President Trump on Friday issued an executive order declaring a national emergency over threats to the U.S. power system, taking steps to defend the grid against cyberattacks and foreign interference.
The executive order bans the use of equipment for the power grid that was manufactured by a company under the control of a foreign adversary, or the buying of any equipment that poses a national security threat.
As is so often the case the latest executive order signed by President Trump, which prohibits the use of bulk power system equipment from foreign countries to limit the risk to the US power grid, is a step in the right direction, but it does not go far enough. While there are several positives in the order; namely, raising the importance of our grid infrastructure and electric power in our lives, national security, and developed economic life; pointing at countries that may want to challenge our global status, way of life, or ability to keep stable conditions; and seeking to address a potential vector of attack in the backdoors and trojans that could be implanted in foreign-sourced infrastructure equipment.
However, there are a few shortcomings. Firstly, it ignores the largest problems in the electric cyber environments: lack of visibility in the networks and any nationally enforceable standards. Secondly, it is not immediately actionable. The order does not name countries, or propose anything specific, it just enables a team to go look at this without clear advice if problems are found. And lastly, even if enforced and specifics were given, i.e. no new equipment from China or Russia in the grid, it does not address all the legacy infrastructure that has been and will be around for a very long time.
While this latest executive order on securing the US bulk power system is good in some ways, it is simply not enough. Though it is directionally correct, it left me wanting real substance, and real security.