September 13, 2021, I submitted my response to the FERC Complaint EL21-99-000 on the use of Chinese-made equipment for critical equipment used in the US grid - https://michaelmabee.info/wp-content/uploads/2021/09/FERC-Complaint-EL21-99-000-commments-jw-9-13-21.pdf
The key points are:
- There are more than 300 pieces of Chinese-made equipment installed in the US grid and many are critical to the operation of the bulk electric system. At least two of the large Chinese-made electric transformers have been found with hardware implants.
- The existing FERC, NERC, and DOE responses are not addressing the problems identified in Emergency Presidential Executive Order 13920 (“suspended” on 1/20/2021). There has been no guidance from DOE or the industry on how to respond to the Chinese equipment already in the US grids and some utilities are continuing to buy Chinese equipment despite Executive Order 13920.
- The NERC CIPs are not capable of addressing the Chinese hardware implants.
- Industry leaders such as EPRI have participated with companies representing China on US grid projects.
The relief being sought is:
1. FERC should direct NERC to conduct a comprehensive survey of all registered entities in the Bulk Power System to determine what Chinese equipment or systems are currently in use in the Bulk Power System and how they are being used.
2. FERC should direct NERC to submit to the Commission a proposed reliability standard for testing and monitoring the security of Chinese equipment or systems are currently in use in the Bulk Power System or purchased for future use as identified in EO 13920. FERC should direct NERC to revise the NERC CIPs and NERC Supply Chain requirements to explicitly include the equipment identified in EO 13920. This should include technology to authenticate the integrity of process sensors to minimize the impact of the hardware backdoors and potential man-in-the-middle cyberattacks. FERC should direct NERC to develop cyber security procurement guidelines for the equipment identified in EO 13920. FERC should direct NERC to assess the potential grid impacts from compromise of critical grid monitoring and control equipment and develop appropriate recovery options.
3. FERC should work with all State Public Utility Commissions to encourage adoption of the reliability standard promulgated as a result of #2 above (or a state equivalent standard) for the protection of generation and distribution portions of the electric grid under state jurisdiction.
The equipment identified can be used in many other critical infrastructures such as water/wastewater, pipelines, oil/gas, and manufacturing. As Pogo once said, “we have met the enemy and they is us”.
Joe Weiss