Critical Infrastructure Security

Trump cites cybersecurity concerns issuing order to protect power grid

President Trump declared a national emergency to protect the nation’s bulk-power infrastructure that stops the purchase or use of any equipment that involves a foreign adversary in any way.

The declaration was part of an Executive Order signed on May 1 that stated the federal government had found that foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system. Trump cited that having this equipment supplied by unfriendly nations poses an extraordinary threat to the nation’s national security.

“The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies,” the order stated.

A bulk-power system includes the facilities and control systems necessary for operating an interconnected electric energy transmission network and electric energy from generation facilities needed to maintain transmission reliability.

The Executive Order makes it illegal import, transfer or install any bulk-power system to anyone or entity to any property, subject to the jurisdiction of the United States.

Some of the elements that will looked at when procuring any piece of equipment are if the bulk-power system electric equipment was designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; if the design would enable sabotage or subversion of the nation’s bulk-power system by an enemy; or otherwise poses an unacceptable risk to the national security of the United States or its citizens.

Edgard Capdevielle, CEO, Nozomi Networks, said the order is a step in the right direction but does not go far enough to actually protect the country's critical infrastructure.

"Firstly, it ignores the largest problems in the electric cyber environments: lack of visibility in the networks and any nationally enforceable standards. Secondly, it is not immediately actionable.  The order does not name countries, or propose anything specific, it just enables a team to go look at this without clear advice if problems are found. And lastly, even if enforced and specifics were given, i.e. no new equipment from China or Russia in the grid, it does not address all the legacy infrastructure that has been and will be around for a very long time," he said.

The Secretary of Energy will be empowered to develop a set of criteria for recognizing particular equipment and vendors in this market as being pre-qualified for future transactions. Additionally, the government will search out equipment currently in use that may pose an unacceptable risk under this order and find ways to identify, isolate, monitor, or replace such items as soon as possible.

A task force will be created consisting of the heads of departments of Defense, Interior, Homeland Security, Commerce, National Intelligence and OMB to develop a set of energy infrastructure procurement policies and procedures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.