Cybersecurity

Feds to oversee grid supply chain effort

Royalty-free stock photo ID: 641963182 By 4kclips Department of Energy in Washington - WASHINGTON DC / COLUMBIA - APRIL 7, 2017

The Department of Energy's cybersecurity agency is set to begin the process of prequalifying vendors of bulk power equipment for the U.S. electric grid.

The agency's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is about to kick off an effort to help prequalify the future acquisition of industrial control system equipment that runs energy critical infrastructure, including bulk power grids, according to Nicholas Andersen, deputy assistant secretary for Infrastructure Security and Energy Restoration.

On May 1, President Donald Trump issued an executive order that would prohibit buying or installing bulk-power system electric equipment that comes from certain "foreign adversary" countries deemed a risk. The order said "unrestricted foreign supply of bulk-power system electric equipment constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States."

The order doesn't specifically name the countries, but it said electric equipment from those sources could pose significant risks, including cyberattacks. China, Russia and North Korea have typically been associated with the term. In particular, the administration has moved to block U.S. domestic use of Chinese-made equipment in the U.S. telecommunications critical infrastructure.

There is also longstanding concern that industrial control systems can provide an entry point to critical infrastructure systems for threat actors, nation-state and otherwise.

The order puts a process in place to pre-qualify manufacturers of bulk power gear for future use in U.S. energy critical infrastructure. The Energy Department, consulting with other agencies "as appropriate" was charged with setting up and publishing criteria and lists of acceptable equipment and vendors

"A lot of that prequalification and testing work that you see in the Executive Order is going to be focused within our office, within CESER," to provide it to others to support the overall energy infrastructure cybersecurity effort, Andersen said during a June 24 webcast hosted by Venable, LLP.

"There will be a request for information that the Department of Energy is going to be putting out in short order, as well as a Notice of Proposed Rulemaking that will provide a formal opportunity for stakeholder engagement," Andersen said.

The processes won't begin until after the rulemaking process is completed, which includes consultation with Department of Homeland Security, the Commerce Department, the Defense Department and the Office of Management and Budget, as well as industry coordinating councils.

Andersen said he expects the RFI to be issued soon by the agency, with the rulemaking change, which will incorporate input from the RFI, coming in late fall.

The order has caused a lot of anxiety in the bulk power sector. Power providers, he said, "are afraid of 'rip and replace'" in regards to their current equipment. "There is no 'rip and replace,' authority within the executive order," he said. "It's not anticipated to be part of the plan. It's really future-facing, not necessarily focused exclusively what's in place now."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected