At a glance.
- CISA updates telework guidance for US Federal agencies.
- Executive Order declares state of emergency with respect to US bulk power system.
CISA revises telework guidelines for US Federal agencies.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has issued revised guidance for telework. CISA's new site includes the following elements:
- NSA & DHS Telework Best Practices
- Video Conferencing Tips
- TIC 3.0 Interim Telework Guidance
- Cybersecurity Recommendations For Critical Infrastructure Using Video Conferencing
- Cybersecurity Recommendations for Federal Agencies Using Video Conferencing
- Guidance for Securing Video Conferencing
Executive Order on securing US electrical power generation and distribution.
President Trump this past Friday issued an Executive Order on Securing the United States Bulk-Power System. The Executive Order expresses recognition of the degree to which foreign adversaries are interested in holding the US electrical power generation and distribution system at risk, and declares a state of emergency. It explicitly addresses cyber threats and vulnerabilities, but the Executive Order concentrates on safety and reliability engineering, and on the risk of a hostile foreign government's ability to compromise hardware supply chains or engage in active sabotage.
A letter from the President to the Speaker of the House and the President of the Senate states the problem as follows:
"Foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system. The bulk-power system provides the electricity that supports our national defense, our vital emergency services, our critical infrastructure, our economy, and our way of life. The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities. Although maintaining an open investment climate in bulk-power system electric equipment, and in the United States economy more generally, is important for the overall growth and prosperity of the United States, such openness must be balanced with the need to protect our Nation against a critical national security threat. To deal with this threat, additional steps are required to protect the security, integrity, and reliability of bulk-power system electric equipment used in the United States."
The measures it enjoins involve controlling supply chain risk by excluding components from nations designated as adversaries from the US power system:
"The Executive Order prohibits certain future transactions involving bulk-power system electric equipment where the Secretary of Energy (Secretary), in coordination with the Director of the Office of Management and Budget and in consultation with the Secretary of Defense, the Secretary of Homeland Security, the Director of National Intelligence, and, as appropriate, the heads of other executive departments and agencies (agencies), has determined that:
"(i) the transaction involves bulk-power system electric equipment designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and
"(ii) the transaction:
"(A) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of the bulk-power system in the United States;
"(B) poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the economy of the United States; or
"(C) otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons."
No companies or nations are named in the order, but it resembles other steps the Executive Branch has taken with respect to information and communications technology, and these have tended to fall most heavily on Chinese companies, notably Huawei. Compare the Executive Order on Securing the Information and Communications Technology and Services Supply Chain issued on May 15th of 2019.
To return to the text of the Executive Order itself, the Department of Energy will be the lead agency for enforcing the restrictions the Executive Order imposes. The Secretary of Energy will also lead a task force that will address Federal policy on securing bulk power systems. Its members will include the Secretaries of Defense, Interior, Commerce, and Homeland Security; the Director of National Intelligence, the Director of the Office of Management and Budget; and "the head of any other agency that the Chair may designate in consultation with the Secretary of Defense and the Secretary of the Interior."
It's worth noting that many of the entirely realistic concerns about supply chain integrity have concentrated on the risk posed by counterfeit and presumably unreliable parts (see this piece in Control Global for an example). Serious as the threat of counterfeit parts may be, they're not what the present Executive Order is about. It's about "the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects." That's a far more intentional threat than the introduction of slipshod components into a supply chain.
NextGov quotes a Public Citizen representative who wonders whether the Executive Order is just a cynical attempt to hobble the green energy sector by keeping Huawei parts out of the hands of solar power operators, but that view seems unlikely to gain much traction. A bipartisan group of ten Senators in February of last year wrote the Secretaries of Energy and Homeland Security to ask that the Government ban Huawei specifically from participation in the US photovoltaic market. Last Friday's Executive Order is a step in that direction.