Congressional Testimony
Here's a look at documents involving congressional testimony and member statements
Featured Stories
Southcentral Foundation VP Ross Testifies Before Senate Indian Affairs Committee
WASHINGTON, Feb. 15 -- The Senate Indian Affairs Committee released the following testimony by Leanndra Ross, vice president for executive and tribal services at the Southcentral Foundation, Anchorage, Alaska, from a Feb. 4, 2026, hearing on the Southcentral Foundation Land Transfer Act (S. 2098):* * *
My name is Leanndra Ross. I am the Vice President for Executive and Tribal Services at the Southcentral Foundation. I am a Tlingit and Haida citizen and Salamatof Tribal member. I want to thank the Committee for the opportunity to testify today and for your work on behalf of Tribes, Tribal Organizations ... Show Full Article WASHINGTON, Feb. 15 -- The Senate Indian Affairs Committee released the following testimony by Leanndra Ross, vice president for executive and tribal services at the Southcentral Foundation, Anchorage, Alaska, from a Feb. 4, 2026, hearing on the Southcentral Foundation Land Transfer Act (S. 2098): * * * My name is Leanndra Ross. I am the Vice President for Executive and Tribal Services at the Southcentral Foundation. I am a Tlingit and Haida citizen and Salamatof Tribal member. I want to thank the Committee for the opportunity to testify today and for your work on behalf of Tribes, Tribal Organizationsand American Indian and Alaska Native people all around the country. Your work truly saves lives.
SCF is the Alaska Native Tribal health organization under the Tribal authority of Cook Inlet Region, Inc. and designated by 12 federally-recognized Tribes - the Aleut Community of St. Paul Island, Chitina, Igiugig, Iliamna, Kokhanok, McGrath, Newhalen, Nikolai, Nondalton, Pedro Bay, Telida, and Takotna - to provide health care services to beneficiaries of the Indian Health Service (IHS) pursuant to a government-to-government contract with the United States under authority of the Indian Self- Determination and Education Assistance Act (ISDEAA), P.L. 93-638.
SCF is a model of the benefits of self-determination and the importance of allowing Alaska Native peoples to chart their own health care journey. SCF is a two-time recipient of the Malcolm Baldrige National Quality Award for health (2011 and 2017) and one of the 10 largest employers in Alaska.
SCF, through over 3,000 employees, provides critical health services, for the physical, mental, emotional, and spiritual wellness of over 70,000 Alaska Native and American Indian people regionally and the statewide population of 155,000 people through the Alaska Native Medical Center (ANMC). This includes 55,000 people living in the Municipality of Anchorage and the Matanuska-Susitna Borough, and 15,000 residents of 55 rural Alaska Native villages. SCF offers over 90 programs including primary care, dental, behavioral health, and addiction treatment as well as co-managing the ANMC with the Alaska Native Tribal Health Consortium (ANTHC).
SCF's service area encompasses over 100,000 square miles, an area the size of Wyoming. SCF has over 850,000 patient encounters annually across our system.
Today I am here to testify on Southcentral Foundation Land Transfer Act. This bill will transfer title to land that the Indian Health Service currently owns and on which the Southcentral Foundation now operates the Quyana Clubhouse (QCH) to Southcentral Foundation. This bill is virtually identical to bills that Congress has considered in the last several Congresses for other Alaska Native health care providers including Yukon Kuskokwim Health Corporation, and Southeast Alaska Regional Health Corporation.
This land transfer is necessary for Southcentral Foundation to build the planned new 44,178 square foot facility, as the buildings we are using now for the QCH are some of the oldest in the Indian Health Service inventory in Alaska and were never intended to provide direct services to clients. In fact, one of the spaces currently used for an arts and crafts room is an old morgue.
With the new planned facility, we will be able to expand services to Anchorage's most vulnerable individuals that experience persistent mental illness and adults with complex behavioral health and substance use needs.
The QCH opened its doors in the spring of 1993 as an answer to the ongoing need for care of adults experiencing chronic mental illness. QCH is a day treatment program that blends integrated behavioral health and primary care services with Alaska Native tradition and structured in a nurturing therapeutic milieu environment. The program provides a safe place for people to gather, enjoy shared meals and work with their integrated care team to meet their individualized treatment goals through the provision of case management, medication management, individual and group therapy, primary care services, and health and wellness activities.
Quyana Clubhouse provides daily transportation for participants which SCF calls customer-owners because they are both the customer of SCF services and the owners of their own health. Customer-owners come to QCH and receive the care and services they need, which is sometimes just a meal and fellowship. SCF currently has 114 customer-owners, who are provided with services at QCH on a regular basis and in most cases a daily basis. The success of this program is evidenced by the fact that all QCH customer-owners are housed. In a city where around half of the homeless population is Alaska Native, it is remarkable that with the supportive services Southcentral Foundation provides QCH customer-owners have overcome this hurdle, despite suffering from chronic persistent mental illness. Eight customer-owners participating in the program have also achieved employment in the community, with one even receiving their driving permit as well. SCF is proud to support this population some of which are Alaska Native veterans.
The new building will also allow us to align and co-locate the Intensive Case Management (ICM) services with the services provided at the QCH. The Intensive Case Management Program is a community-based program which focuses on outreach, engagement, intensive community case management, individual therapy, medication management, and linkages to other critical services, such as housing, that assist individuals in increasing their level of independence and in developing a community support network. In short, this new facility will house SCF's most intensive levels of behavioral health outpatient programming in one location.
While both programs specialize in providing services to individuals with persistent mental illness, the main difference is where an individual is at in their health care journey and the resulting level and location of intervention required to support them. Individuals supported at QCH are clinically more stable, while the ICM customer-owners are typically more acute from a clinical perspective and often navigate complex psychosocial factors such as food and housing insecurity.
A key focus for ICM is helping customer-owners build enough stability so they can utilize all the services available at SCF, such as QCH or Outpatient Behavioral Health Services. Participants at QCH in a recent survey shared that 87% believe they have ownership over their own health decisions.
Integrating these two programs into one building will facilitate the provision of both community and milieu-based programming, will allow for expanded hours of operation, and will double the number of customer-owners these programs can support. The goals of this program integration include:
1) Support more individuals experiencing severe and persistent mental illness (SPMI);
2) Reduce emergency room visits and decrease in first responder transport; and
3) Increase the number of individuals successfully housed.
The new facility that we are planning for the land that is the subject of this legislation will allow us to provide these services in a state-of-the-art facility, rather than old buildings, which were never intended to provide services to clients. Importantly, a new facility will allow us to be able to provide services to more customer-owners. We know the need for the services provided at QCH is more than double what we are currently able to provide today and the space we currently have them in is at and beyond capacity.
Both programs provide services to individuals with SPMI, the main difference is where the customer-owner is at in their journey to recovery. ICM is a community-based program which focuses on providing linkage to care and services through case management, with a lighter touch on therapeutic intervention. While QCH is an integrated behavioral and primary care service day treatment program that provides individual and group therapeutic intervention, with a lighter touch on case management.
By having the programs at one location, SCF will be able to improve the transition of care for the customer-owners from ICM to QCH. The referral process will shorten because staff would have the ease transitioning an ICM customer-owner to QCH and supporting them while they become familiar with group therapy and the other services available at QCH. Staff would also be able to meet in person for case conferences to determine what is best for their care. ICM customer-owners can then also receive their immediate primary care services as well as medicine management at the new QCH facility, rather than having to take another day and go to a primary care provider, which we have found is not likely to happen.
This bill will allow the expansion of both programs possible by giving Southcentral Foundation ownership over the land, so that we are able to undertake all the necessary responsibilities, to build the facilities that we need to meet the needs of customer-owners.
Under the legislation the Indian Health Service will have two years to effectuate the transfer. SCF understands that the federal government needs time to do its work, but we would ask the Committee to work with the Indian Health Service to ensure that the transfer happens faster than this as SCF has begun planning for the design and construction of this much needed facility.
Thank you for the opportunity to testify today and tell you about the amazing work that Southcentral Foundation employees do every day to support customer-owners. I am happy to answer any questions that you may have.
* * *
Original text here: https://www.indian.senate.gov/wp-content/uploads/02.04.26-Testimony-Ross.pdf
Military Adaptive Court Sports Pickleball Director George Testifies Before Senate Veterans' Affairs Committee
WASHINGTON, Feb. 15 -- The Senate Veterans' Affairs Committee released the following testimony by Gabriel George, director of pickleball at Military Adaptive Court Sports, from a Feb. 4, 2026, hearing entitled "Independent Spirits: Veteran Health & Healing Through Adaptive Sports:* * *
Chairman Moran, Ranking Member Blumenthal, and Members of the Committee -- thank you for the opportunity to appear before you today.
My name is Gabriel George, a Texas native who served honorably in the U.S. Navy for five years. On April 1, 2008, my life changed forever when I was declared dead at the scene of ... Show Full Article WASHINGTON, Feb. 15 -- The Senate Veterans' Affairs Committee released the following testimony by Gabriel George, director of pickleball at Military Adaptive Court Sports, from a Feb. 4, 2026, hearing entitled "Independent Spirits: Veteran Health & Healing Through Adaptive Sports: * * * Chairman Moran, Ranking Member Blumenthal, and Members of the Committee -- thank you for the opportunity to appear before you today. My name is Gabriel George, a Texas native who served honorably in the U.S. Navy for five years. On April 1, 2008, my life changed forever when I was declared dead at the scene ofa motorcycle accident while on duty in Jacksonville, Florida. I was left with a traumatic brain injury, spinal cord injury, and a paralyzed right arm. After ten years of living in pain and isolation, I took part in a VA Summer Sports Clinic that brought me back to life. Although I never regained the use of my arm and ultimately chose to amputate in 2020, the VA events and staff reignited my desire to live to my fullest and inspire other disabled veterans struggling to find their way. Today, my life centers around raising my seventeen-year-old daughter, Jameah, and the world of adaptive sports.
I represent Military Adaptive Court Sports, MACS, a national nonprofit providing adaptive pickleball, racquetball, badminton, and padel programming for wounded, ill, and injured veterans and their families.
I am here because adaptive court sports are not recreation. They are neuromotor, physical, and social rehabilitation disguised as sport. Every day, veterans with amputations, traumatic brain injury, PTSD, stroke, spinal cord injuries, and severe musculoskeletal trauma are being asked to relearn how to move, balance, react, and trust their bodies again.
Court sports train exactly those systems: hand-eye coordination, lateral movement, rapid decision-making, proprioception, and functional strength -- in an environment that is motivating, competitive, and peer-supported.
And just as importantly, they restore something the VA cannot prescribe: belonging.
Yet today, tens of thousands of veterans who could benefit from adaptive sports never receive access -- not because the VA doesn't care, but because of how the current system is structured.
The VA's Adaptive Sports Grant Program and the Veterans Monthly Assistance Allowance have done extraordinary work supporting elite and emerging adaptive athletes. But those programs are largely designed around national competitions and high-performance training pathways.
That leaves behind the majority of veterans who will never become Paralympians -- but who desperately need weekly, community-based adaptive sport to manage pain, prevent decline, and stay socially connected.
That gap is where organizations like Military Adaptive Court Sports operate.
MACS runs six-week adaptive sports clinics inside VA facilities and community sites across the country. We serve veterans with a wide range of disabilities -- including those with complex conditions who are often excluded from traditional sports models. We integrate multiple court sports, peer mentorship, and family participation, because recovery does not happen in isolation.
Most importantly, we do not guess at impact -- we measure it. We collect pre- and postprogram data on pain, mobility, confidence, isolation, and physical function. Veterans consistently report reduced pain, increased activity, and improved mental health after participating. These are not one-off success stories -- they are repeatable outcomes.
And we do this at a fraction of the cost of many traditional adaptive sports programs. One court, one instructor, and a small set of adaptive equipment can serve dozens of veterans every week, year-round, indoors, in almost every American community. Pickleball, racquetball, and badminton are already present in VA facilities, YMCAs, recreation centers, and military bases nationwide.
Court sports are one of the highest-return investments the VA can make in adaptive rehabilitation. But today, they remain underrepresented in VA funding structures.
As Congress reviews the impact of VA Adaptive Sports Grants and the Veterans Monthly Assistance Allowance, we respectfully ask the Committee to ensure these programs explicitly support community-based, therapeutic adaptive sports -- not just elite competition and national events.
Military Adaptive Court Sports stands ready to partner with the Department of Veterans Affairs to expand this model nationwide -- to reach the veterans who are currently falling through the cracks -- and to deliver rehabilitation that is affordable, scalable, and proven.
In addition to my work with MACS, I am proud to serve as an ambassador for the Will of Iron Golf Foundation for Military Vets. This small but passionate organization is dedicated to opening doors and sharing the mental health benefits of golf with veterans, their spouses, and children. My daughter and I are among the 280 beneficiaries who have received golf clubs, private lessons, and the opportunity to participate in numerous golf events free of cost.
When I say small organization, I mean it in every sense. The two founders are the entire staff. For six years, they have volunteered their time and resources out of deep gratitude and love for military families. Yet, like many small nonprofits, the Will of Iron faces constant challenges in securing funding, largely because they don't have the manpower to navigate a lengthy and demanding VA grants process.
I urge this committee to use your influence and reach to help create additional funding opportunities for small nonprofits like the Will of Iron Golf Foundation and MACS, which face the same challenge when the VA grants is exhausted in the calendar year.
Your support could make all the difference, ensuring that organizations with heart and proven impact can continue to serve veterans and their families without being overwhelmed by administrative barriers. Please consider advocating for changes that make it easier for these vital organizations to access the resources they need to thrive.
Thank you for your leadership on behalf of America's veterans. I look forward to your questions.
* * *
Original text here: https://www.veterans.senate.gov/services/files/CCD77E16-AF36-4F22-A874-6012BA6E0293
Marshall University Institute for Cyber Security Fellow Simonton Testifies Before Senate Environment & Public Works Committee
WASHINGTON, Feb. 14 -- The Senate Environment and Public Works Committee released the following written testimony by Scott Simonton, a fellow in the Institute for Cyber Security at Marshall University, from a Feb. 4, 2026, hearing entitled "Identifying and Addressing Cybersecurity Challenges to Protect America's Water Infrastructure":* * *
The current state
The water sector remains one of the most cyber-vulnerable U.S. critical infrastructure sectors due to widespread under-resourcing (especially in small and medium systems), legacy OT systems, and persistent exposure of remote access pathways, ... Show Full Article WASHINGTON, Feb. 14 -- The Senate Environment and Public Works Committee released the following written testimony by Scott Simonton, a fellow in the Institute for Cyber Security at Marshall University, from a Feb. 4, 2026, hearing entitled "Identifying and Addressing Cybersecurity Challenges to Protect America's Water Infrastructure": * * * The current state The water sector remains one of the most cyber-vulnerable U.S. critical infrastructure sectors due to widespread under-resourcing (especially in small and medium systems), legacy OT systems, and persistent exposure of remote access pathways,despite improving federal awareness and a growing set of guidance and assessment mechanisms. (Office, n.d.) Currently, the Institute for Cyber Security at Marshall University translates cybersecurity policy into practical, utility-ready actions, reinforced by Marshall University's targeted microcredential in water sector cybersecurity, which equips professionals with implementable, real-world skills.
* * *
Common Water Facility systems
Community water systems across the United States operate a predictable set of facility types and process trains, regardless of size or geography. (Agency, n.d.) These systems typically include source water intakes, treatment plants, distribution networks, and supporting information systems. What differs dramatically is not the underlying technology, but the degree of digitalization, integration, and cybersecurity maturity that supports those processes.
Most facilities rely on Supervisory Control and Data Acquisition (SCADA) platforms, Programmable Logic Controllers (PLCs), sensors, and remote telemetry units to manage treatment operations such as coagulation, filtration, disinfection, and pumping. Even very small utilities now use internet-connected devices to monitor tank levels, pump stations, or chemical dosing. Billing, customer information, and financial systems, often cloud-hosted or consolidated under a single vendor, sit adjacent to or intertwined with operational networks, expanding the attack surface.
Across the country, common system elements include:
* Surface-water and/or groundwater intakes with automated pumps and valve controls
* Treatment processes (coagulation/flocculation, sedimentation, filtration, chlorine/UV disinfection) governed by PLC-driven instrumentation
* Chemical storage and feed systems where cyber-manipulation could directly impact public-health-critical dosing
* Storage tanks and remote pump stations, typically monitored through remote terminal units (RTU) or cellular/Internet-based SCADA
* Distribution system booster stations, modeled and controlled to maintain pressure and system integrity
* Business and administrative systems, often vendor-hosted or cloud-based, sometimes sharing infrastructure with operations
However, the sector is marked by extreme variability in system sophistication. Large, investorowned utilities often maintain modernized control systems, dedicated cybersecurity staff, segmented networks, vendor governance processes, and lifecycle management for OT assets.
These systems operate with enterprise-grade cybersecurity capabilities, formal risk assessments, and access-control frameworks that resemble those in the energy sector.
By contrast, most water systems are small municipal utilities or rural co-ops, sometimes serving only a few hundred or a few thousand customers. (State Policy Options for Small and Rural Water Systems, 2022) Many of these systems operate with:
* Minimal or no dedicated IT staff
* Legacy SCADA is reachable through outdated remote-access tools
* Shared or default credentials
* Single-vendor cloud platforms providing billing, finance, and sometimes even remote operational access
* Limited ability to patch, replace, or securely configure PLCs and control hardware This disparity means that while the physical components of water treatment are broadly similar across the country, the cyber-risk profile varies radically by resource level. A technique that would be easily contained in a highly resourced utility can cause prolonged operational impacts in a small system with limited monitoring, limited segmentation, and no dedicated cybersecurity personnel.
This asymmetry is one of the most urgent structural challenges in the water sector today: adversaries scale effortlessly, while most local systems cannot. (Director & Agriculture, 2024) Because these systems share common architectures and common vendor ecosystems, vulnerabilities also repeat across hundreds or thousands of facilities. (Cybersecurity for Rural Water and Wastewater Systems, 2025) This uniformity, combined with inconsistent cybersecurity maturity, makes water infrastructure one of the most attractive targets for both opportunistic and state-linked cyber actors.
* * *
Overall posture
Three structural realities define the water sector's cybersecurity baseline:
1. Fragmentation: The U.S. has tens of thousands of water systems with widely varying maturity and budgets; many are small, local-government entities with limited cyber staff. (Water and Wastewater Systems | Cybersecurity and Infrastructure Security Agency CISA, 2024)
2. OT modernization without matching security uplift: Digital transformation (remote operations, telemetry, automation) often outpaces security engineering and governance.
3. Resilience depends on "manual fallback," not assured cyber resilience: Many utilities can revert to manual operations as a short-term safety valve, but extended outages, loss of telemetry, or compromised billing/IT systems can still impose high public and economic costs.
The water sector faces rapidly evolving cyber threats, particularly in operational technology environments. Traditional cybersecurity measures are no longer sufficient, as the emergence of AI-enabled threats has fundamentally changed the dynamics of cyberattacks.
To address this, the water sector should shift toward preemptive cybersecurity measures that act before an attack occurs, rather than merely preparing for one.
* Preemptive cybersecurity measures are proactive actions and strategies implemented to identify, prevent, and mitigate potential cyber threats before they can cause harm to systems or data.
The goal is to improve detection of advanced threats, leverage emerging technologies for proactive prevention, and accelerate the transition to post-quantum cryptography.
* Advanced threats are sophisticated, targeted cyberattacks that use complex tactics and technologies to evade detection and compromise sensitive systems or data.
Proactive prevention refers to the ongoing implementation of strategies and technologies designed to anticipate, identify, and block potential cyber threats before they can cause harm.
* Post-quantum cryptography is the development and use of cryptographic algorithms designed to be secure against attacks from quantum computers, which could break traditional encryption methods.
Advances in quantum computing will render conventional asymmetric cryptography unsafe. (Baseri et al., 2025) In accordance with NIST standards, the water sector must develop a postquantum cryptography transition plan and establish a roadmap to a quantum-safe environment as soon as practicable.
* National Institute of Standards and Technology
Known vulnerabilities
AI is already being used to power sophisticated cyberattacks, and the frequency of AI-enabled, scalable, automated cyber espionage will only increase. (Microsoft: Russia, China increasingly using AI to escalate cyberattacks on the US, 2025) This trend will drive the demand for preemptive countermeasures and autonomous cyber-immune systems.
* Preemptive countermeasures are proactive actions or strategies implemented to detect, prevent, or neutralize cyber threats before they can compromise systems or data.
* Autonomous cyber-immune systems are self-operating security solutions that continuously detect, analyze, and respond to cyber threats by mimicking the adaptive and self-healing properties of biological immune systems.
The barrier to entry for AI-driven attacks will continue to fall, making sophisticated, large-scale cyberattack campaigns more common. (AI-Powered Cyberattacks Surge as Detection Capabilities Lag, 2024).
Future cybersecurity requirements must focus on active deception, denial, and disruption as nonnegotiable architectural principles to preemptively break autonomous attack chains.
* Autonomous attack chains are sequences of cyberattacks that are automatically executed by intelligent systems or malware with minimal or no human intervention, enabling rapid and adaptive exploitation of vulnerabilities.
Seek opportunities to reduce spending on misaligned cyber tools, avoid duplicative pilot projects, and accelerate compliance with Zero Trust and post-quantum cryptography mandates.
* Zero Trust is a security framework that requires strict verification of every user and device attempting to access resources, assuming no implicit trust regardless of location or credentials.
Ultimately, the water sector must adopt preemptive cybersecurity solutions and establish autonomous cyber-immune systems to avoid potentially catastrophic losses from these rapidly evolving threats. (Gartner Says That in the Age of GenAI, Preemptive Capabilities, Not Detection and Response, Are the Future of Cybersecurity, 2025).
Across incident reporting, federal advisories, and field assessments, the most common weaknesses are well understood and often preventable:
1. Internet-exposed operational interfaces and weak remote access controls
Joint EPA-CISA guidance specifically warns that internet-exposed human machine interfaces (HMI) create direct pathways to operational disruption and emphasizes hardening remote access, inventorying exposed devices, and improving credential and access controls. (CISA. 2024)
2. Insecure-by-default industrial components and unaddressed device exposures CISA has warned of active exploitation of PLCs used in water and wastewater environments, including widely deployed device ecosystems where poor exposure management and weak configuration control magnify risk. (CISA. 2023)
3. Legacy OT, constrained patch windows, and fragile vendor dependencies
Many utilities operate OT with long lifecycles, limited maintenance windows, and vendorcontrolled access arrangements. This creates persistent risk where known vulnerabilities remain unmitigated longer than in other sectors.
4. Identity and access control gaps (no MFA, shared accounts, default credentials) Water-sector compromises repeatedly involve credential weaknesses, poor privilege management, and insufficient segmentation between business IT and operational networks.
5. Low detection visibility in OT environments
Smaller systems often lack continuous monitoring and logging that would enable rapid detection, containment, and forensic understanding of incidents.
* * *
Recent compromises and operationally relevant incidents
Recent activity demonstrates that water systems face both criminal and state-linked threats: 1. Municipal water facility disruption (Kansas, September 22, 2024): Arkansas City, Kansas reported a cybersecurity incident affecting its water treatment facility, with the city indicating operations remained safe but required precautionary measures (including shifting operating posture). This incident prompted broader federal warnings about ongoing water-sector exposure. (City of Arkansas City faces cybersecurity incident, n.d.) 2. State-linked OT targeting (Pennsylvania, late 2023): The Municipal Water Authority of Aliquippa, Pennsylvania publicly reported an intrusion associated with an IRGC-aligned campaign that impacted a remote pumping station monitoring/control capability (widely cited as OT-focused harassment/defacement but still operationally meaningful). (Water ICS exposures highlight vulnerabilities in Critical Infrastructure Security, 2024) 3. Broader state-linked targeting patterns (2023-2024): U.S. government advisories document the targeting and exploitation of PLCs used in water and wastewater and associated campaigns spanning multiple sectors, underscoring that water systems are squarely within adversary target sets. (CISA, 2023)
4. Evidence of advanced actor interest in water/OT environments (2024): Independent reporting (including Mandiant/Google reporting cited by media) has likely linked Russian military-intelligence-aligned activity to attacks affecting water utilities. (Vicens & Vasquez, 2024)
* * *
Current Policies, Directives, and Government Actions Already Underway
1. Statutory and regulatory foundation for water-sector cyber risk management
America's Water Infrastructure Act (AWIA) / Safe Drinking Water Act (SDWA)
* Under SDWA (as amended by AWIA), covered community water systems must prepare and periodically update Risk and Resilience Assessments
(RRAs) that include electronic/computer/automated systems security (cybersecurity), and must develop Emergency Response Plans informed by those assessments. EPA's program materials explicitly identify cybersecurity within scope. (EPA Guidance on Improving Cybersecurity at Drinking Water and Wastewater Systems, 2023)
* Implication: The law creates a baseline expectation that utilities treat cybersecurity as part of operational risk management, not as an optional IT enhancement.
EPA oversight posture and enforcement emphasis (2024)
* In May 2024, EPA issued an enforcement alert emphasizing that cyber threats are increasing and urging immediate steps for community water systems to reduce vulnerabilities and align with SDWA Sec.1433 obligations. (Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities, 2024)
2. Federal operational guidance and advisories (CISA + EPA + sector partners)
CISA alerts/advisories specific to water and wastewater
* CISA has published water-relevant advisories addressing active exploitation of commonly used industrial components and campaigns affecting multiple sectors, including water and wastewater. (Exploitation of unitronics plcs used in water and wastewater systems | CISA 2023)
EPA-CISA joint guidance on exposed HMIs (December 2024)
* EPA and CISA jointly released guidance specifically warning that internetexposed HMIs pose a material risk to water/wastewater operations and providing concrete mitigation steps (inventory, access control hardening, remote access restrictions). (CISA and EPA release Joint Fact Sheet detailing risks internet-exposed HMIS pose to WWS sector | cisa, 2024)
* Implication: The federal government is increasingly publishing "operatorusable" technical guidance aimed at the most common, highest-risk exposure patterns.
3. Federal oversight and risk governance (GAO, 2024)
U.S. Government Accountability Office (GAO) -- Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems (August 2024)
* GAO found that the water sector faces increasing cyber risk, documented active foreign and criminal targeting of water utilities, and concluded tha EPA has not yet conducted a comprehensive sector-wide cyber risk assessment or developed a national cybersecurity strategy for the sector. GAO further noted that EPA plans to increase inspections and enforcement activity focused on cybersecurity under existing SDWA authority. (Critical Infrastructure Protection: EPA urgently needs a strategy to address cybersecurity risks to water and Wastewater Systems, 2024)
* Implication: Independent federal oversight formally recognizes water- sector cybersecurity as a systemic national risk and identifies EPA's regulatory and inspection authority as the primary mechanism for managing that risk, reinforcing cybersecurity as a governance and compliance obligation rather than a voluntary best practice.
Executive-branch critical infrastructure cybersecurity directive (NSM-22, 2024)
* National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) -- April 2024
* NSM-22 designates EPA as the Sector Risk Management Agency for water and wastewater systems, directs federal agencies to identify, assess, and prioritize sector cyber risks, and instructs agencies to use regulatory authorities to establish minimum security and resilience requirements for critical infrastructure, consistent with the National Cybersecurity Strategy. (The 2024 National Security Memorandum on Critical Infrastructure Security and Resilience, 2026)
* Implication: Executive-branch policy now explicitly frames water-sector cybersecurity as part of national critical infrastructure security and authorizes the use of regulatory mechanisms to impose minimum cybersecurity requirements, signaling a shift from voluntary guidance toward enforceable sector-wide resilience standards.
* * *
Marshall University's Institute for Cyber Security's Impact on Water Sector Cybersecurity
Through the community-embedded work of the Institute for Cyber Security (ICS), in partnership with CISA, West Virginia water utilities are receiving hands-on cybersecurity support that directly addresses the most persistent risks facing small and mid-sized systems nationwide. These engagements demonstrate how federally aligned expertise can be translated into practical, operational improvements at the local level, where cybersecurity gaps are often greatest, and resources are most constrained.
* * *
Strengthening Small-Town Water Systems: Town of Ansted
In Ansted, the ICS is guiding the town through a critical transition from paper-based processes to modern digital systems supporting billing, finance, and a new sewer treatment plant. With no inhouse IT staff, Ansted faces the same challenge as thousands of rural utilities across the country: modernization without the internal expertise to manage cyber risk. ICS, in coordination with CISA, provided structured risk framing, vendor-focused cybersecurity due diligence, and practical guidance on separating operational technology (OT) from business systems, controlling remote access, establishing asset inventories, and improving staff cyber awareness.
As the project progressed, the ICS helped town leadership recognize the expanded risk profile created by consolidated financial, payroll, and billing data within a single vendor platform. The ICS translated cybersecurity from an abstract concern into concrete governance questions, data hosting, responsibility boundaries, backup and recovery, testing environments, and compliance obligations, empowering the town to engage vendors from a position of informed oversight.
Importantly, the ICS also began developing scalable training and micro-credential models tailored to small municipalities. Reinforcing that cybersecurity resilience depends on every department, not just water operators.
* * *
Supporting Critical Infrastructure Modernization: Huntington Water System
At a larger scale, the ICS is supporting the Huntington Water System as it prepares a major operational upgrade, transitioning part of its treatment process to a digitally controlled ultraviolet (UV) system. This modernization introduces new automation, sensors, and control dependencies, exactly the conditions that increase cyber-physical risk if security is not addressed early.
The ICS conducted on-site technical engagements with Huntington Water leadership, operational staff, and National Guard cyber units to review the existing OT environment and the planned system architecture. These collaborative walkthroughs established a shared understanding of how new digital components will integrate with legacy infrastructure and identify cybersecurity considerations before full implementation, rather than after deployment. Huntington Water has expressed a strong interest in continuing assessments with the ICS as the project advances, embedding cybersecurity into the lifecycle of infrastructure modernization.
In parallel, ICS is supporting workforce readiness by helping design cybersecurity training pathways that provide baseline awareness for all employees and specialized OT-focused guidance for operators, mirroring the approach taken in Ansted and reinforcing a consistent regional model.
* * *
Demonstrated National Value
Together, these engagements illustrate Marshall University's role as a trusted intermediary between federal guidance and local execution. Rather than issuing recommendations, the Institute for Cyber Security (ICS) embeds cybersecurity into vendor governance, workforce training, IT/OT separation, and modernization efforts in ways utilities can sustain. This approach is reinforced through Marshall University's dedicated microcredential in water sector cybersecurity, which equips practitioners with applied, utility-ready skills and ensures guidance is translated into consistent, repeatable practice.
In an environment where water systems are increasingly targeted yet unevenly resourced, Marshall University's Institute for Cyber Security demonstrates how academic expertise, federal partnerships, and community-focused engagement can materially strengthen the cybersecurity posture of critical infrastructure at the point of greatest vulnerability, while providing a scalable model for rural and Appalachian communities nationwide.
* * *
Resources:
* Agency, U. E. (n.d.). America's Water Infrastructure Act (AWIA) - Section 2003. https://www.epa.gov/system/files/documents/2023-02/8296_AWIA%20Study%20on%20Intractable%20PWS_RTC_Transmitted_08-30-22.pdf
* Baseri, Y., Chouhan, V., Ghorbani, A. & Chow, A. (2025). Next-Generation Quantum Security: The Impact of Quantum Computing on Cybersecurity--Threats, Mitigations, and Solutions. ScienceDirect. https://doi.org/10.1016/j.cose.2025.01.001
* Censys. (2024, February 8). Water ICS exposures highlight vulnerabilities in Critical Infrastructure Security. Water ICS Exposures Highlight Vulnerabilities in Critical Infrastructure Security. https://censys.com/blog/water-ics-exposures-highlight-vulnerabilities-in-criticalinfrastructure-security
* CISA. (2023, November 28). Exploitation of unitronics plcs used in water and wastewater systems | CISA. Exploitation of Unitronics PLCs used in Water and Wastewater Systems. https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-usedwater-and-wastewater-systems
* CISA. (2024, December 13). CISA and EPA release Joint Fact Sheet detailing risks internet-exposed HMIS pose to WWS sector | cisa. CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector. https://www.cisa.gov/news-events/alerts/2024/12/13/cisa-and-epa-release-joint-fact-sheet-detailing-risks-internetexposed-hmis-pose-wws-sector
* EPA Office of Water (4608T). (2023, March 23). EPA Guidance on Improving Cybersecurity at Drinking Water and Wastewater Systems. https://www.epa.gov/system/files/documents/2024-08/epa-guidance-on-improvingcybersecurity-at-drinking-water-and-wastewater-systems-1.pdf
* Environmental Services Administration. (n.d.). City of arkansas city faces cybersecurity incident. Arkansas City Kansas. https://www.arkcity.org/environmental-services/page/cityarkansas-city-faces-cybersecurity-incident
* EPA. (2024, May). Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities. https://www.epa.gov/enforcement/enforcement-alert-drinking-watersystems-address-cybersecurity-vulnerabilities
* Office, U. G. (n.d.). Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems. https://www.gao.gov/products/gao-24-106744
* The 2024 National Security Memorandum on Critical Infrastructure Security and Resilience. (2026, January 29). https://www.congress.gov/crs-product/IF12716
U.S. Government Accountability Office. (2024, August 1). Critical Infrastructure Protection: EPA urgently needs a strategy to address cybersecurity risks to water and Wastewater Systems. Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems | U.S. GAO. https://www.gao.gov/products/gao24-106744
* Vicens, A., & Vasquez, C. (2024, April 17). Mandiant: Notorious Russian hacking unit linked to breach of Texas Water Facility. CyberScoop. https://cyberscoop.com/sandworm-apt44texas-water-facility/
* (2022). State Policy Options for Small and Rural Water Systems. National Conference of State Legislatures. https://www.ncsl.org/environment-and-natural-resources/state-policyoptions-for-small-and-rural-water-systems
* Director, W. H. & Agriculture, U. S. (September 30, 2024). Cybersecurity Circuit Rider Program Study. National Rural Water Association. https://nrwa.org/cybersecurity-circuit-riderprogram/
* (2025). Cybersecurity for Rural Water and Wastewater Systems. U.S. Department of Agriculture Rural Development. https://www.rd.usda.gov/about-rd/initiatives/cybersecurity-ruralwater-and-wastewater-systems
* (2024). Water and Wastewater Systems | Cybersecurity and Infrastructure Security Agency CISA. CISA. https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/criticalinfrastructure-sectors/water-and-wastewater-sector
* (October 14, 2025). Microsoft: Russia, China increasingly using AI to escalate cyberattacks on the US. Associated Press. https://apnews.com/article/ad678e5192dd747834edf4de03ac84ee (April 4, 2024). AI-Powered Cyberattacks Surge as Detection Capabilities Lag. MSPAA. https://mspaa.net/detection-capabilities/
* (September 17, 2025). Gartner Says That in the Age of GenAI, Preemptive Capabilities, Not Detection and Response, Are the Future of Cybersecurity. Gartner. https://www.gartner.com/en/newsroom/press-releases/2025-09-18-gartner-says-that-inthe-age-of-genai-preemptive-capabilities-not-detection-and-response-are-the-future-ofcybersecurity
* * *
Original text here: https://www.epw.senate.gov/public/_cache/files/5/3/53d93dfe-ed8c-4e48-b705-0b16cb92c90a/FA38A32EE48D7F3D4B0C069FDC08A69E6327376EB85838A03310B2E91C8582C1.02-04-2026-dr.-simonton-testimony.pdf
HHS Indian Health Service Deputy Director LaRoche Testifies Before Senate Indian Affairs Committee
WASHINGTON, Feb. 14 -- The Senate Indian Affairs Committee released the following testimony by Darrell LaRoche, deputy director for management operations at the U.S. Department of Health and Human Services Indian Health Service, from a Feb. 4, 2026, hearing on the Southcentral Foundation Land Transfer Act (S. 2098), Indian Health Service Emergency Claims Parity Act (S. 1055) and Purchased and Referred Care Improvement Act (S. 699):* * *
Good afternoon, Madam Chair, Vice Chairman Schatz, and Members of the Committee. I am Darrell LaRoche, Deputy Director for Management Operations at the Indian ... Show Full Article WASHINGTON, Feb. 14 -- The Senate Indian Affairs Committee released the following testimony by Darrell LaRoche, deputy director for management operations at the U.S. Department of Health and Human Services Indian Health Service, from a Feb. 4, 2026, hearing on the Southcentral Foundation Land Transfer Act (S. 2098), Indian Health Service Emergency Claims Parity Act (S. 1055) and Purchased and Referred Care Improvement Act (S. 699): * * * Good afternoon, Madam Chair, Vice Chairman Schatz, and Members of the Committee. I am Darrell LaRoche, Deputy Director for Management Operations at the IndianHealth Service (IHS).
Thank you for the opportunity to provide testimony on, S. 2098, the Southcentral Foundation Land Transfer Act of 2025, S. 1055, the Indian Health Service Emergency Claims Parity Act, and S. 699, the Purchased and Referred Care Improvement Act of 2025.
The Indian Health Service (IHS) is an agency within the Department of Health and Human Services (HHS), and our mission is to raise the physical, mental, social, and spiritual health of American Indians and Alaska Natives (AI/ANs) to the highest level. This mission is carried out in partnership with AI/AN Tribal communities through a network of over 600 Federal and Tribal health facilities and 41 Urban Indian Organizations that are located across 37 states and provide health care services to approximately 2.8 million AI/AN people annually.
The IHS was established by statute and is the principal Federal health care provider and health advocate for AI/AN people. The IHS was established to carry out the responsibilities, authorities, and functions of the United States, as provided in Federal statutes and treaties to provide health care services to Indians and Indian tribes. IHS is the 18th largest health care system in the United States.
* * *
S. 2098
S. 2098, the Southcentral Foundation Land Transfer Act would direct the Secretary of the Health and Human Services to convey certain land in Anchorage, Alaska to the Southcentral Foundation by warranty deed.
Under S. 2098, the Southcentral Foundation (SCF) would not provide the Federal Government with any consideration for the property. In addition, the Federal Government would not retain any reversionary interest in the property in the event SCF ceases to provide health care services. The bill would also require completing the conveyance as soon as practicable, but no later than two years from enactment. S. 2098 would free SCF of any liability that it otherwise would have assumed for any environmental contamination that may have occurred on or before the date of the transfer, except that the Secretary would not be liable for any contamination that occurred after the date that SCF controlled, occupied, and used the property.
We have seen similar bills of this sort move through Congress in previous years mandating transfer by warranty deed rather than by quitclaim deed. As with previous similar bills, HHS is concerned about the details of S. 2098.
In particular, the bill describes the use of the conveyance to be for health care purposes but does not specify the actual health programs in service to American Indians and Alaska Natives. Thus, conveyance of this property under S. 2098 does not guarantee health care services specifically for American Indians and Alaska Natives.
In addition, barring retention of a reversionary interest (as is statutorily required for transfers of property under the Indian Self-Determination and Education Assistance Act) deprives HHS of a means to ensure that the property will return to HHS ownership if, at any time, the property ceases to be used for the provision of health services in furtherance of the purposes of this bill. This means the Federal Government would not be able to impose any obligation, term, or condition on the Tribal Health Organization with regard to the property. It effectively deprives HHS of a means to ensure that the property will continue to be used for health care services.
HHS prefers to avoid Indian Self-Determination and Education Assistance Act (ISDEAA) transfers by warranty deed as such deeds create the potential for liability if a competing property interest is subsequently discovered. The requirements of this bill differ from the Secretary's existing statutory property disposal procedures including the ISDEAA and IHS regulations at 25 C.F.R. Part 900, Subpart I.
S. 2098 Section 4(a)(1) regarding "Conditions" mandates the conveyance by warranty deed.
However, as stated above, the HHS practice under established procedures is to convey property by quitclaim deed. If the Secretary conveys the property by warranty deed, HHS would be responsible for clearing any liens or encumbrances, not just at the time of conveyance, but anytime thereafter.
Therefore, HHS can be called upon at any time to defend the title and clear encumbrances, which is a potential liability of unknown cost.
Again, we welcome the opportunity to work with this Committee and the drafter of the bill on prospective amendments, including the reference to the environmental warranty required by the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 (42 U.S.C. 9620(h)).
With these concerns in mind, HHS supports the purposes of the bill to convey the property to the Southcentral Foundation in order to facilitate providing improved health services to American Indians and Alaska Natives in Alaska.
S. 1055, the Indian Health Service Emergency Claims Parity Act, and S. 699, the Purchased and Referred Care Improvement Act of 2025, both relate to the IHS Purchased/Referred Care Program (PRC). The Administration and the Department goals are to improve health outcomes for American families and protect patients from medical debt. Unfortunately, too many families across the country - including many families in Indian Country - are still saddled with crushing medical debt.
This debt often forces families into making untenable decisions, between paying off the debt and purchasing lifesaving medications or putting food on the table. Medical debt is a barrier to economic mobility for working families across the country and exacerbates and contributes to existing disparities in health care by race, health, status, and income.
As this Committee may be aware, patients are not liable for PRC costs under section 222 of the Indian Health Care Improvement Act. Patients should not be forced into collections because of unpaid medical bills. American Indians and Alaska Natives - who already suffer disproportionately low life expectancies and disproportionate disease burden - should not be put at financial risk for seeking medical treatment.
* * *
Purchased/Referred Care Program
In 1921, Congress enacted the Snyder Act, authorizing the Bureau of Indian Affairs (BIA) to provide health services to Indian tribes throughout the United States, and also contract out these health services to health care providers as needed. In 1955, the Transfer Act moved health care from BIA to the Department of Health, Education, and Welfare, the predecessor of HHS.
Subsequently, those authorities have been carried out by IHS, which also operates under the authority of the Indian Health Care Improvement Act (IHCIA). The IHS receives annual lump-sum appropriations to carry out its authorities, including those under the Snyder Act and IHCIA. In January 2014, the Consolidated Appropriations Act, 2014, renamed the Contract Health Services program as the PRC program. IHS uses the PRC program to purchase health services that are not reasonably accessible or available through the IHS network.
PRC funds are used to supplement and complement other healthcare resources available to IHSeligible American Indian/Alaska Natives -- the IHS' defined service population. Because IHS appropriations do not fully fund the healthcare needs of the AI/AN population, the PRC program must rely on specific regulations relating to eligibility, notification, residency, and a medical priority rating system. The IHS is designated as the payor of last resort, meaning that all other available alternate resources, including Medicare, Medicaid, private insurance, state or other health programs, etc., must be billed first before the IHS will pay for healthcare services. These mechanisms enhance the IHS's ability to stretch the limited PRC dollars and are designed to extend services to more in the AI/AN community.
The Department and the IHS have worked hard to prioritize improvements to the PRC program and ensure that patients have access to accessible - and affordable - quality care. In fact, strengthening the Purchased/Referred Care Authorization and Payment Process and effectively managing PRC carryover balances was one of the top three goals of the IHS 2024 Work Plan. In June 2022, the HHS Office of Inspector General closed the seven open recommendations to improve the PRC program from the April 2020 Report1 after the IHS implemented a multitude of corrective actions and staff trainings. Past implementation of PRC rates and Medicaid expansion 1 A-03-16-03002 have increased the PRC Program's purchasing power to provide more care for our beneficiaries.
Just over two years ago, the IHS updated the medical priority levels and issued funding guidance to support a holistic, balanced, outcome-oriented, and consistent referral priority system. This change maximizes the efficiency of resource allocation and promotes evidence-based strategies that balance the preventive, mental health, chronic, and acute care needs in our service population with the goal of improved patient satisfaction and health outcomes. This balanced approach replaced a hierarchical concept that placed a higher emphasis on acute disease complications versus providing care for chronic and disease prevention strategies. As a result, the IHS has moved to re-assign and reclassify some preventative care services to a higher priority level within the IHS medical priority levels.
The IHS implemented routine monitoring to address some of the more common and difficult issues facing PRC programs from paying timely and appropriately for authorized care. This includes addressing provider billing issues, Fiscal Intermediary pended claims, and alternate resource issues.
These efforts will go a long way to improve the PRC program and benefit to our PRC-eligible population.
The IHS acknowledges that there is still more to be done. As with other programs within the IHS, staff vacancies, space limitations, and proper training of staff at some sites have negatively impacted the ability to carry out PRC goals. The IHS continues to support new strategies to develop the workforce and leverage advanced practice providers and paraprofessionals to improve the access to quality care in AI/AN communities.
* * *
S. 699, Purchased and Referred Care Improvement Act of 2025
The Purchased and Referred Care Improvement Act of 2025 would amend the Indian Health Care Improvement Act to address liability for payment of charges or costs associated with the provision of purchased/referred care services.
S. 699 would amend IHCIA by requiring the Secretary of HHS to notify a purchased/referred care provider and any patient who receives purchased/referred care by the Service that the patient is not liable to any provider, debt collector, or any other person for the payment of any charges or costs associated with the provision of the purchased/referred care not later than 5 business days after receipt of a notification of a claim by a provider of the purchased/referred care.
S. 699 would further require the Secretary, through the Service, and in consultation with Indian Tribes, and within 120 days, establish and implement procedures to allow a patient that paid out-ofpocket for purchased/referred care authorized by the Service under the IHCIA to be reimbursed by the Service for that payment not later than 30 days after the date on which the patient submits documentation to the Service under Section 2(d)(1)(B), Submitting Documentation, which includes submission electronically or in-person at a Service facility. Further, S. 699 would not apply to a PRC program operated by an Indian Tribe under the Indian Self Determination and Education Assistance Act unless expressly agreed to by the Indian Tribe.
S. 699 would also require the Secretary, within 180 days after enactment of S. 699, in consultation with Indian Tribes, to update applicable provision of the relevant provisions and sections of the Indian Health Manual.
This bill also proposes adding a new subsection (d) to section 222 of the Indian Health Care Improvement Act, and the Department's edits here account for other applicable authorities, such as the payer of last resort statute. Simply put, a patient should not be expected to pay out-of-pocket for PRC-authorized services, due to the existing patient protections in section 222, but if patients choose to do so in anticipation of reimbursement under this new subsection (d), they will need to be careful not to pay before alternate resources or in excess of PRC rates. Thus, as drafted, the bill may cause additional uncertainty for patients seeking care. Additionally, the Department has suggested a change to the timeline specified in subsection (d). While the IHS believes a 30-day timeline may be challenging to implement and impractical on an administrative level, PRC program should be able to accomplish this within 45 days.
In the overwhelming majority of cases, the PRC payment should occur between the PRC program and the PRC provider. As noted, the Department is concerned that there may be unintended effects of this statutory change on patients - that the bill may make the reimbursement process more confusing and difficult. Specifically, we are concerned that patients might make payments to a provider when it is not necessary, or in amounts greater than would be required. This could quickly undermine the purpose of the statute and expose these patients to financial harm, rather than protecting them from liability. The IHS would seek to educate patients on this issue but suggests that the drafters consider potential adverse consequences in this regard.
For the Committee's situational awareness, the Department also notes while the statute presently prohibits a provider from seeking payment from a patient, the IHS consistently witnesses that this is not being followed by bad actors. IHS notes that there are no consequences included in the proposed bill for a provider, debt collector, or any other person who violates this provision.
Additionally, when a violation occurs, there can be impacts to the patient's credit that are not easy for the patient or the IHS to resolve.
* * *
S. 1055, Indian Health Service Emergency Claims Parity Act
The Indian Health Service Emergency Claims Parity Act would amend the Indian Health Care Improvement Act to modify the notification requirement for emergency PRC. The current
timeframe for non-elderly or disabled individual notification must be made within 72 hours, per current PRC regulation. If the individual is elderly (age 65 and older) or disabled, under existing law, section 406 of the Indian Health Care Improvement Act (25 U.S.C. 1646), the notification timeframe for such individual is within 30 days. The IHS in recent updates to the Indian Health Manual, we lowered the age for elderly to age 55, in order for more individuals to have 30 days to make notification.
The only concern with S. 1055 concerns flexibility. There may be a future need to amend such timeframe for notification of treatment or admission to more than 15 days for individuals not elderly or disabled. Such change would need an amendment to this statutory limitation if S.1055 were passed by Congress and signed into law. This codification, would limit the Service's current regulatory authority to no more than 15 days timeframe for such notifications.
All things considered, the Department shares the same goal as the drafters - to improve the PRC program, protect patients from medical debt, and ensure that American Indians and Alaska Natives throughout Indian Country have access to high quality and affordable care. We look forward to continuing our work with Congress on these bills, and as always, welcome the opportunity to provide technical assistance as requested by the Committee or its members.
Thank you again for the opportunity to testify today. HHS is committed to working closely with tribal communities and other external partners and understands the importance of working together to address the needs of American Indians and Alaska Natives.
* * *
Original text here: https://www.indian.senate.gov/wp-content/uploads/02.04.26-Testimony-LaRoche.pdf
Fairfax Water Deputy General Manager Dewhirst Testifies Before Senate Environment & Public Works Committee
WASHINGTON, Feb. 14 -- The Senate Environment and Public Works Committee released the following written testimony by Scott Dewhirst, deputy general manager of engineering and technology at Fairfax Water, and a board member of the Water Information Sharing and Analysis Center, on behalf of the Association of Metropolitan Water Agencies, from a Feb. 4, 2026, hearing entitled "Identifying and Addressing Cybersecurity Challenges to Protect America's Water Infrastructure":* * *
Chairman Capito, Ranking Member Whitehouse, and Members of the Committee, thank you for the opportunity to testify before ... Show Full Article WASHINGTON, Feb. 14 -- The Senate Environment and Public Works Committee released the following written testimony by Scott Dewhirst, deputy general manager of engineering and technology at Fairfax Water, and a board member of the Water Information Sharing and Analysis Center, on behalf of the Association of Metropolitan Water Agencies, from a Feb. 4, 2026, hearing entitled "Identifying and Addressing Cybersecurity Challenges to Protect America's Water Infrastructure": * * * Chairman Capito, Ranking Member Whitehouse, and Members of the Committee, thank you for the opportunity to testify beforeyou today. My name is Scott Dewhirst and I am the Deputy General Manager of Engineering and Technology at Fairfax Water. I am also a member of the Board of Managers of WaterISAC, the Water Information Sharing and Analysis Center, which is the water sector's dedicated information sharing entity on cyber, physical, and natural threats.
I am here today on behalf of the Association of Metropolitan Water Agencies (AMWA), of which Fairfax Water is a member. AMWA is an organization that represents the nation's largest publicly owned drinking water systems. AMWA members collectively provide over 160 million people across the country with clean drinking water. Members of AMWA are the general managers and CEOs of these large water systems. AMWA represents the perspectives and priorities of its members by working with Congress and federal agencies to ensure drinking water systems have input into the federal laws and regulations that affect them and their customers.
I'm here today to discuss cybersecurity in the water sector, a topic that is becoming more urgent by the day. Drinking water systems represent an attractive target for cyber adversaries. A successful attack could not only threaten water quality and public health but would also undermine public confidence in the safety and reliability of drinking water. Cyber attacks also have the potential to harm the economy if water systems are taken offline. Estimates show that a single day of downtime in U.S. water service could result in $122 billion in lost economic activity and a $69 billion decline in GDP./1
* * *
Background
It is important to distinguish between two categories of cyber attacks that could target water systems. The first targets utilities' information technology, or business and enterprise systems, such as email platforms, websites, and billing databases. In recent years, water systems have reported a variety of such attacks, which include ransomware incidents, email scams, and social engineering and phishing attempts. While such attacks, if successful, can disrupt day-to-day business and compromise sensitive data, they do not by themselves affect the treatment or distribution of drinking water or wastewater. A second and more serious category of cyber attack targets a utility's industrial control systems. These systems, which are managed online by most utilities, control treatment processes, sensors, valves, pumps, and other utility infrastructure. If these systems were to be compromised in a cyber attack, a worst-case scenario could lead to negative effects on water quality and public health.
* * *
1 https://static1.squarespace.com/static/67dd711d1a117219a03e4f7a/t/6917b2fbc2843b7310c7ace1/1763160827739/FINAL+VO W+Economic+Report.pdf
* * *
The Cyber Threat Landscape
Cyber threats to water systems have grown in recent years. According to WaterISAC, from April 2024 through March 2025, roughly 14 percent of water utilities responding to its quarterly incident survey reported experiencing at least one cybersecurity incident. This is an increase from about 11.5 percent of responding water systems during the same period the year before./2
At the same time, cyber threats are becoming more frequent, more sophisticated, and more damaging, requiring ongoing and sustained investment by water utilities to manage risk.
As more water systems use internet-connected operational technology--such as industrial control systems--to remotely monitor and control pumps, valves, and chemical dosing, new cybersecurity challenges are introduced. While these technologies improve efficiency, they also turn operations that were once handled directly by humans into complex, interconnected cyberphysical systems. That shift introduces new vulnerabilities if systems are not properly secured, as is the case too often. In 2024, researchers identified more than 18,000 industrial control systems in the United States that were accessible from the internet. More than half of the devices linked to water and wastewater systems could be manipulated online without any authentication at all./3
Pro-Russia hacktivist groups have taken advantage of this widespread lack of basic security, targeting water and other critical infrastructure systems using simple, widely available tools. For example, in January 2024, an attack by a Russian hacktivist group claimed responsibility for manipulating human-machine interfaces, resulting in water storage tank overflow and minor, temporary disruption of operations in a small Texas town./4
Just last month, a hacktivist group known as Infrastructure Destruction Squad claimed in a Telegram post that it had gained unauthorized access and compromised a Texas water treatment system./5
Nation-state threats also pose a serious risk. In recent years, a Chinese-affiliated cyber group known as Volt Typhoon has been linked to long-term, stealthy intrusions into U.S. critical infrastructure networks. In one case, a combined electric and water utility discovered that the group had maintained access to its systems for approximately ten months before being detected./6
These types of intrusions are especially concerning because they may be intended to enable future disruptive or destructive attacks.
Utilities also face growing operational risks as disruptions in information technology systems increasingly cascade into operational technology environments, as demonstrated by the July 2024 CrowdStrike outage. Compounding these challenges, AI is reshaping the threat landscape and increasing risk by enabling ransomware actors to enhance extortion tactics, making social engineering attacks more convincing and harder to detect, and enabling new modes of attack.
* * *
2 https://www.waterisac.org/threat-analysis-for-the-water-and-wastewater-sector-october-2025
3 https://censys.com/blog/research-report-internet-connected-industrial-control-systems-part-one
4 https://www.texastribune.org/2024/04/19/texas-cyberattacks-russia/
5 https://www.waterisac.org/tlpgreen-russian-aligned-hacktivist-group-claims-texas-water-treatment-system
6 https://www.waterisac.org/tlpclear-dragos-case-study-volt-typhoons-breach-massachusetts-electric-and-water-utility
* * *
These incidents demonstrate why water utilities of all sizes must remain vigilant against cyber intrusions. Without continued federal investment and support, many water systems will struggle to keep pace with these evolving threats, putting essential public health and safety services at risk.
* * *
Tools Available for Cyber Preparedness
As a large public water system, Fairfax Water employs a dedicated cybersecurity staff and leverages resources offered by federal and sector partners, including the Environmental Protection Agency (EPA), the Cybersecurity and Infrastructure Security Agency (CISA), and WaterISAC.
Effective cyber defense depends not only on understanding best practices, but also on continuous and timely awareness of evolving threats. Founded in 2002 as an independent non-profit organization, WaterISAC plays a unique role in the sector's cybersecurity preparedness by actively monitoring cyber threats and vulnerabilities affecting water and wastewater utilities. As one of more than two dozen Information Sharing and Analysis Centers across the nation's critical infrastructure sectors, WaterISAC continuously collects, analyzes, and disseminates threat intelligence specific to the water sector, while also offering guidance on risk mitigation tools, best practices, and response actions that contribute to an all-hazards resiliency posture. The organization issues hundreds of cyber and physical security advisories each year, receives incident reports from utilities, conducts threat analysis, and provides alerts and briefings to help water systems detect and respond to emerging risks. In the past year, WaterISAC also helped provide support to mitigate threats to Arkansas City, Kansas, and the Boston Water and Sewer Commission when they experienced ransomware attacks.
Water systems today have access to a growing body of guidance and tools designed to improve cybersecurity preparedness. For example, WaterISAC's 12 Cybersecurity Fundamentals for Water and Wastewater Utilities/7--available at no cost--provides a practical set of best practices for securing both information technology and industrial control systems. CISA also offers a free vulnerability scanning tool, a service that allows utilities and other industrial control system operators to scan their networks for known vulnerabilities, weak configurations, and suboptimal security practices. In addition, the National Institute of Standards and Technology (NIST) offers a cybersecurity framework that compiles existing standards, guidelines, and best practices to help organizations, including water systems, manage and reduce cybersecurity risk.
Multiple organizations are continuing to develop new tools and guidance. For example, AWWA's recent Water Sector Cybersecurity Risk Management Guidance and Assessment Tool focuses on "first-mile" actions a utility can implement to manage cyber risk. It allows utilities to select either a small systems option (recommended for systems serving fewer than 10,000 people) or a full assessment option. Utilities respond to questions regarding technology applications, and the tool generates a customized, prioritized list of controls that are most applicable to mitigate cybersecurity vulnerabilities. In addition, in the past year, the EPA has developed checklists for evaluating cybersecurity practices of vendors during procurement and a template for response plans.
* * *
7 https://www.waterisac.org/fundamentals
* * *
At Fairfax Water, we take a comprehensive multi-layered approach to physical and cybersecurity. Some of the defensive tactics we use include employing a third-party Systems Operations Center to monitor our network activity around the clock, use of multi-factor authentication for network access, fostering an organizational culture of vigilance through training and phishing scheme tests, aggressive patching of software and systems, and segmentation of our business and operational technology networks.
While a large, well-resourced public utility like Fairfax Water can invest in cybersecurity preparedness and take advantage of this collection of tools and resources, capacity across the water sector varies significantly. Unfortunately, far too many of the nation's 50,000 community water systems lack the dedicated personnel to make sense of these tools or the financial resources required to implement recommended measures. This gap is well documented. A 2021 Cybersecurity State of the Sector survey conducted by the Water Sector Coordinating Council found that although 55 percent of responding utilities identified cybersecurity as a high priority, only about 25 percent participate in cyber-focused tabletop exercises, and just 40 percent conduct cyber risk assessments on at least an annual basis./8
Given the burden of complying with the many existing regulations for drinking water services--and addressing the $1.2 trillion of needed water infrastructure investment over the next two decades--many utilities are forced to prioritize their most pressing infrastructure needs, which can result in limited attention to cybersecurity./9,10
* * *
Legislative Recommendations
There are several legislative proposals pending before Congress that could help drinking water and wastewater systems learn about cyber threats, become educated about appropriate preventative and response actions, and access financial resources to address cyber vulnerabilities.
AMWA believes that each of these legislative proposals should remain part of the discussion as Congress explores ways to improve cybersecurity in the water sector. These proposals are discussed further below:
* H.R. 2344/S. 1118, the Water Intelligence, Security, and Cyber Threat Protection Act
* H.R. 5566/S. 3590, Water Infrastructure Resilience and Sustainability Act
* * *
8 https://www.waterisac.org/2021survey
9 https://www.epa.gov/system/files/documents/2024-05/2022-cwns-report-to-congress.pdf
10 https://www.epa.gov/system/files/documents/2023-09/Seventh%20DWINSA_September2023_Final.pdf
* * *
* S. 3251, State and Local Cybersecurity Grant Program Reauthorization Act
* H.R. 2594, the Water Risk and Resilience Organization Establishment Act
* * *
Expand Participation in WaterISAC
Currently, there are few federal grant programs dedicated to bolstering water system cyber capabilities. Expanding existing programs as well as directing additional resources to support private-sector cybersecurity preparedness efforts would improve water systems' awareness of the latest cyber risks. It would also equip them with recommended actions that will help keep their systems and infrastructure secure. WaterISAC is an established water sector program that can help address this need.
ISACs exist for more than two dozen critical infrastructure sectors, such as electricity, aviation, maritime, and oil and natural energy. They are member-driven organizations delivering allhazards threat and mitigation information to asset owners and operators. Despite its critical role in the water sector, WaterISAC receives no state or federal grant funding and therefore operates as a dues-based subscription service. Although these dues are structured on a sliding scale based on system size--with fees as low as $125 per year for systems serving less than 3,300 people and a partnership with the National Rural Water Association to make access free for their small system members--WaterISAC faces challenges in connecting with the thousands of water and wastewater systems across the country. Currently, only about 680 water and wastewater systems are members of WaterISAC, equating to about one percent of all such systems nationwide.
Increasing participation in WaterISAC to include more of the nation's water systems would raise the sector's baseline level of preparedness by providing more utility managers with the tools they need to withstand natural, physical, and cyber threats.
As water utilities continue to experience an increase in cyber attacks, WaterISAC has helped utilities maintain strong cyber and physical security. One example of how WaterISAC does this is through timely reporting on critical vulnerabilities. For example, in January 2025, suspected Chinese threat actors were exploiting four vulnerabilities in Ivanti Cloud Services Appliances, and WaterISAC shared this information with the sector within 24 hours of CISA's and the FBI's advisory. In December 2025, WaterISAC hosted a webinar on safely utilizing the cloud amidst cyber threats. The webinar included information about how leading utilities are assessing risk, securing the cloud, governing across IT and OT, and leveraging AI to build true operational resilience. The webinar helped participants identify and close security gaps across hybrid environments, strengthen governance and compliance for water-sector requirements, use AIdriven tools to train teams and validate readiness, and build continuity and resilience into every layer of operations. WaterISAC is invaluable at facilitating information sharing and peer-to-peer learning opportunities for water utilities, which will only be bolstered by increased participation from more water systems.
Legislation such as H.R. 2344/S. 1118, the Water Intelligence, Security, and Cyber Threat Protection Act, would increase WaterISAC participation by directing EPA to educate water systems about resources offered through WaterISAC and allocating funding to help water systems offset WaterISAC's membership costs. Based on a similar Energy Department program authorized by Congress in 2021 to better connect electric utilities with their sector's ISAC, the legislation recognizes that simply raising awareness of the cyber resources available to water systems is a critical first step to facilitating adoption of cybersecurity best practices. Similarly, the funding assistance provided through the bill would ensure that no water system misses out on having access to these resources because of cost.
* * *
Fund EPA Water System Cyber Resilience Programs
In 2021, Congress authorized two EPA grant programs that help drinking water and wastewater systems build resilience to cyber threats. Each of these programs is set to expire following the 2026 fiscal year. AMWA strongly urges Congress to reauthorize and fund these programs to provide water and wastewater systems with a dedicated stream of financial assistance for essential cybersecurity projects, without diverting resources away from public-health focused infrastructure investments.
The Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability Program (42 USC 300j-19g) and the Clean Water Infrastructure Resiliency and Sustainability Program (33 U.S. Code 1302a) offer grant assistance for drinking water and wastewater utility projects to increase resilience to cyber threats, as well as resilience to extreme weather and natural disasters. Types of cybersecurity enhancements that are eligible for assistance under the program include:
* Conducting cyber risk assessment and implementing priority cybersecurity practices, updating drinking water system operation technology (including Supervisory Control and Data Acquisition (SCADA), Human Machine Interface (HMI), programmable logic controllers (PLCs) or Remote Terminal Unit (RTU) systems);
* Strengthening computer network defenses by implementing or updating cyber locks, multifactor authentication, firewalls, virtual private networks and segmentation;
* Establishing offsite back-ups of critical data, development of an incident response plan, and incident action checklists; and
* Conducting cybersecurity awareness training for water system staff./11
While many of these practices are standard operating procedure for large water systems like Fairfax Water, less well-resourced systems may not always prioritize these activities when working to address infrastructure renewal needs and comply with water quality regulations. A major contributing factor to this is the need for water systems to keep water rates affordable for customers. Having an avenue for EPA to assist water systems with offsetting some of the costs associated with enhancing cyber preparedness would encourage more water systems to give this issue the attention it deserves.
* * *
11 https://simpler.grants.gov/opportunity/2508c664-7253-4661-a474-8a881d3bc0ae
* * *
For these reasons, AMWA supports the Water Infrastructure Resilience and Sustainability Act (H.R. 5566/S. 3590), which would reauthorize these programs for another five years, through 2031. Last fall, EPA announced the availability of the first $9.5 million in grant funding for the Midsize program. The agency is expected to announce the first round of grant recipients in Spring 2026.
To date, the programs have received very little appropriations. Fully funding these programs, at their annual authorized levels of $50 million and $25 million, respectively, would greatly expand the number of water systems that can tap these resources to improve their cyber defenses. With additional federal funding, a wider range of public water systems would be able to undertake security initiatives, such as pursuing new software upgrades, making investments in security personnel, or implementing threat detection and monitoring procedures.
* * *
State and Local Support
Directly supporting state and local governments with funding has also been an important pillar of improving cybersecurity practices. S. 3251, the State and Local Cybersecurity Grant Program Reauthorization Act, reauthorizes the State and Local Cybersecurity Grant Program (SLCGP) at $300 million for Fiscal Year 2026. SLCGP provides funding to state, local, and territorial governments to address cybersecurity risks and threats to information systems, improving the security of critical infrastructure - including municipal water and wastewater utilities. Again, the availability of these funds will help more water systems maintain awareness of cyber threats and equip them with resources to close identified security gaps.
* * *
Federal Cybersecurity Oversight
While the EPA and CISA have guidance documents on best practices, incident response, and scanning tools, it is incumbent on water systems to utilize these resources and abide by these standards. Currently, there are no statutory federal requirements to guide water systems or enforce minimum standards for cybersecurity across the sector. While there is a danger in making federal regulations overly burdensome, complicated, or prescriptive, as cyber threats and technology evolve rapidly, some level of federal guidance to ensure that all water systems are taking appropriate steps to protect against cyber threats would be beneficial. It is important to note that any new federal requirements must be accompanied by the proper level of investment in federal programs and funding to support water systems in adhering to requirements.
Any new requirements must also align with America's Water Infrastructure Act (AWIA) of 2018, which amended section 1433 of the Safe Drinking Water Act to require community water systems serving over 3,300 people to incorporate considerations of cybersecurity risks into mandated risk and resilience assessments, and strategies to improve cyber resilience into emergency response plans. Today water systems must certify to EPA that they have properly completed these tasks, and because these documents contain sensitive information there is no requirement for them to be shared beyond the utility. AMWA believes this restriction is appropriate and should continue.
One legislative option that AMWA believes should be explored further is H.R. 2594, the Water Risk and Resilience Organization Establishment Act. This proposal would establish a governing body, the WRRO, comprised of cyber experts and drinking water and wastewater system
operators to help develop, recommend, and enforce cybersecurity requirements for drinking and wastewater systems. Based on the model of the North American Electric Reliability Corporation in the energy sector, the WRRO would work in partnership with the EPA to ensure that water systems employ minimum best practices to defend against cyber threats, while avoiding onesize-fits-all mandates. The WRRO therefore goes one step beyond simply making water systems aware of cyber best practices and would provide direction on specifically which actions individual water systems should adopt, based upon their size and unique risk profiles.
The WRRO model would leverage the expertise and experience of utility managers and operators when formulating practical requirements that consider utility scale, resources, existing challenges, and the most pressing threats. As Congress explores various options to bolster water systems' cybersecurity posture, AMWA strongly encourages that the WRRO model be part of the discussion.
* * *
Conclusion
On behalf of AMWA, I thank the Committee for the invitation to testify today, and to share the on-the-ground insights of Fairfax Water. AMWA and its members across the country remain committed to taking all appropriate measures to strengthen our cyber defenses, and we look forward to continuing to collaborate with our federal partners to close the remaining gaps and secure needed funding and technical assistance. Thank you again, and I am happy to answer your questions.
* * *
Original text here: https://www.epw.senate.gov/public/_cache/files/c/1/c1102867-601e-4bfd-a0bc-d1d5fe2e16ea/A2FAEFC36A3BA0855F37563B9B0FBE5ACB04D4C9EDA5662D877A762A8B2EBA61.02-04-2026-dewhirst-testimony.pdf
McLarty Associates Senior Managing Director Pyatt Testifies Before Senate Foreign Relations Subcommittee
WASHINGTON, Feb. 14 -- The Senate Foreign Relations Subcommittee on Europe and Regional Security Cooperation released the following written testimony by Geoffrey R. Pyatt, senior managing director of energy and critical minerals at McLarty Associates, and a distinguished fellow with the Global Energy Center at the Atlantic Council, from a Feb. 4, 2026, hearing entitled "A Pathway to European Energy Security":* * *
Chairman Daines, Ranking member Murphy, members of the subcommittee, thank you for the opportunity again to share with the Foreign Relations Committee some thoughts on European energy ... Show Full Article WASHINGTON, Feb. 14 -- The Senate Foreign Relations Subcommittee on Europe and Regional Security Cooperation released the following written testimony by Geoffrey R. Pyatt, senior managing director of energy and critical minerals at McLarty Associates, and a distinguished fellow with the Global Energy Center at the Atlantic Council, from a Feb. 4, 2026, hearing entitled "A Pathway to European Energy Security": * * * Chairman Daines, Ranking member Murphy, members of the subcommittee, thank you for the opportunity again to share with the Foreign Relations Committee some thoughts on European energysecurity, opportunities for trans-Atlantic cooperation and the role of new infrastructure like the Vertical Corridor between Greece and Ukraine in helping to build that energy partnership for the long term.
Although my comments today are offered in a private capacity, they are informed by efforts I led at the State Department as Assistant Secretary of State and Ambassador to Greece and Ukraine. In all these roles, the support of this Committee was essential to my work, and I am grateful to appear before you again.
* * *
Energy Security is National Security - Ending Russia's Energy Coercion
For more than two decades, a major focus of transatlantic diplomacy through Republican and Democratic Administrations was ending Europe's dependence on unreliable Russian gas supplies and thwarting the Kremlin's ability to use energy as a tool of political coercion. I saw that Russian coercion firsthand during both of my Ambassadorships, and as Assistant Secretary I worked closely with our LNG producers and energy companies to leverage America's energy abundance in furtherance of our alliance relationships.
We saw an historically important breakthrough on this issue last week when 27 EU member states formally adopted the regulation phasing out imports of Russian pipeline and liquefied natural gas. This full ban on Russian gas will come into effect in 2027, and is qualitatively different from earlier sanctions measures, since the phase out is now written into European law, making it difficult to walk back even if there is a future settlement over Ukraine. On February 3, that regulation entered into force, with a ban on spot contracts from April and long term LNG contracts banned from January 1, 2027 - giving European importers the force majure cover to void any existing relationships with Russia.
This is major shift in European energy policy and a direct response to Russia's full-scale invasion of Ukraine and repeated attempts to use energy cut offs as a coercive tool. But it also reflects a shift in the international gas market driven by the success of American producers and our rapid emergence the world's largest LNG exporter. Indeed, it is no exaggeration to say that surging American LNG exports to Europe were an indispensable element of our NATO response to the full-scale invasion of Ukraine - something Washington and Brussels recognized with the LNG taskforce I worked on during my time in government. Conversely, Russia's permanent loss of its traditional European market for exports reflects one of Putin's most significant strategic defeats.
This remapping of European gas supplies creates a natural opportunity for expanded transAtlantic cooperation, something both the Biden and Trump Administrations have sought to advance. But the key enabler here has been the success - and innovation - of American gas producers, who have massively grown the output of US industry. The U.S. Energy Information Administration (EIA), for instance, projects that U.S. LNG exports will increase from 11.9 billion cubic feet per day in 2024 to 18.1 in 2027. Europe will import record levels of LNG this year, with the International Energy Agency (IEA) projecting purchases of more than 185 billion cubic meters, mostly from the United States. According to EU data, the US is Europe's largest provider at 58% of LNG imports. The EU is also the largest buyer of US LNG at 65% of US exports. For context, before the Russian invasion of Ukraine, the EU relied on Russia for more than 45% of its gas imports. This is now at 12% and will reach zero once the RePowerEU plan is fully implemented.
Even before RePower EU's phase-out of Russian pipeline gas and LNG, the EU has been rapidly weaning itself off of Russian energy -- as a result Russia's energy revenues were down 20% in 2025 as compared to 2024. By the Kremlin's own account, Moscow is confronting a significant deficit this year due in large part to lower energy revenues and a widening discount for Russian crude. Thus, US energy exports - and Europe's decoupling from unreliable Russian supplies -- contribute directly to the White House goal of encouraging the Kremlin to negotiate in good faith to end its invasion of Ukraine in a way that preserves the country's sovereignty and territorial integrity.
* * *
Harmonizing Regulations and Climate Policies
European off-takers - like their counterparts in Asian markets such as Japan and Korea - have made clear their desire to source non-Russian gas supplies in a way that is reliable, affordable and sustainable. In this regard, U.S. LNG remains the cleanest and most secure solution for Europe to eliminate its reliance on Russian gas. In an environment where we are each other's largest market and largest LNG suppliers, it should not be too difficult to imagine a solution to recent debates over European regulatory measures like the EU Methane Regulation or the EU Carbon Border Adjustment Mechanism (CBAM).
These issues were a regular topic of discussion in the US-EU Energy Council formerly led by the State Department's Bureau of Energy Resources. In my Atlantic Council capacity I also had the opportunity to cover these topics in a public setting last fall at the UN General Assembly with EU Director General for Energy Ditte Jul Jorgensen. DG Jorgensen laid out an EU approach to energy security based on diversification of suppliers, an integrated and interconnected EU energy market, and the deployment of homegrown clean energy.
Specifically, the RePowerEU initiative rests on three legs: I.) replacing Russian molecules with other sources (with Norway, US LNG, and Qatar being the most important), II.) accelerating the build out of renewable energy to replace Russian molecules with clean energy wherever possible, and III.) pursuing energy efficiency and savings--being smarter about how Europe uses energy. Also relevant here is the U.S. experience in switching the majority of our thermal power generation from coal to gas, which in turn has enabled a substantial reduction in emissions from power generation here in the United States.
As these EU regulations have moved closer to implementation, we are seeing pragmatic shifts in the continent's plans for the Methane Regulation as well as CBAM. For instance, in December, EU energy ministers adjusted their approach to the requirement that importers of oil and gas monitor and report methane emissions associated with their imports. Companies now can show compliance either through buying certificates from third-party verifiers which assign an emissions value at the production location, or by the "trace and claim" method, in which gas volumes are assigned a digital ID which is attached to all sale and purchase agreements from that producer, throughout the value chain, to the buyer. In parallel, in response to international market signals, America's biggest energy companies are reinforcing their own commitment to the highest standards of emissions reduction and efficiency. Since leaving government I have served in an unpaid capacity on the advisory council of PAGE - the Partnership to Address Global Emissions. PAGE is a nonpartisan coalition of like-minded organizations dedicated to promoting U.S. policies, like permitting reform, that protect the climate through the production of natural gas. Importantly, the gas producers and energy companies that are part of the PAGE coalition (including Pittsburgh based EQT and Tulsa based Williams) have understood the role industry must play in reducing methane emissions and have taken significant steps to eliminate these emissions through investment and innovation, helping establish U.S. natural gas as among the cleanest in the world.
* * *
Building Energy Infrastructure for the Long Term
The third and final issue I would like to touch on is work that has already been done in Europe to support diversification away from Russian energy supplies, and opportunities to build more for the future. These infrastructure investments, along with new production (such as Chevron and Exxon from offshore Cyprus and Greece) and a larger pool of LNG suppliers, are how Europe can drive down costs over the long term to ensure competitiveness. As U.S. Ambassador to Greece, I was deeply involved in Europe's initial effort to respond to Russia's throttling back of energy supplies in the run up to the full scale invasion of Ukraine. In those panicked first weeks of 2022, very few imagined that Europe would move as fast as it did to expand regassification terminals and deploy new Floating Storage and Regasification Units (FSRUs). The result since 2022 is billions of dollars of capital investment and some 80 BCM/year in new capacity stretching from terminals in Finland and Germany in the north to Italy and Greece in the south. Notably, almost all of these projects received significant diplomatic support from the State Department and our Ambassadors in the field.
But just as we grapple here in the United States with permitting and regulatory reform around pipelines, terminals and transmission infrastructure, Europe is also working to build the regulatory and commercial infrastructure to support an expanded supply of nonRussian gas. One example in which I was personally involved as Ambassador and then Assistant Secretary was the "Vertical Corridor" to bring gas and power from terminals and interconnectors in Greece and the Eastern Mediterranean up through the Balkan peninsula to Ukraine and the high-demand markets of Central Europe.
This framework has already demonstrated its commercial and strategic value. For instance, in 2024, DTEK - Ukraine's largest private sector energy company - took delivery of its first cargo of LNG from the United States delivered at the Revithoussa terminal outside Athens. In a similar vein, Arlington-based Venture Global has committed to regasification capacity at the Alexandroupolis LNG import terminal in Greece, which currently accounts for approximately 25% of the terminal's total capacity. These American volumes will become ever more important as the ban on Russian LNG enters force. And in November Venture Global signed Greece's first ever long-term LNG supply agreement with a U.S. exporter. Recently DTEK also become the first company to deliver gas to Poland from Ukrainian storage facilities using volumes injected via the Trans-Balkan Corridor, demonstrating the Vertical Corridor's full end-to-end functionality and its energy security relevance for the wider Central Europe region. To consolidate this success, gas buyers and pipeline operators now need to cooperate more closely to reduce end to end transport tariffs and allow a longer time horizon to cover supply during Ukraine's recovery period.
Similarly, work is needed to provide assurances that required transportation capacity will be available along the route beyond the auctioned month. But as with permitting reform in the United States, these are all issues where a solution can be found.
After several recent weeks of extreme cold, European gas storage overall is at a historic low, and will need to be replenished this coming Summer. Much of this replenishment gas will come from the United States, and the coming expansion in liquefaction capacity on the Gulf Coast is a natural complement to Europe's phase out of unsecure Russian gas. Over the longer term, there are also opportunities to build a "vertical corridor" also for electricity and data - allowing for energy from multiple sources to transit the same route. This in turn will require further investment in transmission infrastructure to help Central Europe tap into inexpensive renewable energy resources coming out of the East Med region and northern Africa and projects such as the Greek Public Power Company's (PPC) investment into new data center capacity in Western Macedonia.
Thank you for the Committee's focus on these crucial issues and I look forward to addressing your questions.
* * *
Original text here: https://www.foreign.senate.gov/imo/media/doc/3f67b2a4-9e15-51ce-eedc-027eff8bfafa/020426_Pyatt_Testimony2.pdf
