ICYMI…

“Protecting America's Energy Infrastructure in Today's Cyber and Physical Threat Landscape”

House Energy and Commerce

January 13, 2025 (recording linked here)

HEARING INFORMATION

Witnesses and Written Testimony (Linked):
Panel 1

• Alex Fitzsimmons, Acting Undersecretary of Energy and Director of the Office of Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy

Panel 2

• Scott I. Aaronson, Senior Vice President, Energy Security and Industry Operations, Edison Electric Institute

• Adrienne Lotto, Senior Vice President of Grid Security, Technical and Operations Services, American Public Power Association

• Nathaniel J. Melby, Ph.D., Vice President and Chief Information Officer, Dairyland Power, on behalf of National Rural Electric Cooperative Association (NRECA)

• Rebecca O’Neil, Research Principal, Infrastructure, Energy and Environment Directorate, Pacific Northwest National Laboratory.

HEARING HIGHLIGHTS

IN THEIR WORDS

SUMMARY OF OPENING STATEMENTS FROM THE FULL COMMITTEE AND SUBCOMMITTEE, PANEL 1

• Subcommittee Chair Latta opened the hearing by emphasizing that the reliable delivery of energy through critical infrastructure was fundamental to the modern economy and the health and welfare of communities nationwide. He stated that growing energy demand made effective cybersecurity and physical security more urgent than ever, particularly as digitization and system interconnections expanded potential attack surfaces. He noted that recent hearings had underscored the sophistication of adversaries and the real-world consequences of attacks on energy infrastructure. He emphasized the need for intelligence sharing, clear visibility into threat landscapes, and targeted resources for rural and small utilities. He explained that the legislative package before the subcommittee sought to strengthen DOE’s central security mission, formalize threat analysis programs, and provide assistance to smaller utilities.

• Subcommittee Ranking Member Castor opened by stating that she looked forward to learning how Congress could make the electric grid more resilient and secure, noting the committee’s history of bipartisan cooperation on grid security. She argued that current energy reliability challenges stemmed primarily from actions taken by the President and Republican policies that had canceled or delayed major energy projects. She cited the termination of offshore wind, solar, and transmission projects as examples of decisions that reduced electricity supply, raised costs, and increased uncertainty. She emphasized that clean energy and transmission investments were critical to meeting growing electricity demand and maintaining affordability. She warned that project cancellations and regulatory barriers had created a self-inflicted energy crisis that weakened grid security. She concluded by urging bipartisan cooperation to expand transmission and ensure affordable, reliable energy for consumers.

• Full Committee Chair Guthrie opened by thanking the subcommittee leadership and witnesses and emphasized that energy infrastructure underpinned the entire U.S. economy, making it a prime target for adversarial attacks. He cited cyber and physical attacks linked to Russia, China, and other actors, including incidents affecting Ukraine, Taiwan, the Colonial Pipeline, and U.S. substations. He stated that advanced technologies, including artificial intelligence, had increased the scale and sophistication of potential threats. He warned that large-scale attacks on U.S. energy infrastructure were no longer hypothetical but inevitable without proper preparation. He explained that the legislation under consideration would strengthen DOE’s role as the sector risk management agency and improve coordination and visibility across the energy sector. He concluded by emphasizing bipartisan collaboration to prepare the entire energy system to prevent, detect, and respond to attacks.

• Full Committee Ranking Member Pallone opened by warning that America’s energy system faced escalating cyber and physical threats from nation-state adversaries and increasingly capable non-state actors. He stated that artificial intelligence had amplified the power and accessibility of cyber weapons, increasing risks to energy infrastructure. He expressed support for draft legislation reauthorizing cybersecurity programs created by the bipartisan infrastructure law and for new proposals such as the Energy Threat Analysis Center Act. He raised concerns that recent Department of Energy actions had undermined energy reliability by canceling hundreds of congressionally authorized projects and reducing DOE staffing. He criticized DOE reorganizations that eliminated key offices responsible for grid deployment and supply chain resilience. He concluded by arguing that cybersecurity legislation alone was insufficient to offset broader policy decisions that were increasing electricity costs and weakening energy reliability.

SUMMARY OF WITNESS STATEMENT, PANEL 1

• Fitzsimmons opened by describing the Department of Energy’s responsibility to protect the nation’s energy infrastructure from cyber, physical, and supply chain threats. He explained that DOE served as the sector risk management agency for energy and worked closely with industry, intelligence partners, and other federal agencies to assess vulnerabilities and share threat information. He emphasized that threats to the energy sector were evolving rapidly, particularly with the growing use of advanced technologies by adversaries. He highlighted DOE programs that provided technical assistance, emergency coordination, and cybersecurity support to utilities of all sizes. He noted the importance of formalizing leadership structures and authorizing programs to strengthen DOE’s security mission. He concluded by stating that the proposed legislation would enhance DOE’s ability to prepare for, respond to, and mitigate disruptions to the nation’s energy systems.

SUMMARY OF KEY Q&A, PANEL 1

• Chair Latta asked whether the Department of Energy had sufficient staffing, resources, and statutory authority to carry out the energy security responsibilities required by the proposed legislation. Mr. Fitzsimmons answered that DOE did have sufficient capacity and emphasized its role as the sector risk management agency, its technical expertise, and its trusted, voluntary collaboration model with industry.

  Chair Latta asked how the Secure Grid Act would strengthen state energy security plans and address vulnerabilities across distribution systems and supply chains. Mr. Fitzsimmons answered that the legislation enhanced state and local coordination, ensured a comprehensive view of system-wide threats, and aligned state efforts with DOE’s mission to protect the entire energy sector.

  Chair Latta asked how DOE reviewed financial assistance awards to ensure alignment with national and economic security priorities. Mr. Fitzsimmons answered that DOE continuously reviewed funded projects to ensure technical, financial, and economic viability and responsible stewardship of taxpayer resources.

  Chair Latta asked whether DOE effectively shared threat information with smaller utilities in a timely manner. Mr. Fitzsimmons answered that information sharing was central to CESER’s mission and that DOE could further strengthen those efforts.

• Ranking Member Castor asked whether Mr. Fitzsimmons had participated in drafting emergency orders that kept certain coal plants online under Section 202(c). Mr. Fitzsimmons answered that he had, in his role as CESER Director.

  Ranking Member Castor asked whether DOE believed PJM faced an energy shortage and challenged DOE’s cancellation of offshore wind projects despite PJM reliability findings. Mr. Fitzsimmons answered that PJM had requested the emergency orders, characterized offshore wind as an expensive resource, and stated that DOE actions were taken under a declared national energy emergency, while noting that offshore wind permitting fell under the Department of the Interior.

• Vice Chair Weber asked whether DOE’s designation as the sector risk management agency enabled effective coordination across federal, state, and industry partners. Mr. Fitzsimmons answered affirmatively.

  Vice Chair Weber asked whether a reliable, dispatchable energy system was essential to national security and economic stability. Mr. Fitzsimmons answered affirmatively and emphasized the need to meet peak demand with dispatchable resources to protect public safety and grid reliability.

  Vice Chair Weber asked whether pipelines were critical to the energy system and whether DOE could coordinate effectively with other agencies on pipeline security. Mr. Fitzsimmons answered affirmatively and stated that DOE already coordinated through interagency and sector coordinating councils.

  Vice Chair Weber asked how CESER ensured that federal guidance and policies were practical and feasible for industry implementation. Mr. Fitzsimmons answered that CESER’s non-regulatory, voluntary approach supported trust-based partnerships, information sharing, and workable solutions for industry.

• Ranking Member Pallone asked whether DOE believed grants and loans should go only to states that voted for President Trump and whether terminated awards should be restored if political targeting was wrong. Mr. Fitzsimmons answered that DOE did not award or terminate projects based on politics and said DOE continuously reviewed projects individually for national security alignment and technical, financial, and economic feasibility.

  Ranking Member Pallone asked whether Mr. Fitzsimmons supported an “all-of-the-above” energy strategy. Mr. Fitzsimmons answered that he did, so long as resources competed on a level playing field.

• Chair Guthrie asked whether the current administration prioritized energy security consistent with CESER’s mission and structure. Mr. Fitzsimmons answered that it did.

  Chair Guthrie asked why DOE issued multiple Federal Power Act Section 202(c) orders and what justified keeping certain dispatchable resources online. Mr. Fitzsimmons answered that reserve margins were tightening amid load growth, grid operators had warned of serious reliability risks, and the administration used 202(c) authority under a declared national energy emergency to prevent premature retirements of dispatchable capacity needed for peak demand and future growth.

  Chair Guthrie asked whether adversaries such as China could use AI to disrupt U.S. energy systems and how CESER was preparing. Mr. Fitzsimmons answered that AI-enabled offensive cyber capabilities were a growing threat and said CESER was prioritizing AI-enabled cyber defense, including through its FY26 “AI for Operationally Resilient Technologies and Systems” efforts.

• Rep. Peters challenged DOE’s “level playing field” framing and asked how ETAC could help reduce wildfire risk to utility infrastructure through better coordination and intelligence. Mr. Fitzsimmons answered that ETAC supported CESER’s mission by colocating cleared industry and government partners to analyze real-time threat information, validate severity, develop mitigations, and quickly disseminate actionable guidance to operators.

• Rep. Palmer asked whether grid reliability risks were being driven by retiring dispatchable generation and whether keeping certain plants online was justified for reliability and security. Mr. Fitzsimmons answered that meeting peak demand required reliable, dispatchable resources, that operators had warned reserve margins were shrinking as demand grew, and that overreliance on non-dispatchable resources without sufficient dispatchable capacity increased reliability risks and costs.

• Rep. Menendez asked whether cyber threats were rising, whether they threatened grid reliability, and whether DOE played an irreplaceable role in responding. Mr. Fitzsimmons answered yes to each.

  Rep. Menendez asked whether roughly 3,500 DOE positions had been cut and whether DOE’s involvement in a Venezuela oil arrangement strained DOE’s capacity to address domestic energy and cyber issues. Mr. Fitzsimmons answered that staffing reductions had occurred, but said the Venezuela-related work did not strain DOE capacity and argued that staffing levels did not necessarily determine mission success.

  Rep. Menendez asked why DOE canceled significant funding intended to help communities harden infrastructure against severe weather and whether DOE should act with urgency. Mr. Fitzsimmons answered that DOE had to conduct rigorous, ongoing portfolio reviews to ensure projects advanced national security and had a viable path to technical and economic success, and offered to discuss specific projects in a separate briefing.

• Rep. Allen asked how DOE’s national laboratories contributed to grid security and what the broader plan was for preserving consumer energy choice amid reliability concerns. Mr. Fitzsimmons answered that national labs enabled CESER work such as component testing for cyber vulnerabilities and sharing mitigation guidance, and said DOE supported preserving consumer options and avoiding regulations that removed products like natural gas appliances from the marketplace.

• Rep. McClellan asked whether managing demand, including data center impacts, could help mitigate energy shortages and whether grid flexibility and efficiency reduced demand pressure. Mr. Fitzsimmons answered that resource adequacy was fundamentally a supply-and-demand balance and agreed that load-side measures and improved flexibility could help under appropriate circumstances.

  Rep. McClellan asked whether the mix of old infrastructure and modern cyber tools created gaps that increased grid vulnerabilities. Mr. Fitzsimmons answered yes and said investment in upgrades was important.

• Rep. Balderson asked about cybersecurity risks to natural gas production and delivery and what disruptions could mean for constituents and bulk power reliability. Mr. Fitzsimmons answered that he could not discuss specific threats in an unclassified setting but said threats were significant and that adversaries targeted critical energy subcomponents to maximize disruption.

  Rep. Balderson asked about ETAC’s strategic goals as a maturing program for rapid information sharing and mitigation. Mr. Fitzsimmons answered that ETAC reduced latency by turning classified threat intelligence into actionable, declassified technical guidance through collaboration with cleared industry partners and DOE staff.

  Rep. Balderson asked why state energy security plans should address threats to local distribution systems. Mr. Fitzsimmons answered that distribution infrastructure was often the front line and comparatively less secured, so comprehensive planning needed to cover the full system down to delivery to homes and businesses.

• Rep. DeGette questioned whether DOE truly supported an all-of-the-above energy policy and whether political retribution influenced grant cancellations in Colorado. Mr. Fitzsimmons answered that DOE supported an all-of-the-above approach only under a level playing field and stated that political considerations were not used in grant decisions, emphasizing national security and project viability criteria.

  Rep. DeGette asked whether DOE was aware of canceled Colorado grants tied to grid resilience, national labs, and zero-emission systems. Mr. Fitzsimmons answered that he was not familiar with specific projects and said DOE would discuss individual grants separately with members’ offices.

  Rep. DeGette challenged DOE’s budget cuts to renewable energy research and questioned keeping a Colorado coal plant online despite state determinations. Mr. Fitzsimmons answered that additional funding did not automatically ensure success and argued that grid operators had warned of growing resource adequacy risks requiring dispatchable generation.

• Rep. Pfluger asked about risks from foreign-manufactured grid components, particularly Chinese inverters with hidden communications capabilities. Mr. Fitzsimmons answered that supply chain risks were significant and said CESER tested critical components through national labs to identify vulnerabilities and share mitigations with industry.

  Rep. Pfluger asked how DOE coordinated with other agencies and industry when vulnerabilities were discovered. Mr. Fitzsimmons answered that DOE worked closely with DHS, Commerce, and the intelligence community to assess severity, engineer mitigations, and disseminate actionable information.

  Rep. Pfluger asked whether pending legislation would improve coordination and information sharing. Mr. Fitzsimmons answered that the legislation made sense conceptually and that DOE was providing technical assistance on refinements.

• Rep. Tonko asked whether utilities faced growing cyber, physical, and weather-related threats and whether resilience investments could mitigate them. Mr. Fitzsimmons agreed and said resilience investments were appropriate.

  Rep. Tonko questioned why DOE canceled a New York microgrid grant supporting hospitals and first responders and cited evidence suggesting political targeting. Mr. Fitzsimmons answered that DOE disagreed with court characterizations and reiterated that national security and feasibility guided grant reviews, declining to discuss specific projects publicly.

• Rep. Miller-Meeks highlighted physical sabotage risks, rural utility vulnerabilities, and China’s pre-positioned cyber capabilities in energy infrastructure. Mr. Fitzsimmons answered that CESER prioritized identifying supply-chain single points of failure, expanding domestic manufacturing, and continuously testing deployed systems for cyber vulnerabilities.

  Rep. Miller-Meeks asked how DOE would obligate remaining rural and municipal utility cybersecurity funds before program expiration. Mr. Fitzsimmons answered that DOE was accelerating contracts, partnering with utility associations, and correcting delays from the prior administration.

• Rep. Veasey argued that DOE’s grant cancellations undermined modernization, investment certainty, and manufacturing in Texas. Mr. Fitzsimmons answered that DOE had a duty to reassess projects awarded late in the prior administration and ensure alignment with national security and economic viability.

  Rep. Veasey asked whether dismantling clean energy incentives harmed U.S. competitiveness in renewables. Mr. Fitzsimmons answered that while renewable capacity would continue to grow, dispatchable resources remained essential to meeting peak demand and grid reliability.

• Rep. Bentz questioned the lack of transmission to support large-scale renewable deployment on the East Coast and in Oregon. Mr. Fitzsimmons answered that intermittent resources imposed unseen transmission and balancing costs and said dispatchable generation provided the greatest system value.

  Rep. Bentz asked how the nation could overcome transmission bottlenecks without unconstrained build-outs. Mr. Fitzsimmons answered that DOE was pursuing targeted transmission upgrades and grid-enhancing technologies in high-congestion areas to lower costs.

• Rep. Schrier criticized DOE actions affecting Washington State energy reliability, Bonneville Power Administration staffing, and Venezuela policy. Mr. Fitzsimmons answered that BPA had a hiring plan underway and defended the administration’s Venezuela energy engagement as beneficial to energy prices and security.

• Rep. Lee asked whether elevating DOE emergency response leadership would improve coordination and cybersecurity information sharing. Mr. Fitzsimmons answered that CESER’s mission effectiveness mattered more than title and emphasized timely, actionable intelligence sharing through ETAC.

• Rep. Ocasio-Cortez asked whether DOE assessed job losses from canceled clean energy projects and tax credit reversals. Mr. Fitzsimmons answered that DOE conducted comprehensive project reviews but did not identify a standalone pre-decision job-loss assessment.

• Rep. Langworthy asked how DOE supported rural utilities and prepared for severe weather events like Winter Storm Elliott. Mr. Fitzsimmons answered that CESER worked with cooperatives on basic cyber hygiene and used real-time tools like Eagle Eye to coordinate emergency response.

• Rep. Fletcher asked whether threats had increased following Venezuela-related actions and requested details on the alleged energy “deal.” Mr. Fitzsimmons answered that threat discussions were classified and characterized the Venezuela engagement as a future opportunity led by the President and Secretary Wright.

• Rep. Evans asked about the role of national laboratories and ETAC in grid hardening and threat fusion. Mr. Fitzsimmons answered that labs enabled classified-to-actionable intelligence sharing and that ETAC’s mission focus was critical to its success.

• Rep. James asked whether Net Zero-driven retirements of dispatchable generation increased grid vulnerability and necessitated emergency orders. Mr. Fitzsimmons answered that premature retirements directly weakened reliability, shrank reserve margins, and increased risk to cyber and physical security.

• Rep. Fedorchak asked how DOE prepared for simultaneous cyber attacks and geopolitical crises. Mr. Fitzsimmons answered that CESER conducted multi-stakeholder exercises like Clear Path to model cascading failures and improve coordination.

• Rep. Joyce asked how rural and municipal utility cybersecurity programs reduced vulnerability and costs. Mr. Fitzsimmons answered that modest federal investments in basic cyber hygiene could mitigate most intrusions and significantly improve collective security.

  SUMMARY OF WITNESS STATEMENT, PANEL 2

• Mr. Aaronson testified that investor-owned electric utilities serve nearly 250 million Americans and play a critical role in national and economic security as electricity demand grows from data centers, electrification, and advanced manufacturing. He explained that the grid is becoming more complex due to digitization, distributed resources, and two-way power flows, which expand the cyber and physical attack surface. He warned that near-peer nation states have targeted U.S. critical infrastructure, requiring a defense-in-depth approach that prioritizes protection, resilience, and rapid recovery. He emphasized redundancy, black-start capabilities, and a strong culture of mutual assistance, including cyber mutual aid and spare equipment sharing. He highlighted the importance of public-private partnerships, information sharing, and programs such as ETAC, E-ISAC, CRISP, and CyTRICS. He concluded that bipartisan congressional action had been essential to improving grid security and that continued collaboration was necessary as threats evolve.

• Dr. Melby testified that electric cooperatives serve 42 million Americans, including critical military assets, while operating in rural, resource-constrained environments with thin margins. He explained that cooperatives face growing cyber threats while balancing security investments directly against member affordability, noting that many cooperative households have limited incomes. He emphasized that the Rural and Municipal Utility Cybersecurity (RMUC) Program was essential to closing the rural resource gap through technology deployment, partnerships, and voluntary information sharing. He cited recent DOE awards benefiting over 400 cooperatives, including funding for Dairyland to deploy advanced cybersecurity tools. He also described Project Guardian, which provides shared tools, training, and exercises for smaller cooperatives. He urged Congress to reauthorize RMUC, reduce application burdens, and accelerate fund distribution to ensure resources reach the most under-resourced utilities.

• Ms. O’Neil testified that she led PNNL’s work supporting all 56 states and territories in completing state energy security plans under DOE CESER, culminating in full compliance by December 2024. She explained that states play a unique role in energy security because they understand local infrastructure, ownership structures, and interdependencies across energy sectors. She emphasized that energy security plans address not only electricity but also fuels, natural gas, and cross-sector vulnerabilities, and require risk assessments, mitigation strategies, and coordination frameworks. She clarified that these plans are not templates or emergency response manuals, but state-specific strategies reflecting unique risks and consequences. She described PNNL’s role in reviewing over 14,000 pages of plans, providing technical guidance, training, and exercises in partnership with NASIO. She concluded that national energy security depends on strong state energy security supported by continued federal leadership and technical assistance.

• Ms. Lotto testified that public power utilities serve over 55 million people through community-owned, not-for-profit electric systems focused on reliability and affordability. She identified three pillars of grid security: enforceable standards, robust information sharing and public-private partnerships, and defense-in-depth supported by exercises. She expressed strong support for reauthorizing the RMUC program, restoring protections for critical infrastructure collaboration forums, and improving regulatory harmonization. She emphasized the role of the Electricity Subsector Coordinating Council (ESCC) as the primary liaison between government and industry during national emergencies. She described APPA’s Cyber Pathways Program and additional DOE-funded initiatives that provide cybersecurity assessments, training, and incident response improvements for resource-limited utilities. She concluded that extending RMUC through 2030 would significantly strengthen national security at relatively low cost.

SUMMARY OF KEY Q&A, PANEL 1

• Rep. Latta asked how the Secure Grid Act would ensure states addressed vulnerabilities created by digitization and interconnected energy systems. Ms. O’Neil answered that the Act clarified congressional intent by strengthening expectations for state cybersecurity analysis, defining focus areas, and reinforcing states’ roles as they continue developing expertise.

  Rep. Latta asked how electric cooperatives addressed workforce shortages and training needs alongside cybersecurity investments. Dr. Melby answered that cooperatives relied on federal partnerships, shared expertise, and training programs to build skills, processes, and basic cyber hygiene without overburdening members.

  Rep. Latta asked how DOE’s work on fuel supply visibility could improve pipeline security for power generation. Mr. Aaronson answered that close coordination between electric and gas sectors through DOE-led councils and joint exercises had already strengthened operational awareness and security.

• Rep. Castor asked what resources states relied on from the federal government to implement energy security plans. Ms. O’Neil answered that DOE provided technical expertise, data tools, training, and capabilities like real-time outage monitoring, enabling states to operationalize plans beyond initial development.

  Rep. Castor asked how improved transmission planning and corridor development could enhance energy security and reliability.

  Ms. O’Neil answered that early planning, corridor identification, and public engagement reduced costs, improved reliability, and helped states better integrate transmission into long-term security strategies.

• Rep. Weber asked how enhanced coordination among natural gas pipeline regulators could improve both energy safety and cyber and physical security across the electricity system. Ms. Lotto responded that public power utilities already worked closely with DOE and natural gas sector partners, and she said expanded threat and vulnerability information-sharing across generation, transmission, and distribution would strengthen system-wide security.

  Rep. Weber asked how electric cooperatives could pursue cyber and physical security upgrades without imposing excessive costs on rural members and what role the RMUC program played in supporting that balance. Dr. Melby answered that cooperatives served many persistent-poverty counties and relied on shared services, trade-association support, and RMUC funding to collectively raise cybersecurity baselines while managing financial constraints.

  Rep. Weber asked how broader industry participation supported this approach. Mr. Aaronson responded that because the North American grid was highly interconnected, programs like RMUC helped ensure all utilities—investor-owned, cooperative, and municipal—had sufficient capability to contribute to collective defense.

• Rep. Menendez asked how state energy security plan requirements under the Infrastructure Investment and Jobs Act improved state preparedness. Ms. O’Neil answered that the requirements forced states to inventory energy assets, assess cyber and physical threats, analyze interdependencies, and prioritize mitigations, which strengthened coordination and investment decisions.

  Rep. Menendez asked whether the RMUC advanced cybersecurity grant program had been successful. Dr. Melby and Ms. Lotto both stated that the program had been effective in improving security for rural and public power utilities.

  Rep. Menendez asked whether cancelling over $2 billion in infrastructure-hardening funds helped or harmed grid security. Mr. Aaronson responded that grid security depended on collective investment and that additional funding generally strengthened system-wide resilience.

• Rep. Palmer raised concerns about substation attacks, transformer shortages, and supply-chain vulnerabilities affecting grid restoration and national security. Mr. Aaronson answered that while supply-chain delays existed, the greater concern was the increasing frequency of attacks, and he noted that spare-equipment sharing programs had enabled rapid recovery in past incidents. Ms. O’Neil added that supply-chain decisions involved tradeoffs between cost and security, and that resilience needed to be designed into systems from the outset.

• Rep. Matsui asked whether the state energy security plan program had improved state readiness for grid emergencies. Ms. O’Neil answered that it had, noting that all states and territories completed significantly more rigorous plans following federal review and support.

  Rep. Matsui asked whether regular updates to state energy security plans were necessary. Ms. O’Neil responded that rapid changes in energy systems made periodic plan updates essential.

  Rep. Matsui asked what value state energy security plans provided to public power utilities. Ms. Lotto answered that the plans ensured distribution utilities were fully integrated into system-wide security planning.

  Rep. Matsui asked how utilities prepared for post-disaster equipment shortages. Mr. Aaronson responded that utilities relied on storm stock, spare-equipment sharing, and emergency planning to restore service quickly.

• Chair Guthrie asked the panel how they worked with DOE and other agencies to address fast-evolving threats from adversaries such as China using AI to target the energy grid, and how the bills under consideration helped advance that work. Mr. Aaronson answered that supply-chain security was inseparable from national security, emphasized the need to secure manufacturing inputs for electricity and data centers supporting AI, and noted programs such as equipment vetting and threat analysis helped mitigate cyber and physical risks. Dr. Melby answered that electric cooperatives relied on DOE partnerships and information sharing to manage nation-state threats holistically and maintain grid resilience regardless of threat origin. Ms. O’Neil answered that DOE National Laboratories had long worked on AI and energy security, supported supply-chain reviews and risk modeling, and provided technical expertise to states that could not independently maintain such capabilities. Ms. Lotto answered that industry leadership received regular AI-related threat briefings, coordinated closely with DOE and national labs on defensive and offensive research, and relied on RMUC funding to address supply-chain and cybersecurity risks.

  Chair Guthrie asked how the bills before the committee would strengthen ongoing threat-response efforts. Mr. Aaronson answered that codifying and resourcing programs such as the Energy Threat Analysis Center would significantly enhance collective defense and information sharing. Dr. Melby answered that faster access to high-quality information directly improved response speed and effectiveness across the cooperative sector.

• Rep. Schrier asked how the federal government could help states move from planning to implementation of state energy security plans under the Secure Grid Act. Ms. O’Neil answered that implementation challenges centered on managing interdependencies across sectors and that federal technical assistance helped states analyze cascading risks and supply-chain vulnerabilities. Rep. Schrier asked about transformer shortages and whether standardization could improve recovery after attacks. Mr. Aaronson answered that while some standardization aided sharing, diversity in equipment also increased resilience, and emphasized logistical constraints and prioritization challenges during widespread outages.

• Rep. Allen asked how the federal government could assist in securing industrial control systems. Mr. Aaronson answered that industry already protected critical control systems under mandatory standards, while intelligence sharing from government to operators remained the most valuable federal contribution.

  Rep. Allen asked how RMUC funding supported cybersecurity for rural utilities.

  Dr. Melby answered that RMUC funding enabled cooperatives to deploy shared advanced cybersecurity tools, improving visibility and situational awareness across multiple utilities. Ms. Lotto answered that RMUC funding supported risk assessments, training, technical deployments, and incident-response planning for public power utilities.

  Rep. Allen asked how national laboratories could be leveraged to strengthen grid security. Ms. Lotto answered that national lab research was most effective when industry participated directly, ensuring practical solutions to real-world grid vulnerabilities.

• Rep. Balderson asked how the Energy Threat Analysis Center provided value beyond its direct participants. Mr. Aaronson answered that findings from participating utilities were shared broadly through industry information-sharing networks, benefiting the entire sector.

  Rep. Balderson asked about the challenges rural cooperatives faced in protecting expansive infrastructure. Dr. Melby answered that RMUC funding and cooperative-led programs enabled high-impact investments that raised baseline cybersecurity across geographically dispersed systems.

  Rep. Balderson asked about risks from disruptions to natural gas supply. Dr. Melby answered that while his cooperative did not own pipelines, it depended on them for reliable generation. Ms. Lotto answered that enhanced coordination between electric and natural gas sectors was essential due to the grid’s interconnected nature.

• Rep. Harshbarger asked how quickly ETAC could analyze and distribute threat information. Mr. Aaronson answered that colocated government and industry analysts allowed rapid dissemination of actionable intelligence during emerging threats.

  Rep. Harshbarger asked what RMUC reauthorization would enable public power utilities to accomplish. Ms. Lotto answered that additional funding would support cyber incident response capabilities and risk assessments, enabling faster restoration following attacks.

  Rep. Harshbarger asked how cooperatives used RMUC funding to strengthen cyber defenses. Dr. Melby answered that funding supported deployment of intrusion prevention, detection, vulnerability assessment, and real-time threat monitoring across cooperative systems.

  Rep. Harshbarger asked whether U.S.-manufactured energy technologies were less vulnerable to cyber threats. Ms. O’Neil answered that domestic manufacturing reduced reliance on adversarial supply chains and improved security across the energy technology lifecycle.

• Rep. Joyce asked whether the RMUC program effectively coordinated with rural electric cooperatives. Dr. Melby answered that the program was well-structured, targeted appropriate needs, and depended primarily on sustained funding.

  Rep. Joyce asked whether RMUC assistance helped balance security upgrades with affordability. Dr. Melby answered that tailored assistance allowed cooperatives with differing financial capacities to meet baseline cybersecurity standards without imposing undue costs on members.

ADD TO THE NIMITZ NETWORK

Know someone else who would enjoy our updates? Feel free to forward them this email and have them subscribe here.