President Trump May 1 issued an executive order concerning cyber security and the U.S. bulk electric supply system, which has gotten little attention in the general media. The order, published in the May 4 Federal Register, found that “foreign adversaries are increasingly creating and exploring vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, and way of life.”
The order forbids utility companies from “acquisition, importation, transfer, or installation” of gear from any “foreign adversary.” The order is broad. It applies to transmission substations, power generating stations, and covers capacitors, transformers, reactors, relay gear and meters, turbines, and virtually any aspect of the electric generating and supply system.
The order gives Dan Brouillette, the current Secretary of Energy, the implementation of the order. A source who wishes to remain anonymous told The Quad Report, “This is a DOE initiative, designed to appeal to Trump’s current anti-China agenda and grab more power to the DOE.”
In a written comment, lawyer Keith Martin of the D.C. law firm of Norton Rose Fulbright said that the order is “broadly written” and raises the question “who are the foreign adversaries. The order seems directed at China. Russia, North Korea and Iran are not large suppliers of equipment for the US power sector.”
PV Magazine characterized the order as “mysterious,” noting that it isn’t clear if it applies to solar, wind, and energy storage. The article quotes the Martin analysis that it “leaves more questions than it answers.”
On Wednesday, Moody’s Investors Service commented that the Trump order will “benefit” electric utilities and is “credit positive” as it “addresses some of the cybersecurity risks that relate to the supply chain,” adding, “The executive order also raises corporate governance prioritis around cybersecurity defenses and promotes needed investments in cybersecurity preparedness.”
Moody’s said the order addresses issues it raised in a November 2019 report. The credit rating agency then “highlighted the wide variance in cybersecurity practices between suppliers which exposes utility operations and networks to indirect threats that utilities cannot monitor or prevent.”
–Kennedy Maize