In recent weeks Americans have been aghast and disgusted to see the dangerous extent to which we rely on China for the personal protective equipment so vital to healthcare workers.
Compounding this, we are also dependent on China for other critical medical supplies, including pharmaceuticals. Unfortunately, medical items are not the only life-threatening supply chain vulnerability we have.
The United States electric system has become increasingly dependent on foreign suppliers for essential items, including software components that can easily be cyberattacked. When the hardware or software of the electric grid malfunctions or is attacked, there are power outages and often related chaos.
The good news is that the United States has taken clear and compelling steps to address these security vulnerabilities, though years of follow through are also necessary.
On May 1, President Trump signed an executive order to protect the bulk-power system. This is the critical energy infrastructure that supports national defense, emergency services, critical infrastructure and the economy, those things which ensure the quality of modern life.
Even though the bulk-power system is integral to our well-being, large components of it, including control systems, transformers, and generators, are increasingly being manufactured overseas.
Especially disturbing is that 200 transformers, a pillar of the power grid, have come from China into the United States in the last 10 years, according to Charles Durant, deputy director of counterintelligence at the U.S. Department of Energy. Before then, none had entered the U.S.
The executive order says, “The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system present significant risks to our economy, human health and safety.”
Moody’s, the credit rating agency, endorsed the executive order in a May 6 report saying it is “a credit positive for US electric utilities because it addresses some of the cybersecurity risks that relate to the supply chain. The executive order also raises corporate governance priorities around cybersecurity defenses and promotes needed investments in cybersecurity preparedness.”
The crux of the order is to require a rigorous review of suppliers and the development of a pre-qualified vendor list. In addition, now prohibited equipment already in use is to be identified, isolated, monitored and, if necessary, replaced.
This will also provide a stimulus for the U.S. economy.
According to the U.S. Department of Energy, the United States spends $144 billion annually on electricity generation, transmission and distribution infrastructure. This may rise significantly. Much of the power grid, including plants and transmission lines, is decades older and in need of modernization.
There are also significant opportunities to sell power grid items abroad.
Today there is an aggressive push to make the grid smarter, using software and technology to handle functions like equipment monitoring so that components can be replaced before they break. Many consumers also want to adjust their electricity use remotely.
These and other factors show the need for infrastructure investments while significantly reducing the likelihood that the software will be hacked by an adversary or embedded for future mischief.
The Executive Order, though, is a beginning and not an end in protecting America’s electric grid. Rules are to be issued in September.
The administrative and political follow-through will remain important for years ahead and should be supported across the political spectrum.