On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk-Power System. According to the order, the administration found that \u201cforeign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life.\u201dThe executive order (EO), which also encompasses \u201cmalicious cyber activities,\u201d determines \u201cthat the unrestricted foreign supply of bulk-power system electric equipment constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.\u201d It declares \u201ca national emergency with respect to the threat to the United States bulk-power system\u201d and prohibits the purchase or installation of specific equipment from foreign adversaries.The prohibition applies to only a specified list of electrical equipment that poses an undue risk of sabotage or subversion of the equipment\u2019s design, or poses a national emergency with respect to the threat to the United States bulk-power system or otherwise poses an unacceptable risk to the national security of the US or the security and safety of US persons. The order requires the energy secretary to work with other agencies \u201cto identify bulk-power system electric equipment that poses the types of risks associated with prohibited transactions\u201d and to adopt rules and regulations to implement the order within 150 days.The equipment covered by the order includes a range of hardware that makes up the bulk power system, including substation transformers, which appear to play a particularly unique role in the order\u2019s emergence. \u201cWe are aware that stepped-up transformers that could have an adverse impact on the grid are what\u2019s being targeted here.\u201d David Schwartz, a partner at Latham and Watkins who is focused on energy regulatory policy, tells CSO.\u00a0(Schwartz has since clarified that they "believe that transmission facilities, including potentially step-up transformers that could have an adverse impact to the grid are what\u2019s being primarily targeted here.\u201d)\u00a0Vulnerability fears behind the executive orderAlthough the order doesn\u2019t specify which countries are \u201cforeign adversaries,\u201d the consensus among electric utility technologists and Washington energy policy experts is that China is the only \u201cadversarial\u201d country that supplies the appropriate equipment to US utilities. One central question surrounding this order is why now. Another big question: What vulnerabilities are adversaries creating and exploiting in the bulk power grid?Some experts think that the administration is just now getting around to applying the same kind of bans to the bulk power grid that the government applied to Chinese telecom suppliers last year. \u201cThe executive order has some very similar language to another executive order last May in the communications area. We think the approach that was taken in the communications area was simply essentially replicated with respect to security issues [regarding] the bulk power system,\u201d Schwartz says.Shuli Goodman, executive director of LF Energy, an electricity and power initiative housed within the Linux Foundation, agrees with Schwartz that one impetus, although likely not the sole reason, behind the EO, is the effort to recreate what the administration has done in the telecom arena. \u201cThis is aligned with what happened in the telecommunications sector. This is just a kind of continuation of that,\u201d she tells CSO.Like many other technology experts, however, Goodman agrees that \u201cit\u2019s going to be very difficult if not impossible to eviscerate China from the supply chain." Excluding China could be particularly problematic given that a critical focus of the order appears to be high-voltage transformers, which are made of industrial-quality steel that the US is no longer capable of manufacturing.Did China create backdoors to disrupt the US energy grid?One electric utility security expert, Joe Weiss, believes that the prime motivator for the executive order is a real cyberattack on the US bulk power system. This attack took the form of a \u201chardware backdoor\u201d that was discovered when a Chinese transformer was delivered to a US utility. Although Weiss is almost completely mum on the details of this situation, the backdoor is capable of causing a highly damaging event, he tells CSO.Weiss contends that the utility found the backdoor when it was installing the transformer and was "finding things that should not have been in there.\u201d He also believes there are multiple such transformers with hardware backdoors installed throughout the bulk power grid.Although Weiss wouldn\u2019t go into the details of what the \u201chardware backdoor\u201d consists of, utility security engineer Chris Sistrunk of FireEye speculated what this might mean. Stressing that he hasn\u2019t independently confirmed Weiss\u2019 allegation, Sistrunk said that large power transformers usually have monitoring equipment installed with them that are sometimes called DGAs (dissolved gas analysis) sensors, or online condition monitoring.This equipment typically consists of sensors that monitor hydrogen and other dissolved gasses, moisture, oil level, temperature, and hot spots, as well as the presence of an internal fault or short circuit. \u201cIt\u2019s plausible that a malicious component could send fake data to power company control system networks and the internet,\u201d Sistrunk says.Dale Peterson, CEO of ICS consulting firm Digital Bond, believes that a backdoor is irrelevant so long as the front door to industrial systems remains open, which he contends is the case. \u201cThere is little benefit in closing the backdoors that \u2018foreign adversaries\u2019 may insert if the pre-qualified US and friendly foreign systems are insecure by design \u2013 if they have the front door open,\u201d Peterson wrote in his assessment of the EO.Although tight-lipped about details, Weiss did confirm that one of the Chinese transformer makers who has surfaced in connection with the hardware backdoor is JiangSu HuaPeng Transformer Co., Ltd., also known as JSHP, which is either the largest or second-largest Chinese supplier of transformers to the US, depending on the source. Jim Cai, manager of North American Marketing & Service for JSHP, denies he has ever heard from a customer about \u201chardware backdoors.\u201dHowever, Cai did tell CSO a strange tale about a $2.8 million high-voltage transformer that the Department of Energy (DOE) purchased from JSHP last year. DOE bought the transformer for the US government-owned utility Western Area Power Administration (WAPA), which is managed directly by DOE. The transformer was shipped from Shanghai and arrived at the Port of Houston in late August 2019.Under the terms of the contract signed by DOE, JSHP was supposed to transport the transformer from the Port of Houston to Colorado, no easy feat for a solid steel unit that weighs hundreds of tons. (Transformers are monstrously large, too big for highways, and are usually transported via rail using their own specially designed cars called Schnabel cars.) JSHP was also contractually obligated to install the transformer and then provide a multi-year warranty.Cai said that DOE contacted JSHP to cancel the transportation from the Port of Houston, told JSHP not to install the transformer, and rejected the warranty for the hardware, something no other customer has ever done. Cai said that he called DOE to follow up later and that the department never returned his phone calls. In an email exchange with DOE\u2019s press office, CSO asked the department to confirm or deny Cai\u2019s account and received no response.Energy utilities await rulesIn terms of timing, the EO gives interested parties until September 28 to file comments in a rulemaking proceeding that will spell out the rules of the road under the EO. To clarify matters, the DOE issued a set of FAQs to help utilities plan their purchases until the actual rules are released, which could take months or even possibly years, experts say.The FAQ document makes clear that no utilities are obligated to do anything until the rules come out, including ripping and replacing equipment that seems likely to be prohibited by the final regulations. Some experts think the effect on Chinese equipment purchases is already underway. \u201cIt just may be that it has the impact of chilling some future equipment supply contracts with companies that are under the jurisdiction of a foreign adversary that may not otherwise have been chilled,\u201d Latham and Watkins\u2019 Schwartz says.Despite the focus on equipment and hardware, the EO also aims at digital security, albeit mostly indirectly. A source close to the DOE tells CSO that although the order focuses extensively on the security of hardware, it deals with digital security because, \u201cYou can't buy a non-smart transformer. It's going to have monitoring software on it.\u201d\u201cIt's going to speak internet protocol. It's often for diagnostics, remote diagnostics going back to the supplier so that they can monitor it and see if anything's going wrong ahead of time. They can get out in front of it before it breaks, similar to jet engines. Jet engines are like that, too, with remote diagnostics by wireless communication,\u201d the source says.The tasks ahead for DOE and the nation\u2019s bulk power grid seem complicated with long-term horizons given that most of the equipment cited in the EO tends to be in service for decades. The national laboratories at the DOE, which are filled with scientists and technical specialists, could come in handy. \u201cThere are established programs at National Laboratories in Idaho, Tennessee, Washington and New Mexico that could support key elements of the executive order,\u201d the source close to DOE said, referencing Idaho National Labs, Oak Ridge National Laboratory, Pacific Northwest National Laboratory, and Sandia National Labs.