On July 8, 2020, the U.S. Department of Energy (“DOE”) issued a request for information (“RFI”) seeking public input on the energy industry’s current risk mitigation practices with regard to the bulk-power system supply chain. The DOE issued the RFI pursuant to Executive Order No. 13920 (“Executive Order”), wherein the Secretary of Energy was directed, among other things, to investigate the bulk power system for equipment presenting a risk from foreign adversaries (see May 5, 2020 edition of the WER). In the RFI, DOE asks stakeholders to identify potential vulnerabilities in the bulk-power system supply chain that could have national security implications and the estimated economic costs of implementing the Executive Order.
On May 1, 2020, President Trump issued the Executive Order, prohibiting Federal agencies and U.S. persons from engaging in certain transaction with “foreign adversaries”, including the acquisition, importation, transfer, or installation of bulk-power system electric equipment. The Executive Order further authorized the Secretary of the DOE to identify and publish a list of “pre-qualified” vendors, to identify, isolate, monitor, or replace existing bulk-power system equipment presenting a risk from foreign adversaries, and to establish a task force to update the Federal government’s acquisition regulations and develop policy recommendations and issue reports.
In the RFI, DOE divides its inquiry into two sections. In the first section, DOE seeks public input on potential supply chain issues with specific equipment, including transformers rated at 20 MVA with a low-side voltage of 69 kV, reactive power equipment, circuit breakers, and generation (such as power generation that is provided to the bulk-power system at the transmission level and back-up generation that supports substations). DOE requests information on whether energy sector asset owners or vendors (i) conduct enterprise risk assessments on a periodic basis, (ii) identify, evaluate, or mitigate foreign ownership, control, and influence over their data or downstream supply chain manufacturing, or (iii) document information sharing and testing programs that identify threats and vulnerabilities. In addition, DOE asks for information on current cyber vulnerability testing standards, critical mineral or supply chain materials, and whether any non-standard incentives or changes are needed to assist in the protection of source code or software.
In the second section, DOE seeks information related to the potential economic impacts of implementation and updating compliance plans associated with the Executive Order. DOE also requests comments on whether any specific category of the bulk power system equipment is more reliant than the others on companies likely to be reviewed under the Executive Order, whether the energy sector already has a procedure to identify additional items that should be covered under the Executive Order, and how the Executive Order may impact small businesses. DOE is seeking comments by August 7, 2020.
Click here to read the RFI.