The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

DOE Says It Will "Rip and Replace" Foreign Parts From Energy Infrastructure to Ensure Cybersecurity

image credit: ID 123864363 © Dave Bredeson | Dreamstime.com

The Department of Energy (DOE) is planning to implement a “rip and replace” strategy to ensure cybersecurity in bulk electric power systems. The strategy involves removing parts and products made in hostile foreign countries, like China and Russia, from energy infrastructure and replacing them with local substitutes. 

The Trump administration issued an executive order in May declaring purchase of parts or bulk power energy systems from such countries a national security threat. “We will be looking at identifying equipment, isolating it, monitoring it as appropriate, and where we find undue risk to the bulk power system, we will replace equipment as necessary,” Charles Kosak, Deputy Assistant Secretary for the Office of Electricity at Energy told online publication Washington Technology. 

Will It Make a Difference to the Overall Market?  

The order should not make a significant difference to the market for bulk electric power systems in America. Among the companies that the administration is directly targeting with this order is Chinese technology conglomerate Huawei and Russian anti-virus software company Kaspersky Labs. Both have already faced harsh action earlier. Kaspersky was banned for use within the Trump administration in 2017 and Huawei has been placed under a growing list of restrictions that make it difficult for American suppliers to export software and components to it. 

According to the administration, the latter company has links to the Chinese government and is being used by that country to steal corporate secrets and track dissidents. Huawei, which makes smart meters for utilities, has denied the charges. It does not have much of a presence in the American smart meter market, which is dominated by the likes of Itron and GE Energy.

Strange as it may sound, the one area where the Trump administration’s stance may make a difference is rural electric utilities. They do not have the budget or resources to make their systems secure against foreign interference or to protect themselves against hackers. The Energy Department will “better engage” with rural utilities to ensure security for their systems. Sean Plankey, assistant deputy secretary for the office of Cybersecurity, Energy Security and Emergency Response (CESER) explained that a “lot of times the IT guy is also the security guy is also the guy who might be mowing the front lawn.” The Energy Department will spend $6 million this year to bolster security apparatus at such utilities.

Rakesh  Sharma's picture

Thank Rakesh for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Richard Brooks's picture
Richard Brooks on Jun 4, 2020 4:54 pm GMT

I sincerely hope this statement is true: "The Energy Department will “better engage” with rural utilities to ensure security for their systems. Sean Plankey, assistant deputy secretary for the office of Cybersecurity, Energy Security and Emergency Response (CESER) explained that a “lot of times the IT guy is also the security guy is also the guy who might be mowing the front lawn.” The Energy Department will spend $6 million this year to bolster security apparatus at such utilities."

Smaller BES entities, and there are many of them, lack the cybersecurity expertise needed to protect themselves from harmful software. That's one of the reasons I developed SAG-PM; to provide smaller entities in a control area with low cost, high quality, best practice cybersecurity risk controls to protect themselves from harmful software, following NERC CIP-010-3 R1, Part 1.6, by 10/1/2020, the FERC Order 850 effective date for supply chain reliability standards.

Mark Silverstone's picture
Mark Silverstone on Jun 10, 2020 4:23 pm GMT

Part of the problem is to identify "hostile foreign countries".  Given the day to day volatility of US relations with any and all countries, who is to say that the next step won´t be to extend the “rip and replace” strategy to anyone who dares to have any trade relationship with Russia or China that the US considers threatening? Is the US to be the sole capricious arbiter of "hostility"?  At some point, as unthinkable as it may seem, it may be advantageous for some OECD countries to reduce the status of their US relationship.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »