On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the grid as the primary driver. In my opinion, perhaps more interesting is the inherent ties to the NERC standards, namely CIP-010 R4 and CIP-013 that the order makes.

It goes on to say that the acquisition of equipment designed, developed, manufactured or even supplied by organizations owned controlled or even affected by the jurisdiction of foreign adversaries presents risk that could result in catastrophic events.

If that doesn’t scream “Supply Chain Risk Management,” I don’t know what does. By declaring a national emergency on the topic, Trump prohibits the acquisition, importation transfer or installation of any equipment where a foreign adversary country or national has any interest.

I’ll take some liberty to succinctly summarize the order here.

The first section specifies that bulk-power electric equipment is in scope, as well as the transaction itself where it might pose an undue risk of sabotage. It introduces an undue risk of catastrophic effects on security or resiliency. This section also gives power to the Secretary of Defense to implement mitigating controls and publish criteria for pre-qualifying vendors of electric equipment.

Section 2 further allows the Secretary to implement rules and regulations to support the order as well as develop recommendations to identify, isolate, monitor or even replace devices as soon as possible. A provision for a Task Force is established in section 3 with marching orders to develop procurement policies and procedures, evaluate the implementation of national security considerations into energy security and policymaking, and work with distribution system industry groups amongst other items.

Several components were of particular interest to me. First, the similarities to the (Read more...)