On May 1, 2020, President Trump signed an Executive Order (“EO”) intended to protect the nation’s power grid from foreign cyber-attacks. The EO declared foreign cyber threats to the U.S. electricity grid a national emergency, and accordingly ordered action in the form of procurement and trade regulation to defend the grid against foreign attack.
Specifically, the EO prohibits the “acquisition, importation, transfer, or installation of any bulk-power system electric equipment… where the transaction involves any property in which any foreign country” or a foreign national has any interest, when the Secretary of Energy, in consultation with other agency heads, has determined the transaction involves a “foreign adversary” or otherwise “poses an unacceptable risk to national security.” The EO does not define the term “foreign adversary,” but it is speculated that the EO is specifically targeting threats from China and Russia.
The EO authorizes the Secretary of Energy to identify vendors that might pose a risk and develop strategies to identify and replace suspect equipment already in use. Conversely, the Secretary of Energy is permitted, but not required, to “establish and publish criteria for recognizing particular equipment and particular vendors” in the market as “pre-qualified” and to use these criteria to create a list of “pre-qualified equipment and vendors.” This comes exactly a year after the Administration issued a separate Executive Order declaring foreign intrusions against U.S. communications networks a national emergency and issuing import restrictions and exclusions of Chinese telecom companies Huawei and ZTE.
Under this EO, the Secretary of Energy, in consultation with other agency heads, is required to identify “bulk-power system electric equipment” that “poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the economy of the United States, or otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.” Further, the Secretary of Energy, in consultation with other agency heads, is directed to “develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable,” taking into consideration the “overall risk to the bulk- power system.”
Relatedly, the EO establishes a task force to protect the power grid from attacks and share risk information and risk management practices. The task force members will include the secretaries of Defense, the Interior, Commerce, Homeland Security, the Director of National Intelligence, and the Director of the Office of Management and Budget, or their designees. The task force shall “develop a recommended consistent set of energy infrastructure procurement policies and procedures for agencies… to ensure that national security considerations are fully integrated across the Federal Government.” The task force is also required to submit these recommendations to the FAR Council and to consult with the Electricity Subsector Coordinating Council and the Oil and Natural Gas Subsector Coordinating Council in developing recommendations and evaluating the methods and criteria used to incorporate these considerations into energy security and cybersecurity policymaking.
The EO leaves many questions unanswered. For example, the effective date of the order is unclear: the EO states that it applies to transactions “initiated after the date of this order,” but simultaneously suggests retroactive application, applying “notwithstanding any contract entered into or any license or permit granted prior to the date of this order.” The order may require replacement of equipment already purchased and installed but makes no provision for who will bear the cost of such replacement. Companies must closely monitor implementation to ensure they comply with subsequent mandates and to mitigate supply chain risk.
The EO has not yet resulted in new procurement regulations but new measures are likely to come soon. Our firm will continue to monitor this issue and is available to assess compliance with procurement regulations and export controls applicable to utilities.
If you have any questions, please contact: