Executive Order Seeks to Protect U.S. Electricity System
While it may sound like something out of a James Bond movie, the specter of cyberattacks on the U.S. electrical grid is a reality. It was discovered that the hacking group Xenotime, who created the infamous Triton malware (which executed smaller attacks on critical infrastructures, such as the industrial control systems used in power plants) had attempted to bring down the U.S. power grid in 2019.
In 2016, the Wall Street Journal reported that a state-sponsored Russian group tried to hack American utilities via the compromised email account of a contractor.
The Side of Caution
To reduce the risks posed by foreign adversaries seeking to compromise the American energy infrastructure, on May 1, President Donald Trump signed an executive order that will protect the U.S. electricity system from cyber and other attacks in a move that could eventually put barriers on some imports from China and Russia.
According to the president, the threat to the U.S. power system represents a threat to national security, which allows the government to put in place measures such as the creation of a task force on procurement policies for energy infrastructure.
A senior DOE (Department of Energy) official maintained that the order was not directed at any new or concrete threat, but was the result of a process to bolster the power system.
Trump’s order allows the Secretary of Energy to prohibit acquisition, importation, transfer, or installation of power equipment from an adversary that they determine poses a risk of sabotage to the U.S. power system.
Trade Partners and Adversaries?
“Additional steps are required to protect the security, integrity, and reliability of bulk-power system electric equipment used in the United States,” Trump asserted in the executive order. “In light of these findings, I hereby declare a national emergency concerning the threat to the United States bulk-power system.”
The order also established a task force to protect the U.S. power grid from attacks, as well as sharing risk management information to prevent interference. Members of the task force include the secretaries of Commerce, Defense, and Homeland Security, as well as the Director of National Intelligence.
“A successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies,” Trump wrote in the order.
The bulk power system is vital to the country’s energy security, supporting national defense, emergency services, critical infrastructure, and the economy. It encompasses the facilities and control systems necessary for operating an interconnected electric energy transmission network and electric energy from generation facilities needed to maintain transmission reliability.
While Trump’s order does not point the finger at specific countries, the 2019 Worldwide Threat Assessment issued by then-U.S. Director of National Intelligence Dan Coats said that China, Russia, and other nations were using cyber techniques to spy on U.S. infrastructure.
A Very Real Potential for Harm
“It is imperative the bulk-power system be secured against exploitation and attacks by foreign threats,” said Energy Secretary Dan Brouillette. “This Executive Order will greatly diminish the ability of foreign adversaries to target our critical electric infrastructure.”
According to Daily Energy Insider, each year the federal government invests in a range of energy infrastructure components, but current government procurement rules often result in contracts being awarded to the lowest-cost bids. This is seen as a vulnerability that can be exploited by those with malicious intent. Evolving threats facing critical infrastructure highlight the supply chain risks faced by all sectors, including energy.
The executive order seeks to ensure the availability of secure components from American companies and other trusted sources. It prohibits federal agencies or individuals from acquiring, transferring, or installing equipment in which any foreign country or foreign national has any interest and the transaction poses an unacceptable risk to national security or the security and safety of American citizens.