network. the issue about the migration and the cleanup will continue to discuss. but we are trying to rapidly move toward that shell. >> do we still have contracts with key point? >> yes. >> and this is to mr. hess how many contracts with how many departments? >> our primary contracts are through homeland and opm. >> and so are your contracts active and coming to an end or are you at the end of the contracts? >> they are all active contracts. >> mr. mcfarland, should we be ceasing our relationship with key point? >> based on what i know at this point i have no reason to believe we should. >> that we should? >> no i have no reason we

should cease relationship. >> that we should? >> no should not. >> do you agree with that? >> i do agree with that. key point has taken the steps necessary to mitigate any security questions they have been very activity in working on this. >> my question is should we cease contracting with them? mr. mcfarland said yes -- >> he said no. >> i am sorry i said no. >> oh i am sorry, thank you very much. mr. mcfarland, last question to you, what are the three important things we need to do just to get on the right track and how long do you think it will take? that is the end of my questions, mr. chairman. >> i will give you four, if i could. first we would like to see the implementation of multi factor

authentication and then develop an inventory of system servers, and and databases and protect current structures with encryption and proceed with a disciplined project management approach. and i have no idea how long that will take. >> thank you very much. >> thank you. now i would like to recognize mr. desanto from florida. >> thank you mr. chairman. this is a really, really frustrating hearing and obviously a colossal failure. we have a government that will tell us how much water we can have flushing in our toilets, how much corn we have to put in the gasoline we use to drive our

cars and boats, and the government tells us the type of health insurance we can and can't buy and on the core functions of government the things we need the government to do seems to me it fails habituall and and this is a major example of this. the number of people affected we don't know on the clearance side. we don't know and you know why? it isn't the person that filled out the form that is at risk of this. you have friend, family members, associates, foreign nationals who you may know and china may like to know you are talking about a larger number than just simply the number of people who filled out those forms. and yet it seems to me we just have bureaucratic paralysis. no one is accountable.

did you believe you should remain in your position? >> i am more committed than every to serve the employees of this administration. i am working very hard. and i think -- >> do you accept responsibility? >> i accept the responsibility given to the director of the opm and fulfilled them by making sure we have the right people in the right places and seeking the resources we need to do our work and making sure the systems in place can do the work they are expected to do. we have a legacy system that is 30 years old. we have dedicated money -- >> and i have been here for your statements and heard you make that point. but if not you then who if anybody at opm should be held accountable for this colossal failure? >> i am responsible as the director of opm --

>> anyone going to be held responsible? >> i take very seriously, as i said, in my conformation hearing and many other hearings after including today -- >> what about responsibility? my voters are saying, ron we have people mess up in the government all of the time and nothing ever happens. that is not the world that they live in where there is usually consequences. so you are not committing that anybody will be fired, or held accountable because of this correct? >> i am committing we will do the best job we can. >> i appreciate that but that is not something the american people have confidence in right now given what happened. let me ask people have been warning about the risk of a cyber pearl harbor. obviously the ig warned the opm about vulnerabilities in their

system for years and years. does this constitute a cyber pearl harbor? >> that question was asked to me earlier. we use the severity scale and on the severity scale based on the impact to data and network and we would consider this to be a medium to high severity level event based on the kind of data that was possibly exposed and expelled and the ability for the mitigations that we put in place as part of the plan that would provide a post assessment. >> those are mitigations for the system itself, correct? the mitigations you perform don't provide ones for the capabilityies for some of the people's whose identity was compro compromised, correct? >> correct. we are focus on the infrastructure and when we do

events like we provide mitigation to get them back to a healthy state and prevent thes things. if they are targeted again which a lot of times they are, helping them detect the information quicker so they can clean it up. >> so if china gets blackmail information they could use against people serving in our government in important positions, if china is able to identify foreign nationals who are friendly with the united states and people there is no way you can calculate the damage that causes correct? >> i am a cyber security operator. that is clearly a question for intelligence. >> i think it is a very important question and i think the damage to this is very very severe and i yield back the balance of my time. >> thank you sir. i would like to recognize my colleague from virginia mr. con

connolly. >> thank you for letting me go at this moment because identify identify -- i have to chair another meeting. it is easy to make a scapegoat out of something to resolve responsibility. but we are facing a much bigger threat than a management snafu. we are facing a systematic organized, financed pernicious campaign by the chinese government in the form of the people's liberation army with a trained unit to penetrate weak spots in our cyber world and that includes the federal government and it may include retail and commercial enterprises, banks, and among them to pretend this is ms.

archulet archuleta's fault is missing the big picture and a disservice. we have a bigger threat whether we want to acknowledge it or not. we are engaged in a low level, but intense new kind of cold war; a cyber war with certain ad adsarsaries including china and russia. it is every much a threat to the security and stability of the country and we need to guard ourselves for this battle. it is not okay to dismiss testimony that resources were denied. this committee led the way we manage resources in the federal

government. it is important and that is why people are here before us. congress neglected it. we cannot have it both ways. we hold the head of opm responsible for how they are managing this breach and we have every right to question why the breach occurred. to make a scapegoat in this alice in wonderland world we created with the answer is off with your head. how easy. what a cheap headline that gets. it gets a headline every time. but it begs the question which is far more profound and disturbing as a threat. and that is ultimately what we need to deal with it seems to me. mr. mcfarland, last week your office issued a flash audit alert to raise awareness of

serious concerns of the ongoing overhaul of the infrastructure. your office stated the projabbed management approach to the overhaul is inadequate and introduce introduces a risk of failure. are you saying the project will not do what it needs to do? is that correct, mr. mcfarland? >> no i am not saying the project wouldn't ultimately do what it is hoped for. i am saying the potential for problems exist is very high. >> i want to use the record in a report. entirely inadequate. intro introduce introduces a high risk of failure. that predicts it is more likely than not. >> i agree high risk for sure. >> you also indicated it will

cost too much. you want to expand on that a little bit. >> well the $93 million set aside at this point won't come close. the migration itself is going to be an extremely costly measure. >> the cia spent $600 million using an outside figure but their system seems to be working. but it cost $600 million over ten years. ring a bell? >> i am not familiar with that. >> they partnered with the private sector so it is worth looking at. what is your response to the ig flash audit alert? >> the ig brought up process issues that were very important. i think some we don't agree with. but other areas we do. i think the important thing is to underscore the relationship

we have with our ig and we will continue to value his opinion and bring forth his ideas into the considerations that we make. i do believe that we have to move carefully but we have to work swiftly. as you said these aggressors are spending a lot of money, a lot of money, to get into our systems. we need his assistance we will seek his guidance and we will listen carefully to his remations and certainly consider those as we move forward. >> i just -- final moment mr. chairman, i introduced to federal data brief act of 2014 we blended it into a bipartisan bases into the the safe and secure federal website act, the senate did not act. had we acted we would have had protocols dealing in place for

dealing with this breach after the fact at least, so we could reassure the victims who are federal employees and retirees and i would hope this committee helps prod the system as it did last year only this time getting the senate to act because that is important. thank you mr., mr. chairman. >> recognize the gentlemen from texas mr. heard for five minutes. >> thank you mr. chairman. my mom always told me you can find the good in any situation so let me try to start off with that. dhs caught them. that is a good thing. they were engaged, they found it wished it was sooner but we caught the problem. that is good. i also got a letter from the chief information officer of opm and i am going to read a little: dear mr. heard i am writing to

inform you the u.s. office of personal management became aware of a security breach and you may have been exposed. you are receiving this notification because we determined the data compromised may have clued your name social security number date and place of birth and current or former address. i know ranking member cummings and mica were talking about how this could be used. if this was the chinese any federal official travelling to china, former official is some subject of being targeted about what is going on in the federal government. if it was the russian's all of this information is going to be sold and used against them to drain people's bank accounts and use this to create new access codes to get into private information. if it was mexico's narco which

has the capabilities of doing this it is the home addresses of the border patrol. the spread is huge and the impact is fantastic. one thing my dad always said was it never hurts to say you are sorry. and nothing in this letter should be contrued as the opm accepting liability for any matters covered by this letter. later it says we regret this incident. i am sorry actually goes a long way. now, i agree with what my colleague from virginia had said about this long committed, attack by the persistent threats and my issue is actually not with how we responded to the threat. i think the immediate steps

taken were good things. i believe all of the folks involved in the mitigation of the immediate threat were doing things i think can be used in other places. what i have a problem with is everything before this. right? if you and the private sector the head of a publically traded company, and young was doing your yearly audit, and you had five years of audit information saying that your digital infrastructure had high risk and needed to be immediately fixed, the board of directors would be held accountable for criminal activity. but multiple years -- i did this for a living. i would penetrate the networks of companies and identify the problems they had. and a lot of times if there was a high risk issue we would call the customer immediately saying this has to be fixed right now and the company and customer would do that immediately. then we would issue our report saying here was the high risk report was it was fixed.

a company like ernest young doing an audit wouldn't even put this in the board. my problem is the high risk issues identified by the ig haven't been addressed. key point. i guess my first question is to you. has the u.s. reviewed key points' network? >> yes, we were on site in loveland, colorado and went there based off the events that happened it was decided by leadership we needed to look at contractors performing background clearances. there was no indication that led the team to go on site as the case with opm. this was out of the caution because of the target we saw

associated with the clearance information. we dead an assessment and results came back that caused some concern and we sent an instant response team on site and were there for a couple weeks last summer. >> when we hire contractors are they subject to the same standards of network hygiene that u.s. government networks are? >> it would be part of the contract language associated with the requirements for any kind of network that houses government data there are concern requirements for the laws from 2002. >> and ranking member cummings read some of the remarks. the written information that key point submitted said we have

seen no evidence between the connection of the key point and the opm breach that is the subject of this hearing. mr. hess feedback? >> this is true that the key point shows no evidence of connection with the opm -- >> are you saying she is lying? >> i am saying she is correct in the knowledge that i have been giving there was an individual who had an opm account that happened to be a key point employee and the credit of that man was used. >> we will recognize the woman from from virgin islands. >> thank you. i was listening to the questions

about the vulnerability of the contractors and the questions regarding whether or not companies that have government contracts must keep the same level of security and care that the opm or other agencies would have to in terms of preparing for cyber attacks. i have a letter that was sent from usis to ranking member cumminings and -- cummings -- and i want to ask about comments you made in the letter. in the letter you wrote their council wrote the critical cyber attack defense information slowed in one direction from usis to the government. is that correct? >> in the discussion we had earlier about the shared responsibility to notify from a

contractor to the government and the government to the contractor that is correct. >> you are qualifying it now saying -- >> i am not qualifying it. i am suggesting that we were required and obligated by our contract to notify opm we had an intrusion which we did, immediately, and in the discussion that was held earlier opm recognized that they did not notify usis or i believe key point of their intrusion of march of 2014. >> so in terms of the cyber defense information was it one-way or did it go both ways? >> in my humble estimation it was one-way. >> so from yours to the others. what would have been your estimation been the requirement of opm or others towards you? >> well i am not a lawyer or contract expert or don't have the contract in front of me. but my understanding is that there is a requirement to

notify. say we have an issue. here is what the issue is so there is a free flow and sharing of information. >> so if you have an issue you are supposed to let them know correct? >> that is correct. >> and that is what you felt you did? >> absolutely. >> what did they do about the information you gave them? >> the certificate team? >> yes. >> we invited them to the facility in grove city pennsylvania, formally via a letter and the team arrived shortly after receiving that letter. they aenumerated the network and under under understood with our technicians and others hired what transpired from the time of june until they arrived. >> so why does your letter say

no briefing has been disclosed? >> i didn't write the letter -- >> you are testifying for your company. i am an attorney and i would never write a letter for the company without the entire company. >> i am suggesting i didn't testify the letter >> was the letter correct or no? >> we didn't receive a briefing from certificate as to the findings they had via of the intrusion. >> let's ask them since they are here. >> if i could finish. we did receive recommendations relative to what we might do -- >> that is not a review? >> our invitation requested their assistance in identifying threats to our network and we did not receive that. >> let's ask you about this.

>> i was on site with a team and law enforcement partners. we worked as part of the team and we were working with the system managers and we are informing them at the end of the day -- >> how many days did you inform them on a daily bases? >> we were there tokes. -- >> how many days did you inform them on a -- there two weeks -- >> we were there about two weeks. >> that's at least ten report ooze. >> we worked through the weekend. >> that's 14 reports they were given asserting what -- >> the daily findings. and they can change. >> did you find something and give them ideas of what needed to be done? >> why we were able to discover there was malicious malware on the network and comprpecifically -- >> how did those compromised credentials -- what were the two areas you found within their own system that should have been taken care of previously? >> we found a lack of some security mechanisms that would

have helped prevent this. we weren't able to find the initial point of entry. >> can you talk about the lack of logging. >> there's logs that can help us piece together what happened within your network. >> why weren't those there? >> it's a risk-based decision. it can cost a lot of money -- >> it's a risk and cost decision made by the company itself? >> it can be. it can require quite a bit >> >> i cannot answer that specifically but i can give you the reasons i have seen a white people are not having the historical logs because of the volume of data. there are millions a day and that is quite a bit of

storage. >> so the letter we sent would you agree with the assertion? >> no. we did provide data reports as well as a final signings report we went over that also a mitigation report and i have documented evidence of all of that. >> teeone to respond? >> if i may. it is my understanding from the investigators felt was found according to the comments was not information they had note -- not already discovered. >> the law begins needed to do deeper forensic was something they already knew? >> to confirm the forensic evidence of the third-party partner so what he is saying

that it was a confirmation and we already confirmed with a third party forensic firm that they could discover additional findings >> we will have to further explore that but we will recognize that gentleman from alabama. >> last week i brought up a letter from the staffers ms. archuleta, estate may have then a compromise with the cybersecurity pac but earlier you disputed a number of people that are affected by this but after a question people it goes beyond the form 86.

i want to know the vast amount of personally identifiable information was that likely exposed by foreign contractors outsource by opm and opm failure to abide by the regulations. >> can repeat the question? >> i will rephrase. do you stand by your assertion this is limited to was smaller group than was indicated in the media that it extends beyond those to fill out form 86? >> thank you for the clarification is not -- important not to equate them to incidents with the employee personnel records. >> i am just asking. >> the second incident we have not determined the number yet the scope of that

incident or the number of employees affected. >> so is yes there is more. that the identifiable information to put the matter rests to put a secondary groups at risk to have a personal e-mail address that the pre-jews occurred there personal e-mail address that all employees and a the secondary relationships that was exposed there as well. >> working on the analysis exactly why we're taking our time to major is accurate.

for other information and other individual. to look at the data because there was no pii. >> i am talking where the breach occurred as well particularly with the immigration enforcement customs agency in the "wall street journal". i brought this up to last week i can provided to you but where they got in on personal e-mail addresses that would expose everybody. i will go on to something else. you received a letter last week from senator mark warner with specific questions about a contract awarded to csid had

responded? >> we were attempting to. >> have you personally? >> i have read it but i don't know the response has made it through the system yet. >> he raises a question about the contract awarded to csid. it didn't go through the normal process and was awarded in 36 hours? was intentionally steered into a csid? >> no sir. >> who made the decision? >> i would ask donna to talk about the process. it was fair and competitive. >> fair and competitive. >> our contract officer made the selection. >> did you evaluate the management of csid? >> i did evaluate the

technical and cost proposals was selected to evaluate the people? >> i have is a maze -- resonate for the key personnel in the proposal. >> what about the board of director. >> know i am not. >> do you know, one of the directors owen lee? >> i do not. >> my time is expired. >> from start to finish when you got their proposal you awarded the contract? >> i would have to look exactly when we released a the rq, i don't want to

speak so i will find out a sickly when we released the rq and we awarded the contract. i don't have that data with me. >> it was less than 48 hours? >> it was about bath timeframe. >> how much money? >> the contract is $31 million for the services provided for credit monitoring notification and the identity theft insurance >> why but that be so fast? >> are there other companies that could do just as good of the job? >> we received a number of proposals we evaluated based on the government's needs. several requirements that we put into the rfq that the

companies responded to. we judged against that criteria and they provided the best value to the government based on those requirements. >> when you give senator warner would you extend us a copy of that as well? >> yes sir security raises questions to mr. palmer and we will pursue that smith the gentleman from pennsylvania. >> thank you. mr. chairman, i find myself utterly dissatisfied with the explanations we have heard today and i want to trade my attention on new. you have made fine distinctions about what that employee of your company was doing, the one that got hacked working on opm system at the time and because of that pack -- hack and led to

this successful hacking of the opm systems. did i correctly described that? >> we actually do not know how the employees credentials were compromised >> but it was the key employee? and you are the ceo of key point for you are denying accountability for the opm hack saying they were working on opm system not key point. >> correct. >> we have an individual opm credentials taken that was the key point employee per coated that key point employee have opm credentials as part of his or her scope of employment with key point? >> correct. >> so it isn't a coincidence that the chief point employee had opm credentials

and was part and parcel as scope of employment with your company. >> correct. >> it was key point paying this person working on the opm systems at the time? >> correct. >> to understand end the traditional process of the lot key point is responsible for the acts of employees acting within the scope of their employment with your company per you understand that? >> i am not familiar with that contract. >> you are here today because the cyberespionage irish succeeded to breach very personal information that your company was entrusted with two 3/6 2015 my ranking member mr. coming sent you a letter requesting information about the data breach it requested a number of documents. did you get the letter? >> kinnealey upon receiving

a letter key point council reached out to the staff to arrange for briefing and we try to have a date and time set up and we're still waiting for confirmation. >> you got the letter? more than five months later you have not responded with documents. >> we reached out immediately to the ranking member staff to brief the staff and we have not received a response. >> let's go through the document request of a log of all successful cyberintrusions into your company's networks in the last four years. that is a reasonable request isn't it, mr. hess? >> i don't find that a reasonable. >> will you provide this to the committee? >> i will take a back to my team and let you know . >> you are the boss? >> i am sc0. >> below get your permission from your team that works

for you? >> i will discuss it. >> the forensic analysis and reports concerning the data breaching curve -- including to the vulnerabilities to malware. when will we have these? >> will take us back to my team. >> o list of all federal customers affected we provide those to the committee? >> i'll take that back to my team and let you know, . >> your company exist, it mr. hess because of the largess of the united states federal government. we expect you to respond to request to this committee. mr. cummings does not write letters because he enjoys writing letters be he is concerned about the security and safety not only of federal employees but of the united states public. this is really important we've please treated as such? >> i do. we responded immediately to

a congressman's staff. >> by responding in calling but not providing documents. we want the documents, mr. hess. i yield back. >> i just want to clear this up because you just said something about my staff. it is maya understanding that they did get back to us but for months and months back and forth because you did not want to agree to the scope of the meeting. then just recently because of this hearing, you finally said scrap the limitations on the meeting, the scope and we will meet. i don't want you, none of you have the information but be accurate. >> that is not information that i have.

>> then it is inaccurate. >> i will research that. >> is a reasonable by the end of this week to provide documentation over the meetings over the last several months spent a guy will take it back to my team. >> you are the ceo. [inaudible] >> i just want to see the documentation. >> i will request the neck know where we provided information to this committee? >> no. give me the dates for troggio are the ceo. >> i will take their request back. >> no. i need an answer.

day want me to issue a subpoena? i will sign it today. give me a date that is reasonable. >> i need to take the never mission back to my staff. >> server. seriously. when we provided information? >> i am trying to be helpful. we did reach out to the congressman coming staff upon receiving the letter and we did not receive the information. >> my asking anything unreasonable to provide correspondence? they have their half i am trying to give equal opportunity. >> diane the stand that. >> when it is a reasonable date? >> i would get back to with that information. >> no. decide before the end of the hearing. all the council behind you it is a reasonable question. it is not unreasonable. if the think it is but i

want to see the correspondence. council all you want but i suggest you keep the date. >> i have two comments before i ask questions. what i think the congressman was trying to catch is that it surprises me that you folks are not more contrite over what happened to you don't understand the enormity of the disaster that has happened here. second sadly this is all too often common for government and something that i think this instance should remember as we pass bills with huge databanks of educational or medical and information because of the people don't display a more sense of urgency bagnio them

the possibility to have been -- happen is something to consider. mrs. seymour, you are in charge of overall of this? to do you feel you have the skill set to oversee something of this magnitude? >> i don't ever think i have the skill set to do something this large that is why i employ people who have of broader or different skill said stanley in various areas. i don't have all the technical skills i would need it takes a team. >> okay. in your past positions have you overseen? what are those largest projects? >> i have overseen very large projects those said my

past employment with department of defense as well department of transportation and systems that were enterprise wide for a large population like opm. >> size why is? >> how could they complete the projects? >> how some of them are much faster than others some of them are delivered within when your son took multiple years and the way that we are changing the way we deliver solutions we try to find a viable product of the capability to deliver within

six months segments. >> how quickly can you complete the trend? >> when restarted the project we divided into two pieces. first we would call the tactical phase for the network rehabed today with security tools into the current network. that allows us to find this activity this year. the second piece we estimated it would take approximately one year to deliver that. that project is on schedule and on budget and we will deliver the shuttle environment this fall. the next phase is migration and we recognize from the very beginning that we did not have a full enough scope

back through june of 2014 did i have a scope or understanding of what it would take for that migration and that is why we only contract for the first two pieces and as we work through the project we can better estimate and a stir at the -- underestimate what is needed but there were some systems that were very old almost 30 years of you would have to migrate. we focused on those first. >> before this committee referred to the fact that you deal closely with the ig. the last time they had a major ig project you did not

notify is there an explanation? >> i am not aware of a requirement to notify that ig for every project that we take on. with our budget request for a 2016 to talk through the project to document and we also discussed on a couple of occasions they have been interconnection and some systems to come along with us if they provide the services. >> that is not something you would tell them normally? that is not a necessity to

notify them? >> based on my experience, no surprise i would not normally advise the idea of a project that doesn't mean i am holding the information but i also know that we discuss that we're taking on the project to modernize their systems to upgrade to meet the security requirements for this project. >> we recognize the gentleman from new mexico. >>. >> i just got back down to this hearing with the leadership of one of the five national labs and celebratory that is dead my district of albuquerque mexico it is part of the

constant threat of every minute of every day it is against days cyberattack as a constant threat and they are clear that is the environment it is clear they need our support to be proactive both internally and externally with that constant surveillance. and i am extremely disappointed in the reaction of this panel at this hearing. we know there are issues we have to deal with and we are accountable and you are liable. what i hear is none of those are occurring if you don't provide the answers that we

requested in the documents you cannot help us be sure that radical of the identifying the scope that means you become part of the problem again. and i find it offensive that is what is happening. with thousands of federal employees in my district and thousands of employees around the country and we are all scrambling who is the most accountable and liable. there is a lot of work to do. with the legacy systems for the next potential breach.

and how we treat these some folks -- employees so ms. archuleta i'm holding the letters that my employees and my constituents have sent. i am concerned about the aspects of the letter to talk me through and how you came to these conclusions and to in the letter you say the information could have been compromised we don't know when you will find out about adults and up teeeighteen ted kennedy theft for 18 months. what happens if you have an issue after the 18 months? will they be covered? >> the individual on identity theft, yes. >> even though it says 18 months, when will we know that in writing? these are lifetime issues

unfortunately they don't go away. once that has been a compromise that is a problem. the consequences are not just 18 months it is seems that people should know there will be protected and supported your respective of the time frame. >> by vendor stand your concerns. i understand the responsibility we have to our employees and i take that very, very seriously. but the difference between exposure and infiltration could be the data was expose and not infiltrated that we feel strongly we need to offer the same protection to all employees. >> guys want to know you will be responsible and supportive. >> absolutely.

>> for though long-term so they could expect another letter that says we are here? i read that carefully eyeing agrees to for the contractors for that support and restoration but in addition you have to call the outside the embers and credit agencies for cry would strongly encourage o there should be a phone number that i can call at opm. >> by law they have to enroll. >> i understand that to manage and support i expect the organization the source is available i don't know if you have done mystery shopping to do the toll-free

numbers and i suggest we step up but there is an immediate response. >> i appreciate your comments and i do agree we need to hold our contractor responsible to institute new ways they can respond to the employees to use that as a say model -- ssa models and nobody has to wait. >> thank you, mr. chairman and letting me sit in on the hearing. talking about opm we do plan on doing some hearings like colleagues have mentioned i

received a the same letters as tens of thousands of my constituents year like mr. connolly. i had the unfortunate experience tuesday my tax information was compromised but that is probably another hearing. but what i am concerned about is i am not hearing leadership. the data center in my district a sea of the things they have in place and of leadership coming from the top by sea of very strong culture in the cybersecurity saul my question ms. archuleta you came 18 months ago and you understood we had a very real threat from china it is constant and something you always go do you understand that?

okay. so but we know here and we're not up to speed in terms of the problem. that we know they are bad actors but over the 18 months how many meetings have you yourself had personally were it is exclusively about cybersecurity and who have a bed with? >> i have those with individuals throughout government with my own staff and i would say since the 18 months i have arrived that there are actors and there are a grass -- aggressive

and well funded. >> i appreciate that. have you visited private sector data center? >> i have had discussions. >> but have you visited? >> yes. other companies of cybersecurity that is not the one that we discussed this is the plant the we hold one in the near future to bring those the virginia to access. >> in the past 18 months you have not done that? >> not personally on cybersecurity issues with the private sector. my colleagues from across government have and i have

been the benefit of those conversations as well as other government we recognize cybersecurity is the enterprise issue for all of us in government and it is in just one person who has to take responsibility. >> but for those who are leaders the person at the very top past to take the role that when they had this breach it wasn't just the cio but the ceo. that is how it is referred to in the private sector. so a point made by mr. mcfarlane have you discussed the recommendations personally? >> he brought some of those to my attention also with the audit.

n then do talk about the audit to move forward as we always have. >> one of the questions is how many people in my district have been impacted? it is a fairly simple question because you sent out 4.2 million letters. so you should be able to tell us how many people we have in our district that has been impacted. i have heard from many that have a lot of questions lot of the federation of the employees we don't have time here but a simple question that was not answered i will

share that data with you. >> i yield back. >> mr. chairman i apologize for having to leave. it is very troubling i have a character flaw i give the benefit of the doubts of a bite to give you the benefit of the doubt, 86 but the flash report is concerning so mr. mcfarland in our opinion the major structural overhaul is entirely inadequate to introduce a high risk of project failure having sat here to listen to multiple hours would ensure the full of confidence of opm is high interest you stand by that comment? >> cry stand by that comment

>> and to ask for comments by june 15 and extended then june 17th we still have not received comments indication they are forthcoming. did you get them back? >> i think we may have gotten them back that day. >> i got something this morning with the critical i t system but it does not have a specific date. ms. archuleta is this response to the committee? >> i am familiar that action plan you receive today is that i have developed with my staff in response to a very serious issue it

outlines what we have done and what we will be doing but the response to the idea on the flash on it we have not had the opportunity because of the time period but our intent is to make sure he is engaged in that revalue his opinion and the work of his staff. >> sari or distracted but ms. archuleta says she value your input but you have not gotten that from what i ascertain from the written commentary? >> what is on paper. >> day you have confidence

was teesixteen relationship will improve? it doesn't seem there is any evidence. >> in general i think we have a good relationship. [laughter] true. i think we do. regarding this matter, i think we are worlds apart. $93 million is not even close and the ability to succeed that there is the high risk that these efforts will be unsuccessful given the horrible consequences of what has already happened as a matter of fact it sounds like it will be worse. >> concentration may be very successful what i think is planned is dangerous.

>> but i must tell you sitting here but i --. >> i take very, very seriously of what happened. >> but that does not appear to be the truth. >> what i have tried to do today is to convey to the numbers house seriously i take this and we garner all the resources including the opinion of the ig. but we do have other areas of agreement. with a discussion between the and the ig. that is an important step.

i work closely to make sure we're doing the best job that we can. i take his information very serious they don't want to convey i am petulant but i am respectful for the position he holds but i do feel passionately i'm the champion and have worked very hard and if i sound passionate i have to say that i am. >> as a personal observation we can feel passionate but not be capable. i think we need to have a serious conversation. that the current administration is competent enough.

>> i think the gentleman gets to the point i was trying to get to earlier. the question becomes the head of mr. mcfarland to say headed down a dangerous path >> i believe so. >> to say we're headed for very serious trouble. the definition of dangerous? >> absolutely. >> ms. archuleta, our problem is this. we sit here to have the ig that we believe bin and trust. the ig says that you need to take is a vice and what you

we're doing will not get is there as a matter of fact may harm us. am i right? >> correct. >> so you put this in a difficult situation. we have not been given notice for somebody we rely on. but you expect us to be supportive of you. know no-no. listen to me. that is a problem because you put us there. so if this happens again it gets worse then people say wait. you were sitting there. you heard what the ig said. that is the position we find ourselves. i don't care if you like each other or not but the

question is it sounds like you are refusing no, no, no. answer may. -- we. because you disagree but you say we're going down a dangerous path. , one. do you have a comment? >> the flash audit identified an issue that is meant to alert the administration about concerns and give there is an opportunity and to sit down and find out where his concerns are. if he says it is a dangerous path to want to specifically know why.

>> haven't you told her that? is this new? >> as far as dangerous. >> but you told her the urgency of the moment and the problems we are having. >> absolutely. in a letter. >> he sent the letter. and we have not had the opportunity to sit down with hamper i take very seriously his concerns mr. cummings. if he uses the word dangerous i need to understand clearly from him and his staff why he attaches that word. and to need the scrutiny of him and i together to protect the employees and the data and the system. >> with all due respect, i know you are fairly new to this position but the audits

have been coming since 1997. they come year in and year out and have happened and happened i started the other hearing by reading through all the comments that have come a long. this is a flash audit you have not had time to talk about it the you can award a multibillion-dollar contract to less than 48 hours? that is what we don't understand we're almost done but it is in just one audit or one observation but the inspector general's office has been warning about this since the 90's and it has not been taken care of. >> thank you for pointing that out and i acknowledge that for i have been here 18 months i took seriously the audit that came before me and that is why i have taken the steps. >> i don't believe you i thank you are a part of the problem for differ results

we need different people if you want to refresh the deck to put somebody else in charge, led to it. we have a crisis. i don't want to hear about putting boards upon windows and take years to get there. that is why i think it is time for you to go. i'm sorry mrs. seymour i think you're in over your head and the seriousness of this requires new leadership and i wish you both with the best of life and i am not here to get you. but this is as big as it gets. there will have to be a new team brought in. that is for ibm and -- where i am asked. i yield back. >> recognize myself. >> talk about the timing when you will provide the information i asked for previously? >> by next week. >> very tough. >> if we can get that

information we would appreciate it. >> i will follow-up. i have mr. cummings back and i will support him and i appreciate the cooperation. i will now yield to the gentleman from alabama who'd brought up the great point to go through the contract timeline. thursday may 28 of this year at hack 33:00 a.m. opm posted a request for quotations credit monitoring an identity theft insurance and recovery services and project management. may 28 at 1:46 p.m. opm posted a pricing she. lace 29 that won 32:00 p.m. opm change the deadline to may 30th. at 2:45p.m. that posted another change to delete the

clause is in on tuesday june 2nd event was awarded i didn't note the group they could be nice people but they immediately turned around to subcontract to a group i don't know about. so i will have mr. palmer asked you questions about this. >> of course, this is you mrs. seymour, it you know, any of the management at csid? >> not that i am aware of. >> du and have any knowledge of the management of csid? >> no sir. i have key personnel resonate -- resume in the proposal. >> what about the ceo? >> no sir. >> james wants to work?

>> there are only directors and the one i asked about earlier was owen lee. >> i have no recollection. >> you gave a contract in a very sensitive area that impacts millions of people potentially their financial well-being, their careers and it appears you did not do the most basic research into the company contacted with. and you may have discovered it owen lee is under investigation with the department of justice and exchange commission. they are looking into his management of a group which in nine months he lost 99 .7% of the money invested in

the hedge fund. mr. mcfarland, i will ask you this. have you raised a red flag with the inspector general's office? >> absolutely. >> i have listened to mr. cummings as the more questions and have about how opm has handled this. with that basic analysis just adds to that. mr. osborne and testified last week are you aware of the outside contractors had

to contract in the work for them? misses the mark -- seymour? >> have you contacted any of this work to foreign nationals? >> not that i am aware of. >> this is from "the wall street journal". some of the contractors that helped opm managing internal data has security issues of t&mrr own including potentially giving foreign governments direct access to data long before the reported breach. doing it work with the country -- the company to manage personal records for a number of agencies the administrator for the project was en argentina and the co-worker was in the people's republic of china and they had access to every database.

another team that worked with the database had to team members with the republic of china passports. i know that because they've revoked their privileges. you are not aware of that? >> i am aware of the federal employees who have ties to foreign countries they are u.s. citizens that work on our programs. >> here is what is says from his perspective and his take on the current preaches what is new? i yield the balance of my time. >> cry would ask unanimous consent for this article of a hedge fund managers said

sari from losing 99.7 of his clients' money is investigated by the department of justice. are you aware that contract from winvale was going to be a subcontract? >> winvale included in the proposal that it was subcontracting or partnering with csid. >> when you did your due diligence and to the people and involved and engaged in this, i did that include the employee's and the board of the subcontractor? >> it did not include the of board we used past performance and other systems to research of firm to make sure they're qualified to do work with

the federal government. >> to you personally know anybody in any shape or form involved in those companies? >> not to my knowledge. >> and not from the 0:00 p.m. then of those people? >> i don't know anyone working for those firms. >> do you know anyone? >> not to my knowledge. >> somebody who lost millions of dollars under investigation by the department of justice. how do these people get the contract? okay federal employees now go give them your information. that is the kind of people we're dealing with. not saying he is guilty but he is under investigation so why didn't you go to the

gsa? there is a list of approved vendors why not use them? >> we did consult with them there were some requirements but some on the schedule. >> like duplication of services is one of them. we were setting up a contract vehicle to use is of teacher we want to set up of vehicle that would not cause us to pay our offer the same services to the affected individuals at the same time that is not something the gsa schedule afforded us to reduce even after we talked with the schedules holder. >> this reeks i am understand the gravity of this situation you will

deviate from that then immediately to subcontract i would encourage your as swiftly as possible to get back to senator warner of that committee. i do need to ask about the credentials ms. archuleta. is there anybody in the opm system employee or contractor that is a foreign national? >> i want to be sure. i will have to come back. >> is there anybody that is a foreign national involved as a contractor or directly as an employee at opm? >> i will get back to you. >> the fact that you don't know is what really scares me. that you don't know. >> i know about my staff, 280.

>> how many have credentials to become a network administrator or have access? >> about 50. >> so those 50 people how often do you routinely audit? >> frequently like monthly we have processes when people come on board and when day of the free remove access privileges. >> do you review the traffic? that is what happened someone gained access. >> that is how we could track through to understand the background investigation. >> after more than a year. >> yes, sir. >> how often do you track that? >> we put the tools on the network over the last six months to see this type of activity. i again when i came on board i recognize the systems were indeed of modernization and

we put in place a plan and began to execute immediately to have visibility with the network and let us to understand though blatant activity that went back prior to my arrival at opm. >> i have a series of other questions but i yield back. >> mr. chairman and thinks to you for being here and mrs. seymour the opm legacy system that you are currently using kobold a system developed in 1959. correct? >> i do not know when it was invented by esp are in some of our system. >> according to our research was originally developed 1959 that is the system we're using. >> yes sir,. >> ms. archuleta teethirty

has spent $577 billion on 90 -- information technology? >> is that close. >> i would have to do trust your judgment i could get back to. >> is that in the ballpark of $57,710,000,000,000 give or take a couple hundred million. >> i can tell you what we spend but yes. >> $577 million since 2008 but still using a legacy system developed 1959? >> i agree totally. we are using a legacy system designed in 1959 and what we're working to change. >> approximately 80 percent of the i.t. budget is spent

on legacy systems? >> right now we are working off the legacy system that is why we make the investment into a new system. >> i'm sorry. i am flabbergasted it is mind-boggling that we could spend $577 million and second and it is just amazing that we're doing that. but the flash audit indicated the estimated cost for zero the two phases of infrastructure improvement project would be $93 million. is that correct? to macassar we put together the plan with a very robust interagency team and was reviewed by a number of experts. >> $93 million? >> yes, sir. >> i'm sorry.

not to be dramatic but $93 million? >> that secures the legacy architecture. >> the one developed in 1959? >> not all of it. >> but if any of it was. >> network was designed a decade ago. we tried to use shore that up that is part of what the money is going to then to build their more modern and secure network tip the transition to a. >> it is my understanding despite the millions of dollars that we still use paper forms? >> a number of business offices still use paper forms. >> we spend $577 million on

i.t. since 2008 and we still use paper? maybe they are better in this case. >> i cannot speak before me but to see this stage of the i.t. system i worked with ms. archuleta to put together an aggressive plan to migrate to a more secure network. >> does that include paper forms? will we have paper forms after the adjustments? >> we went to remove as much paper from our environment as possible. >> i wonder if that is a move in the wrong direction ellis' region have control over paper former don't have control over the computers and the information on the internet. >> i would offer there are security concern dancehall -- concerns with paper as

well with violations as you leave that around the other issue. >> do we leave paper round? or if you work with it. also with paper there is not a backup system. >> i agree with every point you are making but we spent $577 million and still using paper. . .ement system. we're working twartsdz that that will eliminate a lot of our paper. we'll modernize our systems and provide better protections around our -- around data and our systems. >> i think -- >> what we do that includes that $577 million that we've already spent? >> i'm sorry, snir. >> this is going to be more problem we throw at this problem, right? >> sir, i cannot account for

what happens happened before me. >> thank the gentleman. we have a vote on the floor. we'll recognize mr. cummings for one more question. >> i'll be very brief. thank you very much. i want to go back to this contract contract. winvale got this contract is that right, mrs. seymour? >> that's correct. >> what was the process? it doesn't smell right. something doesn't smell right about this process. winvale gets it and then they no sir. the proposal that we got was from the partner. we knew up front that they have support from csi be. it is a part of the proposal. >> and you didn't know about mr. lee? hispanic no i did not. stick did you know that his apology for losing 99.7% of the $60 million went viral in march >> no sir, i did sir, i did not.

>> and so the question becomes do you think that you should have done better due diligence? >> we vide the due diligence. there are several ways the contracting officer validate. >> this concerns you i take it. >> yes of course. >> because of the reasons that you've espoused it was very fast and as a matter of fact a few days ago we were talking about that in the office and we are going to be looking at the. >> i just have one statement real quick mr. chairman. i want to conclude and invite the contractors here today. we've obtained a significant information that but they've also had many unanswered questions. they have refused to give more than a year.

i am concerned he may not be there in a couple of weeks, so we need to follow up on the integrity. we also ask the key points of the documents that we originally requested months ago. and he will press them to provide those. i think if you understand how frustrating it has been to me over the past year. so thank you for helping us get the information that we need. i hope we will be able to get all of these answers and i hope it won't require a subpoena. with that i would think you and your back. >> we are now at the halfway point -- i'm just kidding. you have been sitting here for a long time. >> i want to go back to some of your previous comment.

it was in march of that year. at the time you said they didn't have a breach in security. i think that ms. seymour was candid that it was a breach in security. is she gone? >> as i explained earlier, the conversation was around and i answered in another context. >> but you don't believe there is access to see that information. >> i don't believe that there was nobody that was preached and exfiltrate it. >> but >> .de belief that they had access to have to look at? >> that's why we understand that there was a breach. i'm not the forensic. i don't know what they did with it. i was assured of and responded in that interview is there was

no pii extricated from the system. >> so you did know that the network platform essentially was exfiltrate it. you did know that? >> as i said the question was around the pii and that's the way that i answered it. >> i'm asking you now do you believe -- you knew somehow i would hope. >> she informed me that other date i had been taken but it was not -- it was in a different context of the question. >> but that was essentially a blueprint of how it worked correct? >> she had informed me that some manuals have been exposed and exfiltrate it coming yes. in that interview the question was around the pii. >> so you didn't know there was a security breach, correct and

you didn't know there were things other than the pii network potentially exfiltrate of correct? and what do you think is the bigger success stealing the files for tens of thousands of employees or the the titles for 32 million up to 32 million million and please? and >> i believe that all of that is very important. i can't distinguish between both of them. they are each equally important. >> landed a first gain access to the network? those are the ones we just learned about. and maybe she is better positioned to answer that. >> either one of you. the actor's first gain was in november of 2013. >> what we learned about click >> that was a 2014 intrusion that you are referencing.

>> sorry command that was in what timeframe? >> we were able to confirm based on the assessment that they had had confirmed access in november of 2013. >> okay. i think you were going to say something. >> i was going to clarify for the most recent incident at its june of 2014. the access to the officer had was june of 2014 i believe. >> is it possible that when they took this blueprint, i call it the king of the key. did they come back and still these millions of records click >> these are available manuals typically for the commercial it equipment. so coming yes it was. an adversary and an understanding in the platform.

they didn't get specific configuration diagrams of our environment but these are commercially available. a lot of them are commercially available documents about platforms. >> did they include any proprietary information? >> it didn't include the proprietary information or specific information around the architecture of the environment. it was associated in certain types of platforms but again as stated above that information is also publicly available and it is available on one of those. >> did they have access to be able to see the information regarding personal employees? >> in 2014 is that the incident? based on the on-site assessment, we didn't, we were unable to

confirm any of the information. so not only the question of seeing it. there is a certain portion of the network specifically focused on and they were not able to infiltrate into those portions of the network. >> if ms. seymour was responsible for negotiating the information in 2014, who do you hold responsible for the loss today? >> i hold all of told all of us responsible. that is our job. we work very hard to do this and we work with our partners across the government. i know that you are perhaps tired of hearing this from me. but we are facing an aggressive attacker. we protect against these each month so we are working very hard to do that. we are working extremely hard to

prevent the type of things we are seeing here today. >> you are going to get some documents, write? we've been requesting documents for a long time and i want to make sure what documents you are going to provide. are those the ones we have been asking for? >> [inaudible] >> i can't hear you. >> we are going to be addressing a letter to the extent that we are able to. >> i think that he will represent a number of people that have fixed a lot of the stuff in the patriarch of care about this country. to that extent, please let them know how much we appreciate them and all that you are doing. we will have somebody help you and it's been a while thank you for your participation today. we stand adjourned.

[inaudible conversations] >> new jersey governor chris christie is expected to handle the presidential field tomorrow at an event in livingston in northern new jersey. we will bring that live at 11 a.m. followed by the calls and reaction on the companion network c-span. right here on this he this he sent to all this week we are

featuring the tv in prime time. tonight at 830 fighting against terrorism. fascinating women that described

the scrutiny of the white house and a great summertime read available from publicaffairs is a hardcover or an e-book. through your favorite bookstore or online bookseller. the senate subcommittee recently looked at the environmental protection agency's renewable fuel standard program. the agency develops regulations requiring that a transportation fuel sold in the u.s. contains a minimum volume of renewable fuel. the epa is proposing an increase in those volumes.

members heard from janet's heads the office of fair and radiation and the hearing is turned by the oklahoma senator james langford. >> good morning everyone. >> i want to welcome everyone to today's subcommittee hearing on the renewable fuel standard was privileged to chair the hearings on the topic and i look forward to another discussion regarding the renewable fuel standard and its management. we will do our best to improve the nation's energy security and to the environment. since 2005 the reduction has nearly doubled. meanwhile other regulations such as the fuel economy standards, the economic recession has led to the lower demand. additionally the use of natural natural gas and improved energy efficiency have lowered the greenhouse gas emissions. many years it's just the annual mandates. statutorily they are required to release the mandate by november 30 of the preceding year to allow those covered in the future.

the epa hasn't met the deadline since 2009 and we are still awaiting for the final version of the "political connections" volume that is been over for six months. it was made in december of last year we wouldn't see the final rule until the calendar year was over. the agency cited significant comment and controversy and it's the reason that they couldn't families the volumes. seemingly come in the omission of the program is unworkable in its current form and there's a tremendous a lot of controversy around it and a lot of opinions circling a lot of emotions around this particular issue. in accordance to the court order on june 1 2015 the proposed mandate for 2014, 2015 and 16 were released together although some i say better late than never, we need to look at why these were unavoidable every year now under the current law. for the actual numbers the epa has proposed 2014 and 15 requirements including the increased unattainable at times levels of removals and those in the gasoline supply over the next year and a half.

the epa has chosen to work with the actual use volumes to 2014 to the future mandates called for by the proposed rule representing the aspirational goals with very little time for increased consumer use of the vehicles equipped to handle the ethanol fuel. the advanced fuel required would have to be reset by the epa starting next year and increase the regulatory uncertainty. this would likely be triggered to the agency waving significant percentages to the volume and david in the production not being nearly as high as amended by congress in 2007 when he was last modified. with the research again congress is that the rule in 2007 but the epa has to figure out how to manage it since the production is as close isn't close to what was predicted in the statute. for the decade of implementation, we must ask ourselves the goal of yesterday or the increased cost to the

environment. the price of livestock and feed the restaurant owners come to the everyday americans who live with more expensive grocery bills the programs have a negative impact in the areas. the concerns over the damage also been additional costs to the voters at the pump on the environmental front to new studies are highlighting the programs negative impact on the land, water and air specifically today we have an opportunity to review the management of the program and take stock of the current state of the art and i anticipated the site will hearing and am pleased she could join us. thank you for being here. we look forward to re-examining the issues with my colleagues and witnesses today. with that i recognize the ranking member for opening statements. >> thank you mr. tremendous. i wanted first to say i wish we were not having this hearing today. i wish there were no question over the management or the environmental protection agency's ability to implement as the congress intended. but unfortunately we are at a place they have created i think

in some ways unknowingly the uncertainty to the producers from corn ethanol to bio diesel to be cellulosic ethanol producers and this uncertainty and lack of predictability is costing us investments. it's costing us environmentally and it's costing us jobs. i'm a strong supporter of all of the above energy policy security along with the senator and my state is one of the leading producers although we are never -- i don't know where oklahoma is on that but we are number two in the production of oil coming in to have a lot of associated gas. we have a lot of wind resource and we certainly have a lot of audio resource and so this is the huge issue to my state. and i can't believe i think all of the above is a part of that all of the above policy. when we look at what it means to my state of north dakota alone

the industry represents $2.5 billion in annual economic output. almost 9,000 jobs in oklahoma it helps create about 4300 jobs. wisconsin 4.2 million economic output with over 19,000 jobs and in iowa obviously a major ethanol and biofuels producer 19.3 billion with almost 74000 jobs in the mix and so i think i could go on. these numbers are important to highlight because it is critical to our economy and that's why it is so important that it be administered correctly if the congress intended. i'm glad the epa finally released the new proposed rules for 2014. obviously late. i don't think that anyone can say releasing those numbers in 15 where there is a finale to grow the rule and won't be until the end of 15. 15 rules were not timely.

there is no doubt about it and that would create a great amount of disruption. but i do want to take and praised this important first step and i want to thank her for her leadership in making that happen. unfortunately the proposal continues to ignore the congressional intent and reduces congressionally mandated blend of of volume citing the availability of the distillation capacity. the statute only allows for an inadequate supply labor for the domestic biofuel supply and that is the distribution capacity leader. impact in 2005 the house included a provision for the distillation capacity. but the final bill passed by the house and the senate did not. so i hope that when they put out a final rule in this november they will talk about this flaw and there's a lot of reasoning and return to the management in the program to the way that congress actually intended. if they do that the program will work just fine as it did in the first years. i think certain people to be the top concern when it comes to

better regulation legislation or anything else that we do here in washington. and certainly on this committee we spend a lot of time talking about predictability and certainty as an essential component to the proper business environment. providing the certainty for the producers and the businesses is absolutely critical so they can plan long-term and burger business. congress provided that certainty and 2005 and 2007 is passed and amended by sitting there equally volumes and guidance on when the volumes may be waived. the best way to get back on track and provide certainty i think is to follow these very clear congressional mandates because this has real consequences i mentioned earlier the contribution that has made to our state when managed out of line with congressional intent, you could imagine the negative consequences. in fact the advanced &-and-sign the logic sectors have already lost 13.7 billion in the investments due to the epa

delay. for the biofuel 54 plans in 30 states have closed or idled because of the lack of certainty from epa. in 2015 nearly 80% of the u.s. biofuel producers scaled back production at almost six out of ten idled production altogether. i know this has a certainty because our plant stalled production for the first part of 2015. however i must emphasize again that this is not a problem but rather with the administration. as one testimony noted qaeda failure to issue the rule in a timely manner that is consistent with the wall shouldn't be misconstrued as a sign of the program is broken. up until 2013 the program worked as intended to spur innovation and growth in the advanced and cellulosic biofuel space. so i look forward to hearing on

the past success of the program in how they can get back to those past successes. and i would say i'm particularly interested in the process and how the process can be amended. this isn't a hearing to talk about whether we should repeal or adjust that what we can do to make this program administered in a way that provides certainty. so thank you for showing up and thank you mr. chairman for the opportunity to offer a statement. >> at this time we will proceed with his epa acting administrator in the office of air and radiation which brings to serve the office of air and radiation deputy administrator. it's good to be able to see you again. in the tradition of the subcommittee that appeared for us would like to ask you to stand, raise your right hand. do you swear the testimony that you are about to get healthy the whole truth and nothing but the truth, so help you god? you may be seated.

let the record reflect to the witness answered in the affirmative. we will be using a timing system today. we would like you to stay as close as you can do five minute time period. we have received the statements for the record early on. you are welcome to build on that in order to reinforce and able to talk about entirely different things if you would like to altogether and we will have some questions as we have in the past and the subcommittee that you invited them in the house. the first round will be such questions is -- at the jennifer that there will be an open dialogue and we will have both interchange as well as with you and more open conversations, so we would like to oversee the testimony now. >> thank you ranking member and other members of the committee. i appreciate the opportunity to testify on the renewable fuel standard program and the bass and volume proposal. the clean air act requires the epa to publish annual standards before the different categories of renewable fuel for the total

against diesel and cellulosic. these apply to producers and importers of gasoline and diesel fuel. may 29 of the issued a proposal that would establish the standards that apply for years 2014 through 2016 and the volume of the biomass for 2017. we will finalize the standards by november 30 at which point we will have returned to the statutory timeline for issuing the renewable fuel standards. epa recognizes that the delay issuing the standards for 2014 and 2015 has led to uncertainty in the marketplace. this proposal establishes a path for ambitious responsible growth in biofuel and hopes to provide a certainty that the marketplace needs to allow these low carbon fuels to further develop. congress said annual standards for biofuel use that includes every year. also included in the tools tools don't have to wait a provision for the epa to use in the event event that it determined statutorily prescript volumes could not be met. the recently issued proposal

seeks to ensure that the growth of renewable fuel production continues consistent with congressional intent and he uses the authority in a judicious manner to establish ambitious but responsible and achievable standards. the proposal addresses three years worth of standards and with the volume required for the biomass diesel for a fourth year. for 2014 we are proposing the standards of levels that standard that levels that reflect the actual amount of the biofuel used mystically in 2014. for 2015 and 2016 for the diesel the proposed standards provide a steady increase over time. the proposed volumes reflect the consideration of the two essential factors. first but the market that the market can respond to ambitious target and second that there are limits to data the amount of the volumes that can be supplied to consumers. the increasing volumes that we have proposed being that it will remain an important part of the overall strategy to enhance energy security and address

climate change. we are optimistic about the future of biofuel and think our proposal proposal will put us on a pathway toward steady growth in the years to come as congress intended three of many stakeholders rightly want to know why the volume targets established in the statute cannot be reached. there are several reasons. celebrity and expected development of the cellulosic biofuel industry and the biofuel supply. the decline of the gasoline consumption rather than the growth projected in 2007 and constrains into playing certain biofuels to consumers. ethanol at greater than 10% of gasoline in particular the proposal includes a discussion of the last constraints known as the global. if it continues on average to trend downward or remained flat increasing the amount used will require significantly greater use of gasoline blends with higher ethanol content. the epa has taken steps to pave the way through the use of the fire level ethanol blend

including granting partial waivers for the use of of 15 and a certain light duty cars and trucks beginning with model year 2001. at the same time the epa recognizes that there are quotations in the market to increase the use of the fuels in the current near-term limits on the fueling infrastructure. the proposal aims to balance two dynamics. the congress clear intent to increase the use of renewable fuels over time to address the climate change and increase energy security and real-world circumstances such as the blend of the blind wall that has slowed progress towards such goals thus we are proposing standards but will still drive growth and renewable fuels as an ambitious but responsible eight. for 2016 we are proposing proposing is to incentivize growth. for example we proposed is that the total of renewable fuel for use humans by about 9% higher@ eight code gets co. advanced about 20% higher and bio diesel standards in 2017

about 17% higher than the actual 2014 volumes. we believe these volumes are achievable and consistent with congress clear intent to drive renewable fuel use us even as we use the authority that congress provided to the epa to manage the program responsibly. the epa has taken other steps to improve the administration of the rss program. we've improved transparency and efficiency of our petition review process for the new biofuel pathways that can count under the program and it's important to remember that the program is only one part of the overall picture. both have ways of looking at supporting the biofuel infrastructure and we look closely with them as we implement the statute. we will be holding a public hearing on june 25 in kansas city kansas and we look forward to hearing from all stakeholders during the public comment. second of july 27 and as i said we intend to finalize by november 30 of this year. again thank you for the

opportunity to serve as a physicist hearing and i look forward to your question into the discussion. >> thank you. the ranking member and i are going to be for our questions. you are recognized for the first question. >> thank you mr. cherry and ranking member for this wonderful discussion that we will be having this morning. i appreciate the opportunity and thank you for joining us today. i would like to start by saying thanks so much. we do know that you are working very hard in this area so i appreciate that. i appreciate the testimony and i believe personally this is not only an economic issue but of course a national security issue as well. this committee does have a history of working together across the aisle on security and good governance matters and i look forward to working with my colleagues on this important topic. clean and renewable energy is a topic that everyone in the united states can get behind.

and over the years they've proven successful at driving innovation and effective options for consumers at the pump. and as many of you may know iowa leads the nation in biofuel creation producing 3.8 billion gallons of clean burning ethanol and 230 million gallons of bio diesel and that is from the 2015 members. we are also the home to the two state-of-the-art cellulosic ethanol facilities with another coming into production later this year. additionally, we have retailers across the street that offer affordable ethanol and bio diesel blends to consumers. when passed by congress the original intent was to create consumer choice for clean fuel by spurring investment and research production and infrastructure