Will the Trump Administration Security Order Impact the Microgrid Suppy Chain?
Catching the energy industry by surprise, the Trump Administration’s Executive Order on Securing the United States Bulk-Power System could have far-reaching implications for the microgrid industry throughout the supply chain. Released on May 1, the executive order gives the federal government the ability to restrict US power companies from doing business with specified foreign actors in the name of cyber protection.
The administration’s announcement is similar in concept, and cites similar executive authority, to a 2019 executive order limiting communications equipment and suppliers from China — ostensibly due to national security concerns.
The order declares a national emergency and empowers the administration to create a list of companies and entities that US utilities and project developers are barred from doing business with, unless they receive specific approval.
The order is premised on the idea “that foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system,” and by limiting the purchase of equipment from ‘foreign adversaries’ some of those vulnerabilities might be mitigated or prevented entirely.
Cybersecurity is a concern, but…
There is no doubt that the energy industry needs to be concerned about cybersecurity. A recent report by Siemens surveyed the global utility sector and found that more than 56% of utilities had faced a cyberattack within the past year (and 4% had more than 10 such instances in the past year). There are a wide range of different cyber threats to utilities, from unsophisticated email phishing attacks to more nefarious actions by nation-states. In the same survey, 25% of respondents report being impacted by ‘mega attacks’ with a high level of sophistication and greater skill in finding weakened entry points within the complex utility networks.
Most of these cyberattacks are digital in nature or take advantage of human vulnerabilities, but it also demonstrates that malicious actors have the intent and aspiration to access utility systems for villainous purposes — and compromised hardware would certainly exacerbate those weaknesses.
But the order leaves the US energy industry with a number of unanswered questions.
Who qualifies as a foreign adversary?
For example, the order bans the “acquisition, importation, transfer, or installation” of generation and transmission equipment for the bulk power system that is ‘designed, manufactured, or supplied’ by companies that are based in a country considered a ‘foreign adversary’.
Who qualifies as a ‘foreign adversary’ is unclear, beyond the apparent targeting of China, a significant supplier of electrical equipment of all sizes and scales. Additional countries — or perhaps specific companies — could be added to a black list of vendors as well. Final discretion would be left to the Department of Energy.
The practical application of this order is also murky, with one section stating “where the transaction is initiated after the effective date of this order,” and in another noting “notwithstanding any contract entered into or any license or permit granted prior to the date of this order.” Which projects will be affected today and which might be affected retroactively — even if signed or fully deployed before the effective date — is not clear in the text of the order.
What is clear is that the Department of Energy will now be tasked with reviewing impacted transactions, and determining what if any harm to national security could result. The order lays out that actions are prohibited only where the DOE decides a transaction poses one of three risks described in the order, including to US national security.
The order also calls for identifying equipment that is already installed on the bulk power system and may pose a security threat and tasks DOE with determining recommendations to “identify, isolate, monitor, or replace” that equipment in the future.
In addition, the order appears to apply to projects built outside of the US which are developed by a US-based company and any person ‘subject to the jurisdiction of the United States.’
What transactions will come under scrutiny?
The broad language leaves lots of room for interpretation, and additional clarification and guidelines are to be expected from DOE in the future. The order additionally calls for the creation of an inter-agency task force to establish procurement best practices that could be shared with other segments of the energy industry in the future.
The energy industry supply chain is notoriously complex, with a myriad of original equipment manufacturers, subcontractors, hardware and software subassemblies, and other components of various origins integrated into a single deployment.
The sudden nature of the order has left a number of companies unsure if their current transactions — or even past installations — may come under scrutiny. And the general uncertainty and additional bureaucratic processes could have a negative impact on both pricing and deployment timelines across the microgrid industry. Limiting access to cheaper foreign suppliers of equipment and requiring lengthy approval processes could cause further deceleration in an industry already strained by the COVID-19 pandemic.
Matt Roberts is the director of strategic development and government affairs for Microgrid Knowledge. Learn about how government policy affects the microgrid industry during Microgrid Knowledge’s free virtual conference June 1-3. Join Matt for a discussion on ‘Microgrids in an Election Year,’ Monday, June 1. Register here free of charge.