President Joe Biden this week formally lifted a ban on the use of Chinese electrical equipment for power supply units at U.S. defense facilities, but upheld former President Trump’s executive order to strengthen security for high-capacity electrical equipment.
Two orders a go and a stay Biden how to review the security of Chinese communist equipment issues are concerned
U.S. President Joe Biden took office on Jan. 20 after revoking or suspending a series of executive orders by former President Donald Trump. One of those frozen for 90 days was Executive Order 13920, issued May 1 last year to secure the U.S. bulk power system, which tasked the U.S. government with identifying security risks in the bulk power system and monitoring or replacing equipment sourced from untrusted foreign suppliers.
Executive Order 13920 states that foreign adversaries of the United States are creating and exploiting weaknesses in the U.S. electric system and that the electric grid is being targeted for malicious acts against the United States and the American people. Although the executive order does not directly identify the “untrustworthy” supplier country, but under the guidance of the executive order, the U.S. Department of Energy in December last year issued a “prohibition order” (prohibition order), expressly prohibit for Critical defense facilities to provide 69 kilovolts or more of electrical services agencies from mainland China to purchase, import, transfer or install high-capacity power system equipment.
After 90 days of consideration, the U.S. Department of Energy announced this week (April 20) that it was reinstating Executive Order 13920, but decided to rescind the prohibition order issued in December regarding the banning of Chinese power facilities.
In Executive Order 13920, Trump declared the threat to the U.S. bulk power system to be a “national emergency. In a newly released explanatory document, the Department of Energy said the emergency was set to expire on May 1 of this year, and the ban was lifted to “create a stable policy environment” before it expired.
In addition, the DOE issued a Request for Information (RFI) to electric utilities, the energy sector, academia, research institutions and other sectors to “develop an enhanced and manageable strategy to address security issues in the U.S. energy sector” through a call for input.
Fortress Information Security of California participated in this call for input from the U.S. Department of Energy. Tobias Whitney, vice president of the company’s Energy Security Solutions division and a 20-year veteran of the regulatory governance industry in the power sector, said the ban on Chinese products for critical defense equipment caught the U.S. power industry off guard, and that the ban left them feeling “too much, too soon” ( too much, too soon).
Whitney told VOA, “It doesn’t give the industry enough time to react to how they’re going to respond to suppliers and (understand) what it means to have partnerships with organizations and technology companies that are tied to the Chinese Communist Party. …… There’s a lot of discussion about how to determine whether or not a supplier will ultimately be allowed to support critical defense facilities. allowed to support critical defense facilities, and really no details were given.”
Future bans on mainland China-made equipment still possible
Although the ban on Chinese power products at key U.S. defense facilities was lifted, that doesn’t mean that Chinese power equipment companies that desire the U.S. market can rest easy from now on. Biden’s “affirmation” of Trump’s Executive Order 13920 on the threat of “foreign adversaries” to U.S. critical infrastructure is intriguing to many analysts.
According to Paul F. Steidler, a logistics and energy expert and senior fellow at the Lexington Institute, a public policy think tank, the Biden administration clearly recognizes that the Chinese Communist Party poses a serious threat to the U.S. power grid, both in terms of hacking networks and the potential for dangerous products to be inserted into the the power system as a hardware threat.
The Biden administration wants to get more input from the utilities and the public before it can move forward with a specific and broad ban on foreign equipment,” Stadler told Voice of America. Given the complexity of the electric grid, and the complexity of our relationship with China, this is understandable and will allow the right policies to be adopted early and not be forced to be rescinded at a later date by premature adoption.”
Until the Biden administration clarifies the procurement requirements for electric utilities, the U.S. power procurement sector remains cautious about whether to purchase and install Chinese equipment. The U.S. Department of Energy’s latest answer to this question is: “The increasing prevalence of critical power system equipment procured from mainland China poses a significant threat to U.S. critical infrastructure. Therefore, while developing further recommendations, DOE expects utilities to take action to minimize the risk of installing electrical equipment and programmable components that are owned, controlled, or influenced by foreign adversaries in the United States.”
Stadler said, “In any event, it is critical that dangerous or potentially dangerous products from mainland China and other adversary countries not enter the U.S. electric system.”
Tear down the old for the new, or step up monitoring?
The last thing Chinese power equipment companies want is to be completely blocked from the U.S. market, like telecom companies Huawei and ZTE. If characterized as “untrustworthy,” equipment and components already installed in the U.S. power system could also be “rip and replace” like Huawei products in the U.S. telecommunications network.
Most industries, including the power industry, do not want to adopt the ‘rip and replace’ approach, which is the last path most companies want to take,” said Whitney, vice president of Fortress Information Security. But that’s not to say this route is completely impossible.”
Nor does the U.S. Department of Energy want to take that route, he said.
Analysis suggests the U.S. government will take a more targeted approach to how it excludes risky components from the grid. Frank Cilluffo, a U.S. expert on homeland security issues and director of the Institute for Cyber and Critical Infrastructure Security at Auburn University, said maintaining the security of the electric system starts with increasing the visibility of cybersecurity hazards.
You need to know yourself before you can know your enemy,” Cilluffo told Voice of America. In fact, we need to understand our various supply chains, which sounds easy in theory, but is quite difficult in practice.”
Shiluf referred to the Department of Energy’s new “Network Testing of Industrial Control Systems for Affordability” (CyTRICS) program, which was established in recent years. This program relies on the state-of-the-art intelligent analysis capabilities of the DOE’s four national laboratories to test the security of software and firmware in the energy sector.
I know that what DOE is doing now, in the larger context of supply chain-related work, is addressing the problem of undetectable security weaknesses (in systems) …… (CyTRICS) program fits with the previous executive order and remains steadily ongoing at DOE,” he said. Rather than simply whitelisting and blacklisting entities, it provides regular diagnosis and testing of vulnerabilities throughout the system.”
Separately, the DOE this week launched a 100-day initiative to strengthen cybersecurity of electric utility industrial control systems (ICS) and secure the energy sector supply chain amid a backdrop of increasing cyberattacks on the U.S. by China, Russia and other countries in recent years. DOE’s Office of Cybersecurity, Energy Security and Emergency Response (CESER) is working with electric utilities to enhance the technical and system capabilities of their industrial control systems for cybersecurity visibility, detection and response.
A smarter way to “decouple”
While some analysts believe that the Biden administration’s focus on supply chain security in the technology sector confirms the broader trend of “decoupling” between the U.S. and China in the technology sector, in this grid security review decision, Biden is giving Chinese companies a “free pass” by overturning his predecessor’s ban while leaving The decision to let Chinese companies “off the hook” and overturn the previous ban, while leaving a hand in reminding them to be cautious about installing power technology products made by U.S. rivals, signals that the decoupling will unfold in a more gradual manner.
Whitney, vice president of Fortress Information Security, said: “The real question is, what systems are in the grid? What components are those systems made up of? Which components could be compromised and thus affect the operation of those systems? What security controls are necessary to reduce specific risks to specific systems and products in the grid? I think this may be a more specific challenge that we have faced for many years.”
Justin Sherman, a fellow with the Cyber Governance Program at the Atlantic Council, told Voice of America that Chinese-made equipment in the U.S. bulk power system is one of the areas where it would be worthwhile for the U.S. government to adjust its policies to troubleshoot and prevent potential cybersecurity risks.
He said, “The question has always been how to establish and sustain that process and in what broader areas the Biden administration decides to adopt some sort of ‘decoupling’ or security clearance measures, while recognizing the reality of the overall interconnectedness and interdependence of U.S. and Chinese technology.”
Recent Comments