President Donald Trump signed today an executive order barring US power grid entities from buying and installing electrical equipment that has been manufactured outside the US.
Trump said that “foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system.”
The US president said that successful attacks against the US power grid would “present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies.”
The White House argued that equipment made outside the US could be manipulated by foreign adversaries to insert and later exploit vulnerabilities in electrical equipment “with potentially catastrophic effects.”
Besides barring power grid operators from buying and installing new foreign equipment, the order also authorizes the Secretary of Energy to start procedures to identify current electrical equipment manufactured outside the US and develop strategies with government agencies and the private sector to have it isolated, monitored, and eventually replaced in the future.
The US Department of Energy welcomed the new executive order.
Despite President Trump citing hacking threats as a primary reason for signing the new order, the US has not seen any destructive attacks from foreign hackers until now.
Instead, the US power grid ecosystem has been the target of constant reconnaissance operations from foreign hackers, with Russian threat actors being the most persistent.
In 2018, the Department of Homeland Security issued a security advisory about increased Russian cyber-operations targeting the US energy sector.
In 2019, unknown hackers used a simple denial of service (DoS) flaw to reboot firewalls at an electric power grid operator for hours, but they did not breach the operator’s internal network to alter power grid parameters.
Earlier this year, in January, the Federal Bureau of Investigations sent private notifications to power grid operators about hackers targeting their software supply chain. The malware used in the attacks contained similarities to malware previously used by known Iranian state-sponsored hackers.