WASHINGTON, DC — Congressman August Pfluger (TX-11), a member of the House Energy and Commerce Committee, participated in a Subcommittee on Energy hearing titled "Securing America's Energy Infrastructure: Addressing Cyber and Physical Threats to the Grid." During the hearing, Rep. Pfluger pressed witnesses on concrete steps the United States can and must take to counter the escalating foreign cyber threats to our electric grid.
This hearing builds on Rep. Pfluger's broader work to strengthen America's cyber defenses. He recently introduced legislation to protect critical American infrastructure and enhance national security. You can read more about the Cyber Deterrence and Response Act of 2025 here.
Witnesses in today's hearing included Michael Ball, CEO of the Electricity Information Sharing and Analysis Center and Senior Vice President of North American Electric Reliability Corporation, Sharla Artz, Security and Resilience Policy Area Vice President at Xcel Energy, on behalf of Edison Electric Institute, Tim Lindahl, President and CEO of Kenergy, on behalf of National Rural Electric Cooperative Association (NRECA), Zach Tudor, Associate Laboratory Director, National and Homeland Security, Idaho National Laboratory, and Harry Krejsa, Director of Studies for the Carnegie Mellon Institute for Strategy & Technology.
Watch Rep. Pfluger's full line of questioning HERE or by clicking the image below.
Read highlights of the exchange below:
Rep. Pfluger:Mr. Ball, in your testimony, you indicated that the PRC campaigns like Salt Typhoon and Bull Typhoon represent the most persistent and adaptive threats that are targeting our infrastructure. We know that the Chinese Communist Party is actively seeking to do damage and gather intelligence. But can you describe at an operational level what utilities are doing differently today than what has been done to detect and to stop these campaigns, and then what gaps still exist that we need to be worried about?
Mr. Ball:So I think the best way to describe that is, I think we see an industry that is evolving in its capabilities, and it's based on awareness. I think we have seen a significant awakening. And I'm not saying it's enough, but we have seen a significant awakening to the threat with our industry. And when it boils down to it, despite these sophisticated capabilities that threat actors like the PRC have, a lot of the things that make us resilient still boil down to basic practices… and we need to continue to bolster that capability. Our industry, whether it's large IOUs or down to the municipals and cooperatives. I think you're hearing even today how this industry is awake to that, and I think we need to continue to empower them to be able to build a more resilient system.
Rep. Pfluger:Ms. Arts, you mentioned your testimony that the Chinese state-sponsored actors have already compromised multiple U.S. critical infrastructure providers with the intent to disrupt operational controls. How have the cybersecurity practices changed in response to these threats in these nation-states?
Ms. Arts: Thank you for the question. I would say the information that we've received, particularly on Volt Typhoon and Salt Typhoon, resulted in the energy threat analysis center, which I mentioned, really honing in on that threat and developing capabilities. Capabilities is maybe not quite the right word, so that small, medium, and large electric utilities could look for evidence of those cyber actors in their systems. Those threat hunt memo guides that were produced by ETAC are an example of us as an industry taking that intelligence, innovating, and getting quick risk reduction priorities into the hands of those who need to use them to mitigate the risk.
