An executive order signed by President Joe Biden last week included the 90-day suspension of an order issued by his predecessor aimed at fortifying the nation's bulk power system against malicious cyberattacks by foreign adversaries.
The now-suspended directive — Executive Order 13920 — issued by former President Donald Trump in May 2020 had sparked concerns among energy sector utilities concerning a lack of clear guidance on equipment procurement, explained Tobias Whitney, vice president of energy security and solutions at Fortress Information Security LLC.
With security concerns about Chinese technology firms Huawei Technologies Co. Ltd. and ZTE Corp. on the rise, Trump's order prohibited federal agencies and U.S. entities from acquiring, transferring or installing bulk power system equipment that might pose an "unacceptable risk " to national security or public safety.
While that order has now been suspended for 90 days pending further review, Whitney expects Biden to maintain a strong focus on cybersecurity in the wake of a devastating Russia-perpetrated supply chain hack disclosed in December 2020.
That attack involved SolarWinds Corp. Orion software used by numerous federal agencies, including the National Nuclear Security Administration, an agency within the U.S. Department of Energy responsible for overseeing the nation's nuclear stockpile, and the Federal Energy Regulatory Commission. Experts also believe U.S. electric utilities that did not use the SolarWinds software at issue may still be vulnerable to so-called "side door" attacks orchestrated via third-party vendors who did use the software.
"The risk is that if any one of these major manufacturers or suppliers gets compromised like SolarWinds, the downstream effect could be quite substantial," Whitney said in a Jan. 26 interview.
Biden's order, signed Jan. 20, directs the DOE secretary and director of the White House's Office of Management and Budget to jointly consider whether to recommend a replacement order.
In comments to FERC concerning a notice of inquiry responding to Trump's order, some utilities argued that the federal government should shoulder more responsibility in identifying foreign suppliers that may pose a national security threat.
Whitney, a veteran of the North American Electric Reliability Corp., said companies like Fortress with supply chain expertise are also prepared to serve as a conduit for sharing such information.