 We've got an absolutely stellar panel here that first up will be Liz and I'm not going to go through the biographies but she has held absolutely key management positions at DOE, the White House, and I believe it was then the Department of Defense, did I have that? All of which involve numerous responsibilities but included looking specifically at cyber and physical security of our grid. We then have Steve Berberich which I'm sure he is known to many of you that he is the President and CEO of the California Independent System Operator. He has provided leadership in terms of wholesale markets and our transmission planning and system not just in California but increasingly in the West and really is an internationally known figure now on how do you run very effective markets that provide reliable and affordable service while also meeting California's challenging clean energy goals and we also want to thank Steve that thanks to he and his team at the KISO despite our high temperatures this week we've had no significant problems whatsoever that for those of you who don't know about the KISO app that you can get on your phones downloaded and everybody can look ISO today it's one of the best most accessible ways of keeping track of what's actually going on with electricity grid and our supplies in California and then last but not least we have John Wellinghoff who he and I go back 20 years I think and he was chair of the Federal Energy Regulatory Commission which is the agency in Washington that excuse me I've had a bit of a cold and cough this week that oversees our wholesale markets so FERC does regulate the ISO and the RTOs around the country but John has had a very extensive career not just at the federal level and understanding and being a real mover on what FERC is doing in the electricity grid but also throughout sort of the whole supply chain and now is increasingly involved with distributed energy resources and the value that they can provide to our electricity system as they come on so with that we're going to have about 25 minutes of a discussion up here and then we'll open it up for questions comments from all of you so please as we start in this first part start thinking about what questions you may want to ask because this is just a wonderful and illustrious panel so I'm going to go sit down I think I'm mic'd up oh yes yes indeed and Liz let's let's start with you can you just tell us a little bit about giving your role with the federal government focusing on the federal Department of Energy but if you want to talk about the White House or other agencies what is their role in terms of cyber and physical security for the grid and to the extent you're comfortable talking about this because some of this is obviously involves highly sensitive information what do you see as some of the threat streams that we really need to be thinking about thank you Diane and Jim for hosting this panel discussion on such an important topic for all of us it's wonderful to be back here 20 years ago I came to Stanford after serving in the Clinton administration and this place was actually a little Spanish style house called the Center for International Security and Arms Control and next to it was the Stanford band shack and it looked quite different we are now in this beautiful Ariaga alumni center but it's wonderful to be back on the farm I'll begin by actually talking about the threats I think and then we're how we're organized to deal with them and my colleague Alice Hill knows a lot about this as well she'll be on a panel later but she was responsible for resilience policy at the National Security Council and the administration that we just concluded our service in so the threats to the grid are very real and they are full spectrum so that begins with just natural disasters of course we live in California and we're experienced with natural disasters like earthquakes that can befall us they include extreme weather events now some argue that extreme weather is associated with man-made causes so not entirely a natural disaster but we're looking at some of the effects of extreme weather so for example what you have been managing in California with the high temperatures and the consequences of that for for the grid we also are looking significantly now at intentional threats because our adversaries have identified the grid which increasingly relies upon the amazing technologies that have been innovated here in Silicon Valley to do so much of what we can do and that's a big enabler but it also creates an enormous vulnerability for the grid and so we see the threats to the grid including intent to disable the delivery of power to the American people through cyber attacks and of course we've seen examples of this at home and we also see deliberate attempts to test capabilities around the world if we look for example at what happened in Ukraine in the winter of two in the winter of 2015 and the Russian effort to attack the Ukrainian energy delivery system which we then at the Department of Energy sent a team to evaluate in order to learn both assist our Ukrainian partners in recovery but also to learn what were the lessons of that attack for our own systems and we can come back to that and talk about what we learned and what we did about it and then from physical attack as well where we see examples like Metcalfe here in the Bay Area where we have identified an intentional deliberate effort to attack a substation we see people doing things who don't seem to be associated with a foreign entity and endeavoring to disable us but rather just crazies who want to go and cut the wires at a substation most of our substations of course were not located for security reasons they were put where the power needed to be delivered but we weren't really thinking it in that era when they were built about the need to protect them from the vulnerabilities that we now face so across the board but I want to emphasize that in the more recent period what we do see is deliberate adversarial endeavors to identify how our grid could be disabled and so we have to prepare now for that kind of wide scale potential attack on our grid not in a limited scenario but one that could potentially be about disabling the nation the government is organized to respond to this by sector so the department of energy for example where I serve most recently was the agency designated as responsible for the energy sector but when you and I talked in advance of this Diane you asked me about what kind of authorities we have and there I would say that authorities to compel action have not kept up with the threats and so we really have a mismatch right now between the authorities that exist for the federal agencies and the responsibilities that we have been given so we have to work with the private sector principally on a voluntary basis to motivate action that is for example if you think about the requirement to enhance the cybersecurity of the grid while there are some actions that have been taken by Congress recently for example the fast act in 2016 that doesn't really give us the capacity to compel the kind of investment for the future that is going to be necessary to build a strong and resilient grid that can both deter threats and then respond to them effectively and quickly when they occur so there's a lot of work to be done going forward in the partnership that needs to take place between the federal government and the private sector because of course most of you know this more than 90 percent of that energy infrastructure that could be disabled by an adversary seeking to impede the American way of life is in private hands so the only way to make this happen is to get the investment made in the private sector to create that kind of resiliency. We're going to move on but again when you and I talked beforehand I was very intrigued by what you said of some of the specific activities that you had to really engage with the private sector maybe you could give us a little bit of the details about certainly who did you reach out to and what were the actions that you really focused on working with the private sector. So this is a really important point because it sounds so dire to hear about the range of threats that we face and how serious they are there's a lot that is underway that is very promising so I'll describe three dimensions of the work that we did to address these growing threats to our energy infrastructure. The first is to invest in innovation and that here we have Lynn or also sitting at the front table our former under secretary of science and energy long-time Stanford faculty member we were driving innovation in this space through something called the grid modernization initiative and it covered a full spectrum also of investments in innovation which involved thinking about how to build a grid that works that could incorporate the new sources the renewables the variable intermittent sources of supply and all of the other dimensions of a modernized energy infrastructure for our country all the way to this space of thinking about security. How do we actually create a modern and secure grid in the face of the threats that exist and are growing. Our national laboratories in the department of energy were a tip of the spear for this work partnering with universities like Stanford and the private sector so it's at that point a lot of the innovation taking place in the labs then in the partnership with the private sector we develop and deploy those technologies we are able to test those technologies in real-world situations and explore whether they're working whether they're effective and what we need to do to improve upon them. So the partnership with the private sector is the second piece the innovation in labs and in universities the partnership with the private sector to build systems of response so that we're capable as a nation of responding in the face of these threats and there the principal vehicle for the energy sector is something called the electricity sector coordinating council which is a partnership between the federal government led by DOE and the Department of Homeland Security and major utilities around the United States the investor owned utilities trade associations public power rural power cooperatives coming together to think through how we can respond in the face of these threats we decided to secure security clearances for a number of the CEOs of the major utilities around the United States because I wanted to be able to brief them on the threats that we were seeing so back to the Ukraine example after we came the our team came back from Ukraine with the analysis I brought in these CEOs and we briefed them on what we learned from the Ukraine attack because that was actionable intelligence for them to take back to their companies and think about what they needed to do so we had a process in place which we have handed over to the new administration of three meetings a year with the CEOs of the major utilities and the others I mentioned and we had a very aggressive agenda for action together to try to increase our resilience and response capabilities and that leads to the third dimension of our work which was to exercise intensively you noted I had a national security background and one of the most important dimensions of that national security background was the exposure I had to the imperative to exercise we know this in our personal lives actually you're stronger if you exercise we could see from our exercise work in a variety of arenas that what you identify through exercises is your vulnerabilities you see what isn't working you see where you haven't anticipated what you need to do and that enables you to get stronger before an attack rather than the midst of one so we initiated a very robust exercise series with industry and I want to note it was cross sectoral so it wasn't just the energy sector to involve the oil and just the utility sector involved the oil and gas sector which is a critical dimension of this ability for us to be resilient and responsive it involved the communication sector the financial sector because of course all of these sectors are interdependent and we have to anticipate what would happen if you're in a situation of a major attack you're reliant for example on communication systems that may not be working what are you going to do how are you going to be responsive what are the alternatives to that so the exercise series was significantly accelerated and expanded Alice can also speak to this and it's something that needs to be sustained over time to ensure that we continue to prepare against the threats that are emerging and that we need to anticipate and be prepared to respond to one very quick follow-up and then we want to move to Steve and talking about the role of the ISOs and RTOs um have you had a chance to look at the new administration's proposed budget and are the activities that you're talking about still funded or do we stand any risk of potentially losing some so of course I've looked at the new administration's new budget and I'll say that on the cyber front they appear to be committed to sustaining the level of effort that we were interested in supporting now there are and they have issued a new executive order on cyber security as well which builds on the work that was done and handed off to the new team so it carries forward a lot of the recommendations that we had made toward the end of the administration however the entity within the Department of Energy that's responsible for this work is facing if the president's budget were to be agreed to a nearly 50 percent cut in its funding and that would be quite draconian because that's the entity for example that supports the exercise series so it is my uh guesstimate that there will be uh a number of areas in which the president's budget will be met by significant congressional resistance we've seen this just in the testimony of Energy Secretary Perry in the last couple of days so there's a possibility that that will not be the ultimate outcome but I think looking at this from the perspective of what do we need to invest in for the future some of the cuts also to the science and energy budget could be quite consequential if it affects the investments in innovation that need to be made in our national lab so that 10 years from now we have the solutions that need to be engineered into that next generation of the grid thank you um Steve if we could um now turn to you and um talk about from the perspective of one of the leading ISOs in the country how you think about this whole area physical and cyber security um but if I could ask you um as a preliminary item for our audience who may not be as familiar with what is an ISO maybe to explain to us ISOs I've used the term RTOs so that we understand how it fits into the larger framework right all right I'll take the first I didn't tell you I was going to start with that anyway no that's okay I've answered this question on numerous occasions but anyway so many of you don't know that there is in California and much of the US probably about 70% of the US is covered by a a regional transmission organization or an independent system operator and there's a lot of history of why they've come to be but essentially the independent system operator there's only one in the west which is a longer conversation that's here in California we're responsible for open access to the transmission system so that anyone can use it and transact it over it we're responsible for the reliability of the system balancing making sure the transmission system is not overloaded all of those things so we're essentially is responsible for operating the high voltage transmission system this is the big stuff 230,000 volts 500,000 volts the stuff that goes to your house call your utility if you have a problem with it that's not what we do but we also operate the energy markets and the energy markets in California we run about nine billion dollars a year through the ISO and this allows people to exchange surplus power and buy it and we're effectively kind of the New York Stock Exchange for power as people want to transact on that now part of what I just described though really gets to the heart of what we're talking about here we actually balance the system every four seconds so as everyone is turning on and off their power and doing all these things you move the system around and we have to maintain a stable frequency if you ever look at the back of your electrical devices you'll see a 60hz that's the western hemisphere power I think it's the whole western hemisphere certainly north america is 60 hertz we have to maintain that and important for us as we have significant telemetry off of generators off of substations off of the transmission system an information flow that comes into us so that we can balance the system every four seconds imagine the vulnerability of a system like that and that's really what we're talking about today so this is an important critical topic for us Liz talked a lot about some of the standards that have been set in some of the institutional processes that are in place we participate in all of those I have a security clearance like you talked about Liz and get briefed on these various and sundry things because it is so important but I'll talk about the vulnerabilities I won't talk to you about what we do about them but I will tell you that we get scanned constantly we get pinged constantly most of the activity comes from China Russia and Africa now that shouldn't tell you anything about Africa because it's easy for China to route it through Africa anyway so but nonetheless that's where we see the traffic and it's a constant problem so we manage how well we're protected and we have defenses in depth and like I said I'm not going to get into the defenses in depth but I also want to talk about two other threats I'll talk about the physical in just a second the biggest threat remains the insider threat and the biggest issue there is fishing and I'll talk about that in a second not half it's fishing with a pH you all get them this is you know Sammy from Sudan and you've got four million dollars coming your way if you'll click on this and give me your account information so that I send it to you well they send it to us too as a matter of fact as the CEO of an ISO they apparently know who I am and they send them to me but they're very real they look like they've come from our employees and they will send our employees emails from me asking them for their password information or other information this fishing threat and this vulnerability this is how they got the hack into the Democratic National Committee this is how they hacked in to Sony for fishing so while we worry about this external probing and all those things that's my number one worry that one of our employees will give their credentials over to someone and they'll have the keys to the kingdom I will tell you what we're doing about that we have an extensive program where we train and test our employees every month or every couple weeks some periodicity we send out tests to them and they become increasingly difficult and it's not that we tell our employees that you must be careful about clicking on these things if you click on one of these things we have an increasing disciplinary process including suspension it's that big of a deal that we know what these emails are and they clearly are marked as external they clearly they're all kinds of clues when you get these emails about what they are we want them to take a minute and assess that because that is our biggest vulnerability so that's kind of what we work toward on that we are looking at all kinds of additional techniques way beyond the requirements of this we operate a grid from Silicon Valley to the border to really much of the west the ports the heartbeat of our economy we know we have to be secure and it has to be more than requirements we're looking at how to better secure this telemetry infrastructure as well so let me talk about the physical threat for just a moment um I think Liz you talked about this med cap incident many people don't know med cap is a substation Lord's was serving Silicon Valley where there was an incident with multiple shooters that that in the middle of the night shot up a substation and they were very deliberate at what they did and they seemingly knew what they were doing and John may talk a bit about that because he was quite in the midst of this whole thing that issue too is something that we have to come to terms with because I could sit up here and tell you in five minutes how to take out the grid it's not that hard I'm not going to do it but but the point being if you know where the vulnerabilities are which I won't tell you but you can do this and that's my point is those vulnerabilities must be secured from a physical perspective as well there are new requirements at hardening substations as a result of this the industry is in the process of doing that and I'm sure that will that will continue but in addition to that I will tell you the electric system in California yes we have a high level of renewables but we also have a lot of gas generation and the gas system is a vulnerability as well you take out the gas system you take out the electric system so the vulnerabilities through our entire value chain are important to us as well so I'll leave it at that we'll turn it over to John I'm sure this will give an opportunity to have lots of conversation yes so John we've alluded to the MetCap incident and John was actually the chair of the federal energy regulatory commission as I recall when this happened and I remember that I was back in DC and we were having dinner and you said you're not going to believe this of sort of here is a major major item we need to think about and I think you may have been one of the first people to say this really needs to have a much better focus than we're currently giving so if you can talk about you know overall your experiences your views but I'm sure people would love to hear firsthand you know your involvement or your thoughts on the MetCap incident actually I could do MetCap Diane that's a that's an hour presentation and I won't do that but I want to thank you for having me here and Jim for having me here I really appreciate being here I got some quick slides let's see if we can go through them here some of which touch on MetCap but what are the top five threats to the power grid today you know and all these that I'm going to outline really relate to physical security because I think are physical issues because you know the cyber one is somewhat theoretical still in 2016 there were no successful cyber attacks in the grid in the US there were 214 NERC alerts that came out in 2016 on cyber and we talked a little bit about the internet of things only one of those related to the internet of things of the 214 I just just finished reading the the NERC state of reliability 2016 that report just came out I think today and I was reading it this morning so you know one of the threats is this guy here this is me with a 107A Barrett 50 caliber semi-automatic cyber rifle and that rifle at 2000 yards can penetrate through a five-inch steel case of a transformer 500 KVA transformer and that is a huge issue an issue that happened at at MetCap here is the freeze frame of the video at MetCap of the actual attackers firing through the chain link fence which existed at MetCap at the time in April 2006 2013 was nothing but a chain link fence around the entire facility they now have a block wall they now have a lot of other security that I won't go into that came about as a result of some standards that were put in place that were from that were actually drafted by NERC NERC is the North American Electric Reliability Corporation which is a standard drafting body primarily of the industry that FERC is designated as a standard drafting body and once they draft those standards those standards then are put in place by FERC by the federal regulatory commission they were actually put in place after I left several years after I left they should have should have been in place very quickly but ultimately those standards resulted in some of these upgrades to these substations but you know the technology advances so ultimately you know if you can't shoot through the wall well there's other things you can do unfortunately and so you know people who want to do harm to us think about these things and think about things to do but there's also what they call misoperation here's here's a misoperation here's a substation I drove by in Reno with the gate that was entirely open and nobody was there and I'm going what is going on here you know obviously somebody made a huge error because anybody could drive into the substation and do complete damage could destroy the entire thing and nobody would know any difference and so you know misoperations I will say John though I would add if anyone's considering this going in the substations and touching those lines is really hazardous yeah yeah yeah you don't you don't want to be doing that no absolutely you don't want to do that although there are people who try to do that just to steal the copper and some of them don't succeed because of exactly what Steve is saying but yeah no you don't want to go in there and you know and I notified the utility when I saw this but this was after I think I left FERC but it was an amazing thing to see this this gate wide open and nobody there you know other things though are weather events I mean we see you know extreme weather events in this country and they do have not only you know the ice storms that we have in the Midwest but you know Steve's system unfortunately is subject to the wildfires in California and unfortunately Steve has some great telemetry to be able to you know visually see what's going on in real time and be able to try to address it and they've done some great things for resilience and reliability to improve the system overall you know but this is actually one of the biggest threats of the grid right here this guy here at at at the distribution level at least at the word most people care about most of the distribution outages in this country are caused by squirrels so we've got to be careful of this guy but I'll tell you again cyber threats don't seem to me to be a major one and I apologize for this slide I pulled this off a news article actually a trade article but it supposedly came from NERC and this slide is probably something nobody can see out there but what it what it does is it it shows that ultimately that there are a number of vulnerabilities and risk levels to the grid and one of the ones that the NERC's indicating at a fairly high level is our variable resources on the grid and I would I would disagree with that one I think people like Steve and other grid operators are doing a very good job of ultimately addressing the issues of the increasing amount of variable wind variable solar that's coming in the grid on the bulk power system side and also the distributed energy resources rooftop solar etc that's coming in on the on the customer side I think I think we have the tools available and necessary to continue to make the grid reliable from that perspective so that's not I don't see that as one of the big threats NERC actually puts physical on this this heat map of threats to the grid is fairly low relatively low to other things like cyber I would disagree there as well I think the physical threat and as Steve says you know he and I could tell you how to take out the grid very quickly but if we told you we'd have to kill you it's it can be done and it can be done on the physical side I don't think you could take out a whole grid on the cyber side I don't believe you can do that you can do what you could do in Ukraine and ultimately the Ukraine incident and I know Liz knows a lot more about that probably than I do but the Ukraine incident was you know was one that was was serious for them but it was not persistent it they were able to bring it back up in a in a matter of days I think or or less and I think we could do that here to that and we have so many different nodes into the grid that yes you can you know maybe take out you know this operator here you could take out that generator here ultimately but taking out the grid on a widespread spread basis is not I think feasible with a cyber attack the way you ultimately could take it out with a coordinated physical attack so I worry much more about the physical side of things than I do about the cyber side of things and I'm very happy that FERC enacted the SIP critical infrastructure protection rules 14-2 which are the physical rules that are required and FERC and you know Liz talked about you know DOE and homeland only have this ability to kind of you know work voluntarily in essence and and request that these private actors who own most of the grid do something FERC does have the authority to require them to do things but it is under the the rubric of reliability it's not the under the rubric of of of terrorist threats and and we can't FERC can't require them to do something with respect to immediate threat or vulnerability still nobody can require for example PG&E if I knew tomorrow that there was going to be a huge terrorist threat I couldn't make them do anything as as the chairman of FERC when I was the chairman of FERC homeland couldn't make them do anything DOE couldn't make them do anything but ultimately you know you'd have to call them up and say you know fellas we think ladies and gentlemen we think this is going to happen to your grid tomorrow because of the information we have but there's nothing that that that any federal government agency could actually force them to do maybe you want to comment on some of the things that you've just heard they're untested as of yet but in the fast act of 2016 there are authorities now that require that in which if the president declared a grid emergency the DOE secretary would have some ability to require industry to act but it is it is ill-defined as yet undefined frankly but there is a and there is some evidence of interest in in working through some of what you've just described I would like to talk about this issue of there not being a significant cyber threat I think there is some a way of thinking about this that may allow us to stand on common ground here which is that what I was describing was if you're talking about a grand scale attack a nationwide attack a low probability but high consequence attack is how I would describe it that is right now we are seeing individual enterprises under cyber attack it's not on a national scale happening simultaneously but there is a lot of it going on so what we have to prepare for is the possibility of a deliberate wide-scale attack that could very well be a combined physical and cyber attack and actually because of that concern about the combined effects of a physical and cyber attack we exercised with industry to that scenario last year this is what the grid X series is about and the purpose of that was to consider what would happen if both of those tools were deployed simultaneously on a wide scale to disable our nation and so I think what we need to consider is the possibility that there could be smaller scale incidents which would not be disabling of the nation although it could affect a significant population and those we prepare for in work that depends principally on the utility provider in the region and a nationwide event which would involve a whole of government response we're going to be turning to questions from all of you in a minute but let me ask Steve first if you wanted to add anything more I worry a lot about the cyber threat I you know I think of what a lot of what John said is true a lot of it you know people talk about hacking into a smart meter and getting into the system doing all that I don't worry about that I worry about false telemetry I worry about blinding us to where the system goes because I can conjure up a scenario where we think the system is doing this but is actually doing this and if we were to compensate for that with the direction the information was telling us we would rapidly crash the grid and it would be a wide scale event it would be if if the ISO took a grid that would certainly take down California probably most of the west with us would be my guess yeah so may I just add one additional point on this so the Ukraine attack is very interesting as we diagnosed it the reason that the Ukrainians were able to recover so quickly is because they do not have advanced technology integrated into their system to the degree that we do so they could revert very quickly to analog systems and one of the lessons learned from that attack for our providers is to consider whether you actually want to have a backup system that is not digital how could you respond in a situation in which your digital systems are disabled could you revert do you have them because their legacy system is still in place so for example our western area power administration which is a federal entity still has many of those systems but more advanced private sector entities that have deployed technology to a greater degree may not and so the Ukraine attack I think is a very uh it's instructive in a small sense but it really doesn't go to the heart of what we would face on a grand scale I agree with that Liz and we actually I hope this will harden you a bit we actually do have um alternate information sources uh-huh for this very reason uh to make sure that if it looks like this and that doesn't make any sense we have other we have implemented other things and the other thing I will say as part of this conversation and not to be too overwrought in my opinion this is not an if this is a when scenario and in addition to prevention we're also spending a whole lot of time on what do you do to recover and we're going to make sure we have that covered too because there are ways to recover without these digital systems and uh we would work those so I'll be there and I just want to say I mean I didn't want to in any way belittle the threat the cyber threat I mean it's a real threat but I think we do have you know sophisticated technologies to deal with it because thousands of these things do ping in every day to every one of of our utilities there I mean you can see the maps of where they're coming in and as Steve knows they would countries they come in from etc but they take they definitely have you know the the technologies to deal with I just saw Cisco systems just uh announced something the other day where they actually can detect malware in an encrypted uh packet now without having to decont the packet ultimately and uh and so it's you know advances are happening every day there I don't think we are making those advances on the physical side number one number two on the cyber side again the recovery I think is one that we can do either through having you know analog or alternative data sources and to be able to recover you know fairly reasonable period of hours or if not hours days whereas if you know if you destroy something if you destroy substations uh and ultimately it is substations that that would be the the targets uh as opposed to generators then you know the persistence of that outage is going to be you know months if not years especially if you faced a situation in which there was an intentional attack on multiple transformers simultaneously which take which have this long lead time 18 months I completely agree with that this is very specialized equipment you take it out it takes a long time to get and and this has been widely reported national academy of sciences has done reports on this this goes back and back and back it's not something that I just came up with when I was at FERC I mean I researched it back you know at least a dozen years and still nothing had been done until FERC uh FERC finally put in uh the SIP 142 standards let me um real quickly before we go to questions just ask one thing that there was a front page story uh with the San Francisco Chronicle this week in which it talked about the cyber security threat not in terms of the larger grid but in terms of individual homes and to some extent businesses with the internet of things and smart devices coming in that essentially within homes you could create a micro grid and it raised the specter of literally locking people out of their houses locking them out of their refrigerators with food and not again on the larger scale but on an individual basis of the ransomware that you will not get access without you know paying a certain amount and I'm wondering if any of you you know is this something um that we should be concerned about is it something within the purview of the activities that it or any of you up to we should be concerned but it's easy to fix a 12 year old can hack into most people's homes um their their wireless networks are not well secured um and once you get into the network you can get into your nest thermostats and assuming you have an automatic locking refrigerator I don't have one of those I know that might be a good thing you could uh you could get into that so yeah I mean I don't think I certainly homes are very vulnerable home networks are very vulnerable no there's that does that create does that create a wide scale of vulnerability I don't think so any comments from other you you know I would I would agree with Steve that certainly it's a threat to us individually that we need to concern ourselves with and and certainly the more devices I my son who's who's a computer geek he's 26 and a computer programmer he was setting up new google routers in our house and we have 30 connected devices in our house I had no idea until he said yeah dad I had to had to reprogram the thermostat and reprogram this and do that and everything had to be you know to the new routers and I think the the issue that I worry about is that we know that these ubiquitous devices are actually threat vectors so a cell phone can be the way into a network that could lead to the disabling of SCADA systems that would affect a wide population so the individual at the individual level we would worry there could be risk to a family or liability in an enterprise but really the challenge is how do you secure this this broad network and if you get into SCADA system somebody helped me with I can never remember what SCADA stands for but supervisory control data acquisition so basically these are the control systems for industrial systems and for things like you know generators and and pumps and valves and all these kinds of things those if you get into a SCADA system you can then it's been demonstrated that you can physically destroy a generator by getting the SCADA system there's a there's a they called the Aurora yeah the Idaho National Labs did a test on a 3 megawatt generator where they had a guy hacking in on a laptop into the SCADA system the generator and pulsed the thing back and forth and tore the whole generator up just completely destroyed the generator so you know you can in fact go from the cyber to the physical if you know what you're doing so this is a unique asset we have as a nation we should feel proud of what we have available to us to work on these challenges at Idaho we have a grid scale testbed where we test just as you described and are working to innovate to figure out how to develop the solutions that can be engineered in to the next generation of infrastructure and Stuxnet in essence was a virus that went from the cyber to the physical you know by destroying centrifuges by you know pulsing them in ways that ultimately destroyed them well we obviously could just among ourselves keep talking but I'd like to open this up for questions comments from the audience and we've got our microphones going around so I think we have somebody in the back and yes and please do identify yourself and if you're with an organization we can't hear you yeah we'll tell you you got a mic coming to you right there the next I'll tell you what we'll do is the next person will let why don't you just bring it over so that we can seamlessly move through the questions first got it just on yes I'm Alan Sanstead with Lawrence Berkeley National Laboratory I want to pick up on where the conversation is going right at the end about responding to the threats so grid resilience has been the topic of the day for quite a while now enormous amount of work has been done and is ongoing on question of how do you how would this one enhance grid resilience I'm interested is how much is not known about what needs to be done at this point my question is what is the balance between the need for more information as opposed to the need for resources and action that question makes sense how much is not known well I want to know so there's a lot not known as in the as in what what to do to to enhance the resilience of the grid does that make sense I think it's an economic question because you can do it we know what to do and a good example of this you know John was talking about we could we could have a bunch of 500 kv transformers sitting around but they're really expensive and how many of them do you have and where do you put them so I think it's it's a matter of how much do we want to spend on resilience yeah I mean I mean there's yes I think it's it's like you know 10 we don't know and 90 90 percent it's just a matter of resources although you know it is always once we put those resources in place then it's the bad guys figuring out the next step you know and you always don't know what they're going to figure out is the next step but you know that's one solution the other solution on this great issue is just break the grid up into region regions we in fact did the analysis at FERC and did the load flows to show if you broke the grid up into like 12 different different sub regions that were all connected with with DC ring buses and you couldn't bring the whole you couldn't bring a whole interconnect down but right now the way the interconnects are set up that the three interconnects there's there's the western interconnect the eastern interconnect in Texas Texas is its own you know country ultimately you know those three interconnects could be brought down fairly easily but if you broke them up into sub regions with DC ring buses separating them you can't do that anymore each one of those will stand up individually so again it's that's a matter of economics of whether you want to go there whether you want to do that or not and that would protect it both from a cyber and a and a physical perspective because you could you could separate you know very quickly and and you couldn't get these cascading outages like you got in 2003 in the northeast where a tree touched a line in Ohio and you had New York out for a week you know you could stop that kind of thing you know it is true that the bad guys will keep innovating but I also think our own innovation will continue in a positive sense and so there will be new technologies that will be deployed which will create new vulnerabilities because these new technologies enable us to do more and so I don't think everything's been invented on either side I don't think we've clearly we haven't come to the frontier of invention in terms of what makes our lives more gives us more possibility in our lives and at the same time we haven't therefore invented the solutions to the vulnerabilities that those new technologies may create it's a constantly moving goal line and so my sense from meeting with our brilliant scientists and technologists and many of the labs that we've talked about is that they are on they are they are pushing out the boundaries of knowledge every day and they don't have all the solutions they have some and we're testing trying to develop and deploy them but there's lots to be invented to keep pace with the innovation in our economy and in economies around the world thank you next question thank you my question has to do with this particular session is focused on the grid oh i'm sorry could you introduce yourself i'm john fox from stanford and slag so this session is really focused on the grid and vulnerabilities but if you think one step larger an organization i'm curious how you think the level of preparation or level of response for the grid compares to attack on the banking system or shutting down credit card processing or air traffic control or transportation systems or breaking in uh you know control systems for pipelines or hydroelectric dams or whatever i mean the common aspects of the communications or the interconnectedness gives you many paths to do stuff like this so i'm just curious your perception is the grid worse better about the same is it better to approach these problems broadly on these system by system cases i'm very curious how you view the larger problems lis there are a number of what we call lifeline sectors of the economy and certainly you've described others that are critically important the financial sector is a good example what we as i think about it and came to appreciate the role that we had to play in the responsibilities that i was asked to assume without power our economy stops functioning so that's a lifeline sector the other sectors that make it possible to conduct our business and our lives are interconnected or interdependent with this sector and we are interdependent with those sectors and those sectors are also extremely vulnerable and face similar challenges in the need for innovation the need for investment aging infrastructure and the rest i wouldn't be able to give you a this is more threatened than that analysis that would be informed with data but certainly in working with my colleagues in other agencies so for example the treasury department we collaborated very closely with on a number of these issues they certainly felt that they were in in a situation of significant concern and that they needed to be working aggressively as we were working to make themselves both more resilient and secure and i'll just um note um then john um that mit held a series of workshops in 2015 and 2016 looking at i think it was four sectors in particular um electricity oil gas communications and finance um released a report earlier this year um with recommendations that did go to the new administration and it brought together both what are the things we need to think about cross sectoral because we are interconnected and then within each of these sectors what are the things we need to think about and um uh future research so i think what it tells us is that it's not that you can deal with any one sector in isolation you need to think about the threats specific to that sector but we also need to think about cross our economy and cross our different sectors what to deal with it john but i'd say with respect to relative that threats and again i don't have the data on the non electric sectors the banking sector some of the other major sectors of our our economy but but i have the perception without giving you specifics that the electric sector has many many fewer vulnerable nodes than these other sectors do in the sense that that not many fewer that i probably said that the wrong way that ultimately the electric sector because it has many fewer critical nodes is much more vulnerable than the other sectors than the banking sector is much more vulnerable is much much more the electric sector is much much more vulnerable than these other sectors because it has um you only have to take out much fewer critical nodes and the other the other ones are more distributed let's that's the that's the issue the other ones i have the perception are much more distributed than the electric sector which is much much much more much more dependent on on fewer critical nodes that if we're moved from the system it would be gone i'm going to take this up a level to thinking about national defense one of the reasons this has become more um exigent for us is that we have lived through decades in which nuclear deterrence defended our nation ultimately the homeland was safe because the nuclear deterrent worked and the nuclear deterrent still works and it will defend against nuclear threats deter and defend uh but what our adversaries have identified is ways to essentially come in under that deterrent and uh exploit an element of our system that could disable our nation without having to attack us with nuclear weapons and that can be a state actor or it could conceivably be a terrorist group that and in the case of a state actor some would have a nuclear capability or a conventional capability that would be significant in the case of a terrorist group this could be their only means of getting at us and so we have to think about defense in a new way because of the threats that have emerged since the end of the cold war and which create vulnerabilities for us that could challenge our security and that's that's why i think this question about why does the grid matter why are we focused on it here is that it really is a way of of disabling our nation if you were to be able to attack it on a scale that would uh prevent power from being distributed to a broad swath of our population whoever has the microphone there um we're okay i think just one minute i think we had one person there is just slightly before you you'll be next thank you five milliseconds before me or what yeah thank you excellent session um amy amarnath epri um you know as a follow-up to the previous question um can the panel address anything about one specific threat that's been going on that is emp electromagnetic pulse that actually i should have included that in the description of the full spectrum of threats that i began with so thank you for bringing it up this is a low probability but very high consequence threat and there's been enormous congressional interest in electromagnetic magnetic pulse effects on the grid and uh we uh there is substantial work underway in a number of our national labs on this threat and what its consequences would be and we know that some of our adversaries have considered this as a way of of um affecting our our nation and so while it's not something that is likely to be utilized in a scenario short of frankly all out war on our nation it is something that we have to consider as one of those extreme scenarios that we could conceivably have to uh recover from yes we're standing in between you okay we have our little monitor up here so you can override i uh my name is paul grant and i really am at a loss to describe myself at this stage of my life i think aging physicist would be most appropriate um in the months following 9 11 i was a science fellow at epri and we undertook a red team exercise you guys know what a red team is yeah okay i thought so and we went through almost all the scenarios that you talked about today uh including the one uh i don't know how many how much detail i can go into or should go into but you know what happened at metcalf we we predicted that and in fact that remember metcalf was really uh a stealing of the fiber optics cables and the shooting of the transformer was more like an active vandalism but we came up with exactly those kinds of scenarios and uh we we ran this red team exercise we reported it to our members and i think we also notified doe but i don't know what happened to it after that okay um i remember i'm sorry since we've gotten a high sign from jim um is if we could ask you just to focus on was there a question yeah uh maybe maybe we should talk because i i don't know how much i can really say uh given a security clearance i have but everything you're talking about is not new including emp in fact the founder of epri in i think it was 1949 they actually ran a model of emp uh on the on on the grid at the time it wasn't that big a deal so my question is can you give me some scientific studies today i actually have the algebra of what happens to say a 10 megaton bomb exploded at a at an altitude say of 150 000 feet that's in any response that may be something we should take offline well i'll just say this um i was actually in a conversation about this in the last couple months and uh there there is an analysis of exactly what you described as well as other scenarios of emps and um we do know how the technology reacts to it so um i'll talk about and i'll add that in the partnership i described with industry the electricity sector coordinating council working with us and with epri uh work has been done more recently on assessing emp impacts that's what you saw excellent okay and i would just wrap up and say i don't need the megaton bomb i need nine guys and three pickup trucks and i take out the whole western grid okay i mean you know okay well let me um join in thanking our wonderful panel