Is Grid Supply Chain Cybersecurity Being Surrendered to China?
On January 20, 2021 President Biden signed Executive Order 13990 entitled: “Executive Order on Protecting Public Health and the Environment and Restoring Science to Tackle the Climate Crisis.” Buried deep in the 7 page wide ranging order is this provision:
(c) Executive Order 13920 of May 1, 2020 (Securing the United States Bulk-Power System), is hereby suspended for 90 days. The Secretary of Energy and the Director of OMB shall jointly consider whether to recommend that a replacement order be issued.
Presidential Executive Order 13920 was issued to address the electric grid Supply Chain Cybersecurity threat.
Is There An Electric Grid Supply Chain Cybersecurity Threat?
There sure is.
On May 27, 2020 the Wall Street Journal reported that a Chinese built transformer was seized by the government and diverted by the federal government from its intended destination (the electric grid that feeds Denver, Colorado) to Sandia National Laboratories. Control Systems Cybersecurity Expert, Joseph M. Weiss noted that Executive Order 13920 was issued in response to real nation-state supply chain cybersecurity threats to the US grid:
“Government and public utility procurement rules often push organizations into buying equipment due to price and without regard to origin or risk. In this case, it resulted in a utility having to procure a very large bulk transmission transformer from China. When the Chinese transformer was delivered to a US utility, the site acceptance testing identified electronics that should NOT have been part of the transformer – hardware backdoors. That transformer now resides at a government installation.”
The wide ranging SolarWinds supply chain cybersecurity attack by Russia can also impact grid security as Mr. Wiess reported in his article: “The SolarWinds hack can directly affect control systems.”
Although there is a federal agency that is supposed to protect the grid, the Federal Energy Regulatory Commission (FERC), we have seen that on the supply chain cybersecurity issue, FERC has bowed to electric utility industry pressure. When confronted with facts, FERC cuts and pastes the industry party line that all is well. Time and time again, FERC sides with the industry that no action on grid security is needed. In fact, on the issue of the security of the electric grid in general, FERC has laid down on the job. This is what necessitated Presidential Executive Order 13920 in the first place.
Is China Already Embedded in the U.S. Electric Grid?
By the way: One of the electric utility industry’s main lobbyist has members controlled by the People’s Republic of China. What could possibly go wrong?
Moreover, in July of 2018, Director of National Intelligence Dan Coats noted:
“Every day, foreign actors — the worst offenders being Russia, China, Iran and North Korea — are penetrating our digital infrastructure and conducting a range of cyber intrusions and attacks against targets in the United States. The targets range from U.S. businesses to the federal government (including our military), to state and local governments, to academic and financial institutions and elements of our critical infrastructure — just to name a few.”
So why in January of 2021, after numerous Chinese and Russian supply chain cybersecurity attacks would we stand down on supply chain cybersecurity measures? Why in an executive order entitled: “Executive Order on Protecting Public Health and the Environment and Restoring Science to Tackle the Climate Crisis” do we find that a previous Executive Order targeting Chinese and Russian supply chain cybersecurity attacks on the electric grid is “suspended”?
Perhaps the answer lies in the words “Climate Crisis.” Combating the climate crisis is now, as it should be, a priority of our government. But why would we “suspend” an executive order (aimed at China and Russia) addressing the growing supply chain cybersecurity threat in the name of “climate crisis”?
I hope the plan is not to trade our national security for future cooperation in fighting the climate crisis. If there is is a successful attack on the electric grid, U.S. greenhouse gas emissions will plummet – along with the living U.S. population!
And if you consider the catastrophic environmental impact of the U.S. electric grid going down – nuclear reactors and spent fuel pools, chemical plants, refineries, wastewater systems – it is apparent that the protection of the electric grid is critical to protecting the environment and our people.
Trading our national security for future climate change cooperation of the Russians and the Chinese does not sound like a good plan to me.
Top photo credit: Port of Houston. (Photo of the seized Chinese transformer in June 2019.)