Part of Grid Network »

The Grid Professionals Group covers electric current from its transmission step down to each customer's home. 

David Gaier's picture
Owner David Gaier PR

David Gaier is a communications professional, former spokesman for NRG Energy and PSEG Long Island, and consultant to energy advisory agencies. His 30+-year career includes crisis communications...

  • Member since 2019
  • 39 items added with 17,003 views

Post

Trump Executive Order on Securing the Bulk Power Grid Halts…and Catches Fire

image credit: Purchased Stock

On May 1 of 2020, former President Trump signed Executive Order (EO) 13920 declaring a national emergency related to the physical and cybersecurity of the US bulk power grid, asserting that certain equipment, components, software, and control systems could pose a threat based on national security, based on the potentially malign intent of specific foreign actors/suppliers seeking to destroy critical electrical infrastructure. EO 13920 blocked the installation of bulk-power system equipment or systems specifically "designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary."

After President Biden’s inauguration in January, his administration suspended President Trump's Executive Order for 90 days. But fast forward to April 20, 2021, when the new Administration’s Department of Energy (DOE) and the Cybersecurity and Infrastructure Security Agency (CISA) followed up, reinstating the order, and announced a “100-day plan” to address what it similarly calls persistent and sophisticated threats to the nation's electric grid, and calling for a voluntary industry effort to deploy relevant technologies to secure affected industrial control system and operational technologies.

The agency has also issued a new Request for Information (RFI) seeking recommendations for securing U.S. energy system supply chains, “Ensuring the Continued Security of the United States Critical Electric Infrastructure.” According to DOE, the RFI is part of a larger coordinated effort, including the recent “America’s Supply Chains” Executive Order 14017, to develop a strengthened and effective strategy to address the security of the U.S. energy sector. DOE said the goal of the RFI is to gain “information from electric utilities, academia, research laboratories, government agencies, and other stakeholders on various aspects of the electric infrastructure to ensure that the Department’s recommendations for a replacement executive order appropriately balance national security, economic, and administrability considerations.”

The Edison Electric Institute (EEI), representing investor-owned utilities, responded in a statement expressing support for this public-private initiative with government partners including the DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

In the meantime, DOE said it will use comments from the RFI to "evaluate new executive actions to further secure the nation's critical infrastructure against malicious cyber activity and strengthen the domestic manufacturing base."

The threat is real, as is the vulnerability, especially in certain key areas. As I noted a year ago in Energy Central, unprotected and unmanned open-air substations are subject to criminal physical attack, to say nothing of flooding, hurricanes, tornadoes, and lighting strikes presenting more, perhaps larger threats. But above all, this country has an inherent vulnerability in its tiny stock of large power transformers (LPTs), without which our electrical system simply will not work.

In the summer of 2018, POWER magazine noted that the average life of a large power transformer was 35 years, and it takes a lot of labor to decommission and remove one transformer and replace it with another. So, even under ordinary circumstances, given that many transformers in use today were installed within a relatively small period decades ago, we are now facing a potential “wall of failures.” In addition, these transformers are enormously costly, with long lead times to procure, such that no utility has a lot of spares sitting around waiting to be installed. Today, delivery times for new LPT’s can range from several months to more than a year, and there is little standardization, which means that even available spares may not be suitable depending on the voltage ranges required. The largest among them—345 kV and above—cost tens of millions of dollars, can weigh hundreds of tons, and can take two years or more to build. And only a handful of companies manufacture them, mostly overseas, including China. Even Germany’s Siemens and Switzerland’s ABB either manufacture LPTs in China, or source many vital materials and components for them from China.

In conjunction with the order reinstatement and RFI, In U.S. Energy Secretary Jennifer Granholm remarked: “The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses … It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures, so Americans car rely on a resilient, secure, and clean energy system.”

As expected, Republican members of the House Science, Space, and Technology Committee joined in, sending letters to the Department of Energy and Office of Management and Budget, requesting information about the Biden Administration’s plans to secure the bulk-power system. Among other things, the letters stated, “Threats to our nation’s electric grid and bulk-power system, including from foreign adversaries, not only persist but continue to evolve,” the letters note. “The recent SolarWinds breach, for example, reinforces the urgency of securing our critical infrastructure from cyberattacks. The catastrophic February 2021 winter storm that struck Texas and the Midwest illustrates the tragic consequences of disruption of our electric grid.”

At the same time, CPO Magazine opines “There is a great deal of ambiguity in the new order and the proposed process: “At the moment, the initial 100-day plan is shaping up to be a confusing period for vendors who are now hearing that they need to protect private networks from advanced nation-state threats but have yet to receive precise details as to how to do that.”

Moreover, it’s not clear how this new process and the outcome of the RFI will affect the Administration’s plans for expanding the already-overtaxed grid to accommodate new sources of generation, in particular offshore wind and terrestrial utility-scale solar. But for sure it will burden utilities, RTOs/ISOs, OEM supply chains, and ultimately, ratepayers who will likely bear the cost. And it will no doubt affect—and likely help worsen—our already tenuous, and in recent days even hostile, relationship with China.  

David Gaier's picture
Thank David for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Discussions

Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on Apr 28, 2021

“There is a great deal of ambiguity in the new order and the proposed process: “At the moment, the initial 100-day plan is shaping up to be a confusing period for vendors who are now hearing that they need to protect private networks from advanced nation-state threats but have yet to receive precise details as to how to do that.”

A good reminder that as much as a new administration wants to hit the ground running-- sprinting, even-- there are some challenges with that strategy. 

Linda Stevens's picture
Linda Stevens on May 1, 2021

It is clearly in the interest of the utility to harden their infrastructure in the long term but they continue to delay. They have known for at least 20 years that they were vulnerable. One reason we regulate utilities is to ensure that the best interest of society is primary. This is another reason not to deregulate as Texas has done.

While Russia and China map our utility infrastructure networks, we need to hardening and securing them. This issue is not about vendors or administrations. It is about our fundamental security and until we acknowledge it, utilities will continue to pay dividends instead of modernizing and securing their infrastructure. 

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »