President Trump declared a national emergency on May 1, 2020. It was based on cybersecurity threats to our bulk power system – certain grid components that could be compromised – by bad actors looking to bring down our critical grid infrastructure.
In his Executive Order, a laundry list of potentially affected equipment was listed, including electrical reactors (inductors), capacitors, substation transformers, current coupling capacitors, large generators, backup generators, substation voltage regulators, shunt capacitor equipment, automatic circuit reclosers, instrument transformers, coupling capacity voltage transformers, protective relaying, metering equipment, high voltage circuit breakers, generation turbines, industrial control systems, distributed control systems, and safety instrumented systems.
The task force to carry out the Executive Oder will be headed by the Secretary of Energy, Dan Brouillette. They will have until September 28, 2020 to develop a plan and a list of “approved” and “disapproved” vendors. The “approved” vendors will be used for future purchases as well as the removal of equipment that is currently in use on the grid.
According to Jim Cunningham, Executive Director of Protect our Power, an advisory panel focused on strengthening the nation’s electrical power grid, the order is a great first step in locking down the security of our national grid. Cunningham said they could model it after a protocol already in place for the Department of Defense, which puts the onus of responsibility for a secure product with the supplier, or in this case the “approved” vendor. “So, if I am buying a widget from a certain manufacturer, the liability of the integrity of it lies with the final supplier,” he said in an interview. He explained that if the product contains chips and if they come from, say China, the responsibility for ensuring that those chips are safe, would fall on the manufacturer. “We are not saying confine yourself to traditional forms of power, but as you branch out into different forms of power, pay attention to the components and where they are coming from and the integrity of those products,” he added.
Protect our Power is currently working with Ridge Global on a supply chain report that will examine the controls that are in place now for maintaining a secure supply chain.
“We are trying to bring together the sellers, the buyers and the regulators into a collaborative to discuss the protocol that could be put in place as quickly as possible that the industry would follow both at the bulk level and at the retail level,” said Cunningham. He added that while it seems ambitious, he’s hoping to have those recommendations out by the end of the year.
Cunningham said, “The pandemic brought this on loud and clear — you need a reliable supply chain. It is a global market, it is a global economy, but you have to trust your suppliers. If that means making some or more of it in the U.S., then that’s good… And if it means that our allies will be beneficiaries of this type of a policy, then that’s good too,” he added.
Since most of the electricity sector is privately owned, having a list of approved vendors could be very helpful when sourcing components for a project – cybersecurity is not always considered when awarding an RFP based on the lowest bidder. Looking down the entire supply chain is quite complex and going all the way down to the chip level will present a challenge. Because, sometimes, you have to go to first tier, then to second tier, and on to the third tier supplier, and at some point, it could be out of your hands, unless it is 100% – made in the USA.
While some might believe the order is politically motivated, electrical industry experts say NO, this issue has been building for years and supply chain security has been a major topic at Electrical Industry conferences over the past few years.
es to collect industry insight and commentary related to the new order. If you have a tip, comment, or expertise in this area, feel free to contact Jennifer Runyon.