Thoughts on Trump’s “Bulk Power System Security” Executive Order

China Energy Storage Network: On International Labor Day, President Trump of the United States issued an executive order, the main content of which is: the bulk-power system has increasingly become the target of "malicious cyber attacks" by foreign adversaries on the United States. Once such attacks are successful, the U.S. economy, the health and safety of Americans will be at great risk, and the United States' ability to defend its own and its allies' security will be further weakened; if the United States uses bulk-power system electrical equipment designed, developed, manufactured or supplied by hostile countries without restriction, it will increase the ability of hostile countries to exploit the vulnerability of bulk-power system electrical equipment (to attack the United States), which will have disastrous consequences; the unrestricted use of foreign bulk-power system electrical equipment constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United State; in order to ensure the security of the bulk-power system, the United States will be prohibited from purchasing overseas power equipment that poses a risk to national security, and the Secretary of Energy will be authorized to identify relevant entities and take appropriate actions.

Regardless of whether Trump is motivated by the desire to bring back American manufacturing and suppress competitors including China, or because of a guilty conscience, this executive order shows the US government's understanding of the safety of large power systems:

1. The safety of the large power system has a multi-faceted and significant impact on the national security, economy, defense, diplomacy, and citizen health of the United States;

2. Electrical equipment in large power systems has become a target of cyber attacks by hostile countries, which has a significant impact on the security of the U.S. power system;

3. Electrical equipment for large power systems designed, developed, manufactured or supplied by hostile countries must be "eliminated".

It can be seen that the United States regards the large power system as a real "vulnerability point" and potential risk point that seriously affects the country's all-round security.

A large power system can generally be understood as a power system with a high voltage level (at least 220 kV and above in my country), a large power system capacity (at least 10 million watts), and a close interconnection between the power grid and the surrounding areas. The development of my country's power system has obvious characteristics of a large power system, which is determined by the country's resource endowment and is also related to the power grid development strategy of the central enterprises of the power grid. In economic construction, cross-provincial and cross-regional transmission projects and large power systems at the receiving end play an important role in "supplying energy and blood", and the level of social electrification continues to improve. However, we should be aware that as the degree of economic and social dependence on electricity continues to deepen, the factors affecting the safe operation of the power system are becoming increasingly complex; the continuous improvement of the automation, digitization, and intelligence level of the power system operation, and the development of new formats such as energy Internet and industrial Internet have caused network information security risks to become increasingly prominent.

1. The factors affecting the power grid are unprecedentedly complex, accidental and uncertain. These factors include human factors and non-human factors. Human factors include terrorist attacks, network security damage, war attacks, etc. For example, the Iraq War, the Libya War and the Iranian nuclear power plant were attacked by cyber attacks. The United States and other countries have taken power grids and important power infrastructure as their main targets. Non-human factors include extreme weather, damage to power grid equipment by small animals, fuel supply interruptions, earthquakes, tsunamis, geological disasters, tree obstacles, etc. According to statistics, 98% to 99% of power outages occur in power transmission or distribution, of which more than 90% are caused by bad weather, equipment failures or small animals. The following table summarizes the main typical power grid outages or related events in the world since 2000. It can be found that the operation of the power system is in a state of many influencing factors and high risks, and the task of ensuring safe operation is heavy and arduous.

2. The reliability and resilience of the power system are becoming increasingly important, and the losses caused by power outages are increasing. The August 2003 blackout in the United States and Canada was caused by a short circuit caused by a high-voltage cable sagging and hitting a tree branch, which caused a power outage in an area of ​​24,000 square kilometers from Toronto to New York, 50 million people were cut off from electricity, 17 airports were forced to close, and the losses reached 5 billion to 14 billion US dollars. According to a survey of affected companies, 24% of companies lost $58,000 per hour, and 4% of companies (including automobile factories, steel mills, petrochemical plants, etc.) lost more than $1.2 million per hour. According to a study by the Berkeley National Laboratory, the losses caused by power outages to American businesses and residents each year reach $160 billion. In comparison, my country has done a very good job in ensuring the safety of large power grids.

3. Cybersecurity risks are increasing. Many of the incidents in Table 1 are related to cyber attacks. For many years, the United States has been studying how to use the Internet to attack the power system and how to improve the "resilience" of its power system against attacks. In 2014, according to statistics from the U.S. Department of Homeland Security, there were 79 hacker attacks on the power grid, and 145 in 2013. According to a 2014 Verizon study, there are more spyware targeting power companies than other industries. Even now, my country's power grid is subject to hundreds of cyber attacks from abroad every day. With the emergence of new energy forms such as distributed energy utilization, electric vehicles, and smart homes, and the rapid development and application of new technologies such as distribution network automation and smart grids, the use of wireless public networks for data communication by power monitoring systems is becoming increasingly common, and corresponding security protection measures need to be formulated. Practical issues reflected in work practice, such as protection measures for remote maintenance of equipment, security protection measures for smart substations, and the strength of longitudinal boundary protection in non-control areas, also need to be further clarified and standardized.

To this end, the following points are proposed:

1. Incorporate power system security into the national security system, conduct in-depth research on my country's power system security issues under the new international situation, strengthen the deep integration of military and civilian affairs, study and compile the "Power System Security Development Strategy", deepen the research on the power supply system in peacetime and wartime, especially the security issues of UHV cross-regional and cross-provincial transmission channels, etc. my country's current power channel security issues should be highly valued.

2. In light of the actual needs of the energy Internet of Things, industrial Internet and market-based allocation of data elements, we will strengthen the hierarchical and classified supervision of power system information data. It is recommended to amend the Electricity Law or enact separate legislation to improve the management of power information data, especially issues such as data ownership, use, security responsibilities, rights and interests, and penalties.

3. Encourage major electricity-consuming areas (especially large and medium-sized cities) to establish a multi-level and multi-form power supply guarantee system covering external electricity, local electricity, distributed power sources, demand-side response, microgrids and energy storage.

4. In the core functional areas that affect the safe operation of the power system, completely realize domestic substitution, avoid using products (including software and hardware products) and services (including consulting services) of US companies or institutions (especially those with US government funding); strengthen risk assessment and management of the impact of electrical equipment and products on power system safety.