President Trump Bans Acquisition of Foreign Power Grid Equipment due to Cybersecurity Threats

May 4, 2020

Due to increased cybersecurity threats, President Donald Trump signed an executive order banning U.S. power grid entities from buying and installing electrical equipment that has been manufactured outside the U.S.

According to the executive order, foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life. The bulk-power system, says the order, is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies.

In addition, the order says that the unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects.

As a result of this threat, President Trump ordered the following:

The Secretary, in consultation with the heads of other agencies as appropriate, may at the Secretary’s discretion design or negotiate measures to mitigate concerns identified under this order. The Secretary, in consultation with the heads of other agencies as appropriate, may establish and publish criteria for recognizing particular equipment and particular vendors in the bulk-power system electric equipment market as pre-qualified for future transactions; and may apply these criteria to establish and publish a list of pre-qualified equipment and vendors.
The Secretary is authorized to take such actions, including directing the timing and manner of the cessation of pending and future transactions prohibited pursuant to the order, adopting appropriate rules and regulations, and employing all other powers granted to the President by IEEPA as may be necessary to implement this order. The heads of all agencies, including the Board of Directors of the Tennessee Valley Authority, shall take all appropriate measures within their authority as appropriate and consistent with applicable law, to implement this order.
Within 150 days of the date of this order, the Secretary, in consultation with the Secretary of Defense, the Secretary of Homeland Security, the Director of National Intelligence, and, as appropriate, the heads of other agencies, shall publish rules or regulations implementing the authorities delegated to the Secretary by this order.
The Secretary may, consistent with applicable law, redelegate any of the authorities conferred on the Secretary pursuant to this section within the Department of Energy.
The Secretary, in consultation with the Secretary of Defense, the Secretary of the Interior, the Secretary of Homeland Security, the Director of National Intelligence, the Board of Directors of the Tennessee Valley Authority, and the heads of such other agencies as the Secretary considers appropriate, will:

identify bulk-power system electric equipment designed, developed, manufactured, or supplied, by foreign adversary that poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of the bulk-power system in the United States, poses an undue risk
develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable, taking into consideration overall risk to the bulk-power system.

A Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security (Task Force) will work to protect the Nation from national security threats through the coordination of Federal Government procurement of energy infrastructure and the sharing of risk information and risk management practices to inform such procurement. The Task Force will be chaired by the Secretary or the Secretary’s designee.

The Task Force will:

develop a recommended consistent set of energy infrastructure procurement policies and procedures for agencies, to the extent consistent with law, to ensure that national security considerations are fully integrated across the Federal Government, and submit such recommendations to the Federal Acquisition Regulatory Council (FAR Council).
evaluate the methods and criteria used to incorporate national security considerations into energy security and cybersecurity policymaking.
consult with the Electricity Subsector Coordinating Council and the Oil and Natural Gas Subsector Coordinating Council in developing recommendations and evaluation.
conduct any other studies, develop any other recommendations, and submit any such studies and recommendations to the President, as appropriate and as directed by the Secretary.
The Department of Energy will provide administrative support and funding for the Task Force, to the extent consistent with applicable law.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.