3rd Party Risk Management , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Executive Order's Focus: Protecting Power Grid Supply Chain

Trump Bans Use of Foreign Equipment That Poses 'National Security Threat'
Executive Order's Focus: Protecting Power Grid Supply Chain

Declaring that threats to the United States’ power grid are a national emergency, President Donald Trump is taking steps designed to help defend the grid from foreign interference by focusing on the supply chain.

See Also: OnDemand | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

In an executive order issued Friday, the president banned the use of certain equipment for the power grid that’s manufactured by a company under the control of a foreign adversary, or the buying of any equipment that poses a national security threat.

The order doesn’t name any countries or companies. But it notes that the term "foreign adversary" means "any foreign government or foreign non-government person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or its allies or the security and safety of United States persons."

Back in 2018, the U.S. Cybersecurity and Infrastructure Security Agency warned about threats to the grid from Russia-sponsored hackers.

Cybersecurity Concerns

Trump's executive order cites concerns about nation-state hackers attempting to insert vulnerabilities into the equipment they sell to U.S. electrical and power firms or exploiting flaws in that gear as part of an attack.

"The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies," the executive order states.

The president’s order also authorizes the Energy secretary to identify foreign-made equipment that is already installed in various power and electrical utilities and develop recommendations to monitor and eventually replace that gear.

In addition, the order calls for creation of a task force to coordinate how the federal government buys power and electrical infrastructure equipment and share risk management practices and information about these procurements to help create better intelligence and security plans.

More Action Needed

While the president’s executive order will help to secure the power grid supply chain, more needs to be done to get power companies to improve their own security, says Tom Kellermann, the head of cybersecurity strategy at VMware. He served as a cybersecurity adviser to the Obama administration.

"It represents a step in the right direction to secure the supply chain,” he says. “However, the executive order must direct the sector to improve their cybersecurity immediately as it is inadequately protected from cyberattacks," Kellermann tells Information Security Media Group.

The president’s order comes more than 13 months after reports surfaced that unidentified intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, causing a brief communication disruption between remote sites and the utility's main control center (see: Hackers Attempted DDoS Attack Against Utility: Report)

Congressional Action

Congress is also paying closer attention to vulnerabilities in the U.S. power grid. In 2019, the Senate and House included a provision called the Securing Energy Infrastructure Act into the 2020 National Defense Authorization Act, which Trump signed into law. The measure includes a two-year pilot program within the U.S. Energy Department's National Laboratory to identify vulnerabilities within the grid (see: Electrical Grid Cybersecurity Measure Advances)

Security researchers have also noted an increase in activity by some threat groups to gather intelligence and conduct reconnaissance of the U.S. power grid as well as other countries' grid infrastructure. Actual attacks against power and electric utilities, however, remain relatively rare (see: Hackers Increasingly Probe North American Power Grid)

Regulators’ Reactions

In a statement, the U.S. Department of Energy welcomed the executive order.

"This executive order will greatly diminish the ability of foreign adversaries to target our critical electric infrastructure," Energy Secretary Dan Brouillette says.

On Twitter, Neil Chatterjee, the chairman of the Federal Energy Regulatory Commission, which regulates the interstate transmission of electricity, called Trump’s order a necessary step that will enhance the security of the U.S. power grid.

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.