Trump Executive Order on Securing the Bulk Power Grid Halts…and Catches Fire

On May 1 of 2020, former President Trump signed Executive Order (EO) 13920 declaring a national emergency related to the physical and cybersecurity of the US bulk power grid, asserting that certain equipment, components, software, and control systems could pose a threat based on national security, based on the potentially malign intent of specific foreign actors/suppliers seeking to destroy critical electrical infrastructure. EO 13920 blocked the installation of bulk-power system equipment or systems specifically "designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary."

After President Biden’s inauguration in January, his administration suspended President Trump's Executive Order for 90 days. But fast forward to April 20, 2021, when the new Administration’s Department of Energy (DOE) and the Cybersecurity and Infrastructure Security Agency (CISA) followed up, reinstating the order, and announced a “100-day plan” to address what it similarly calls persistent and sophisticated threats to the nation's electric grid, and calling for a voluntary industry effort to deploy relevant technologies to secure affected industrial control system and operational technologies.

The agency has also issued a new Request for Information (RFI) seeking recommendations for securing U.S. energy system supply chains, “Ensuring the Continued Security of the United States Critical Electric Infrastructure.” According to DOE, the RFI is part of a larger coordinated effort, including the recent “America’s Supply Chains” Executive Order 14017, to develop a strengthened and effective strategy to address the security of the U.S. energy sector. DOE said the goal of the RFI is to gain “information from electric utilities, academia, research laboratories, government agencies, and other stakeholders on various aspects of the electric infrastructure to ensure that the Department’s recommendations for a replacement executive order appropriately balance national security, economic, and administrability considerations.”

The Edison Electric Institute (EEI), representing investor-owned utilities, responded in a statement expressing support for this public-private initiative with government partners including the DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

In the meantime, DOE said it will use comments from the RFI to "evaluate new executive actions to further secure the nation's critical infrastructure against malicious cyber activity and strengthen the domestic manufacturing base."

The threat is real, as is the vulnerability, especially in certain key areas. As I noted a year ago in Energy Central, unprotected and unmanned open-air substations are subject to criminal physical attack, to say nothing of flooding, hurricanes, tornadoes, and lighting strikes presenting more, perhaps larger threats. But above all, this country has an inherent vulnerability in its tiny stock of large power transformers (LPTs), without which our electrical system simply will not work.

In the summer of 2018, POWER magazine noted that the average life of a large power transformer was 35 years, and it takes a lot of labor to decommission and remove one transformer and replace it with another. So, even under ordinary circumstances, given that many transformers in use today were installed within a relatively small period decades ago, we are now facing a potential “wall of failures.” In addition, these transformers are enormously costly, with long lead times to procure, such that no utility has a lot of spares sitting around waiting to be installed. Today, delivery times for new LPT’s can range from several months to more than a year, and there is little standardization, which means that even available spares may not be suitable depending on the voltage ranges required. The largest among them—345 kV and above—cost tens of millions of dollars, can weigh hundreds of tons, and can take two years or more to build. And only a handful of companies manufacture them, mostly overseas, including China. Even Germany’s Siemens and Switzerland’s ABB either manufacture LPTs in China, or source many vital materials and components for them from China.

In conjunction with the order reinstatement and RFI, In U.S. Energy Secretary Jennifer Granholm remarked: “The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses … It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures, so Americans car rely on a resilient, secure, and clean energy system.”

As expected, Republican members of the House Science, Space, and Technology Committee joined in, sending letters to the Department of Energy and Office of Management and Budget, requesting information about the Biden Administration’s plans to secure the bulk-power system. Among other things, the letters stated, “Threats to our nation’s electric grid and bulk-power system, including from foreign adversaries, not only persist but continue to evolve,” the letters note. “The recent SolarWinds breach, for example, reinforces the urgency of securing our critical infrastructure from cyberattacks. The catastrophic February 2021 winter storm that struck Texas and the Midwest illustrates the tragic consequences of disruption of our electric grid.”

At the same time, CPO Magazine opines “There is a great deal of ambiguity in the new order and the proposed process: “At the moment, the initial 100-day plan is shaping up to be a confusing period for vendors who are now hearing that they need to protect private networks from advanced nation-state threats but have yet to receive precise details as to how to do that.”

Moreover, it’s not clear how this new process and the outcome of the RFI will affect the Administration’s plans for expanding the already-overtaxed grid to accommodate new sources of generation, in particular offshore wind and terrestrial utility-scale solar. But for sure it will burden utilities, RTOs/ISOs, OEM supply chains, and ultimately, ratepayers who will likely bear the cost. And it will no doubt affect—and likely help worsen—our already tenuous, and in recent days even hostile, relationship with China.