have that opportunity. But our smaller grids that are perhaps not as integrated, as sophisticated, i worry about that level of vulnerability, and i worry that perhaps we dont have a level of training that is applicable for the different types of grid that we have throughout the country. Can you put my mind at ease a little bit there . Thank you, madam chairman, ill try. I think that youre right. There are Different Levels of need and Different Levels of training. I think the development of some of these desktop trainings, inl and the other labs are known for their very large infrastructure, being able to bring people in and give some very unique sophisticated training. But also to be able to put some of this training via web base which is happening now and more happening. These desktop environments, were hoping to potentially make this an open source type of learning environment as well. So they dont have to have our equipment to be able to run this type of training. So were trying to export the training for more flexibility all across the nation. Madam chairman . Go ahead. Mr. Imhoff. I was just talking the other day with the head of the northwest public power association, and theyre based in vancouver outside of portland. And i believe that a number of the smaller utilities in alaska are small publics and rural coops, et cetera. And they have training opportunities that they provide for their members, but they are voluntary. And its not just alaska, a lot of states and small utilities struggle to send the staff to training. So i think that there are opportunities there, processes to work with the associations that they belong to, et cetera. But my guess is if you were to talk to those community entities, a large faction has to do with the resources and availability to send people to training. That would be where i would start, try to get a sense for what resources do they need to participate in the already existing training opportunities that probably would require some travel down to the lower 48. Because i do hear from so many of them that theyre anxious for their own security and knowing that there are avenues via the web. Dr. Raines, did you want to weigh in here . Yes, madam chairman. What i wanted to say was basically there is some good news stories in terms of how were developing workforce. Were close to 20 years. Dhs, nsa, National Science foundation. They have been partners in the Academic Centers of excellence for focusing towards cybersecurity. There are 200 universities and schools at this time producing cyber educated folks. Thats not just at the graduate level, the undergraduate level but at the Community College level. So were trying to hit or trying to hit for a number of years, you know, getting the workforce developed for the right application areas. A lot of the smaller utilities may be using, you know, more technician level folks than, you know, advanced degree folks to help operate. So there is a lot of work thats been going into that over the years. So i just wanted to give that to you, maam, as a good news piece in developing workforce. I appreciate that. Thank you. Senator king, weve had good discussion here this morning with some of the technologies and the efforts through this National Labs and the private sector as to what we can do to do a better job of insuring that were not as vulnerable with our whether its our energy grids or other infrastructure and had some good testimony. Weve gone through all the questions. So youre up if you would like to engage our witnesses. Thank you, madam chair. I want to apologize to you and the witnesses, speaking of technology, there is no effort made whatsoever around here to schedule hearings in any kind of coordinated way. I had a hearing this morning on the attack in niger, which obviously is of grave concern. And i understand there has been some discussion of the bill that senator risch and i have sponsored involving the National Labs. And i wont belabor that except to say i think its a step in the recognize direction, and i understand the panel agrees. So we will hopefully move that forward. This isnt really a comment directed at the panel, but i think its important, madam chair, as were dealing with this issue, and we spent quite a bit of time on it in Arms Services and intelligence as well. One of the problems is that all of our focus is defensive. How do we structure our system defensively . How do we patch . How do we have breakers and all of those kinds of things . In my view though, ultimately, thats not the whole answer. Part of the answer has to be a deterrent strategy or doctrine that is well known across the world. That if people attack us in cyberspace, they will feel results. They will also be at some risk. And one of the problems and one of the frustrations is that we dont have such a doctrine. This isnt a current administration, the Prior Administration did not do this either. But i think if were going to effectively deal with the risk of cyber attack, there has to be a deterrent doctrine whereby our adversaries know that this kind of attack will not be accepted, will not be not be not responded to in some way. I think thats a big part of the problem here. We can be the best bobbers and weavers in the history of the world, but if youre not allowed to ever punch back, youre going to lose the fight. So i think thats something very important that we were talking about it in Arms Services and we passed amendments to the National Defense bill, but were waiting for the administration, and were waiting for the Prior Administration to come forth with a Cyber Strategy beyond simply patching the system. So with that, if you can find a question in there, youre welcome to it. But i just felt that was an important part of this discussion. Its not only the technology of strengthening the grid, but its also strengthening the deterrence so the attack doesnt come in the first place. If you dont mind, id like to address that. We talk a little today about Quantum Technology, quantum key distribution technology, which can defend the grid. The great thing about that technology or the flipside of that technology is it also can be used on the offense. Quantum computing can be used to crack codes and take a much more aggressive stance. On the offense side. So by investing in our own defense, we actually do provide a path to an offensive strategy as well, if we needed it. One of the problems ive observed is were so secretive about what we developed, a secret deterrent is not a deterrent. The world has to know what we can do. That was the rule with Nuclear Weapons for 70 years, and blessedly, it has protected us from that kind of catastrophe because of the understanding that if Nuclear Weapons are used, mutually assured destruction. So i agree with you. But we also we all tend to, particularly in the government, want to keep things secret. You all remember you may not. Some of you are too young at this famous scene at dr. Strangelove where george c. Scott says but if you didnt tell us about the doomsday machine, it wouldnt work. We were going to announce it on may day. Weve got to have a deterrent. Its got to be well known, its got to be clearly part of our doctrine. Thank you. Thank you, madam chair. And to follow on that, we had a little discussion about where the chinese are with their Quantum Technology and the distances that they have bridged. Thats no secret, but im sure that everyone in the world is kind of paying attention to what is going on there. So i hear your comment. One further question on that. I raised china in my opening. You spoke to it. What other nations are out there that are leading in this space . So unfortunately, theres a number of countries that are leading the u. S. China definitely would be the top of the list. But the eu is making a concerted effort. Theyre spending quite a bit of money to pursue Quantum Technology. Australia and canada are aggressive in this area. So were probably fourth or fifth on that list. Interesting. Any further questions from either of the senators . Thank you, gentlemen. Appreciate the time youve given us and the level of expertise that you bring to this subject. Know that as it relates to puerto rico, as we mentioned earlier, well look forward to the input from our National Labs there. But obviously, we have a great deal of work to do Going Forward as we madam chair . Senator king . Apologize. Youre mentioning puerto rico. That did provoke one thought. I hope as were working on the rebuilding of the puerto rican grid we can be thinking to the future instead of building a 20th century grid and think about things like distributed energy and underground wires and all of those kind of things so that we dont just rebuild something thats liable to be knocked down again in the next great storm. So i think this is an opportunity that we should seize. I hope we can all Work Together to see that happens. Thanks again. Kno t