news

WASHINGTON, DC — Congressman August Pfluger (TX-11) turned up the heat on his efforts to protect America's electric grid from foreign threats. During a House Energy and Commerce Energy Subcommittee legislative hearing, he asked a Department of Energy (DOE) witness for his insight into the growing cyber and supply-chain risks facing U.S. energy infrastructure and what DOE is doing to address them. In his exchange, Rep. Pfluger made it clear that hostile foreign technology has no place in America's power system.

With cyber and physical threats evolving quickly, Rep. Pfluger zeroed in on a major vulnerability during the hearing: foreign-manufactured equipment being embedded in the U.S. supply chain and its risk to the electric grid. Rep. Pfluger referenced a recent report that indicated certain Chinese-manufactured solar and battery inverters used in the U.S. grid contained undisclosed communication devices, warning that these technologies could threaten our grid security and serve as backdoors into critical American infrastructure.

To counter this threat, Rep. Pfluger recently sent a letter, alongside Rep. Balderson, to the Department of Commerce urging swift action to block high-risk foreign technologies from entering the grid. During the hearing, Rep. Pfluger formally submitted the letter to the record and used it to guide his questioning, ensuring the DOE has the proper tools and structures in place to protect the supply chain and keep foreign adversarial influence out of it.

The witness panel featured leading voices in the energy space, including Alex Fitzsimmons, Acting Undersecretary of Energy and Director of the Office of Cybersecurity, Energy Security, and Emergency Response, U.S. Department of Energy; Scott I. Aaronson, Senior Vice President, Energy Security and Industry Operations, Edison Electric Institute; Adrienne Lotto, Senior Vice President of Grid Security, Technical and Operations Services, American Public Power Association; Nathaniel J. Melby, Ph.D., Vice President and Chief Information Officer, Dairyland Power, on behalf of National Rural Electric Cooperative Association (NRECA).

Watch Rep. Pfluger's full line of questioning HERE or by clicking the image below.

Read Rep. Pfluger's full exchange with witness Alex Fitzsimmons below:

Rep. Pfluger: Thank you, Mr. Chairman. It's nice to have an administration that believes in reliability and reality and not butterflies and unicorns and things that are high in the sky. I want to ask about the supply chain risk to the electric grid, particularly risks tied to foreign-manufactured equipment. Recent reporting has indicated that certain Chinese-manufactured solar and battery inverters deployed to the U.S. grid contained undisclosed communication devices that could potentially allow remote area access or disruption of grid operations. And in response to those concerns, I led a letter with my colleague, Mr. Balderson, to the Department of Commerce urging action to protect the grid from high-risk foreign technologies. Mr. Chairman, with the unanimous consent, I'd like to enter this letter for the record.

Rep. Latta: Without objection. So ordered.

Rep. Pfluger: Thank you, and given DOE's role as the Energy Sector Risk Management Agency, I'd like to ask how the department views and responds to these types of risks. I'll start with DOE's perspective. Do foreign-manufactured grid components with undocumented communications or control capabilities present a legitimate cybersecurity and national security concern for the energy sector?

Alex Fitzsimmons: Yes.

Rep. Pfluger: How does DOE, through CSER, access and monitor risk associated with inverter-based resources and other digitally enabled grid equipment that may be manufactured or programmed abroad?

Alex Fitzsimmons: Yeah, that's a great question. I share your concern. I think it's a very important issue. I mean, you know, as I've mentioned, country of origin matters, but I think what matters even more is our ability to test critical supply chain components, especially as more of these IBR resources are growing and being added to the energy system every day. And so I think there's only so much we can talk about specific vulnerabilities in this setting, in a non-classified setting, but I think it's sufficient to say that CSER has a robust supply chain testing program that's called Citrix, where we can procure grid components. We have looked at some of the technologies that you're focused on. We can get them in front of experts at the DOE national labs, tear them apart, find the cyber risks, find unknown or known issues with them, figure out how to mitigate them, and then figure out how to get that information back out to the private sector. I think we need to be doing a lot more of that work as we look to build out more components to meet load growth and win the AI race, and onshore manufacturing.

Rep. Pfluger: Well, that's a perfect segue into my next question. So when a potential vulnerability is identified in widely deployed equipment, how does DOE coordinate with the various agencies, including DHS and commerce and anyone else, in order to share that information, those vulnerabilities, and what you know in the appropriate setting, with the private sector and with the utilities?

Alex Fitzsimmons: Yeah, I think that is incredibly important, because other agencies are involved in looking at specific cyber risks. They have Intel that we may not have. That Intel gets shared with DOE, and then when it's energy specific, we'll get brought in to figure out, well, how severe the risk is, and what we do, from an engineering standpoint, to test and mitigate it. So we're focused on looking at various risks in context to figure out how we can best inform and mitigate those risks.

Rep. Pfluger: Is that happening on a regular basis? Is there a regularly scheduled meeting with stakeholders who are pre-identified? Can you kind of walk me through what that looks like?

Alex Fitzsimmons: Yeah, our Citrix program is led by CSER. It's a multi-lab effort that is funded every year, and they meet on a regular basis and also on an as-needed basis. So I think we have to have that flexibility. So we have programs just kind of trying to look ahead at what the threat landscape is saying, so we can figure out, well, what kinds of grid components should we be procuring for testing, but then we also are able to respond rapidly. If we get specific, real-time threat information about an active situation, we're able to go to cleared industry partners, we're able to find specific components, and do some rapid testing on them. So I think having that flexibility is important.

Rep. Pfluger: Would the legislation under consideration today help the Department of Energy improve coordination, information sharing, and response to emerging threats that cut across cybersecurity, supply chains, grid operations, etc?

Alex Fitzsimmons: Yes, I think it would.

Rep. Pfluger: Are there any needed changes to that, or is the form that we're looking at refined to meet the challenge and meet the vulnerabilities?

Alex Fitzsimmons: I think that on a conceptual basis, I think it makes sense. I know we're providing specific TA, and we're happy to follow up with you about it.

Rep. Pfluger: We've got 40 seconds left. Are there previous questions that you didn't get to that you wanted to expand on? Either on our side of the aisle or on the other side of the aisle?

Alex Fitzsimmons: Thank you for the opportunity. I would say there were comments made about the situation in Venezuela, and I think the congressman, who is no longer here, knows that we are not running Venezuela. I think what President Trump has said is he has brokered a historic energy deal that Secretary Wright is now implementing, and that deal will be a win, win, win. It'll be a win for the people of Venezuela. It will be a win for U.S. energy companies, and it will be a win for the American people in the form of lower energy prices. That's what we're focused on at DOE.

Rep. Pfluger: We will be taking a look at that. And I yield back.