Supply chain threat: developments in a ill-fated executive order

On 1 May last year, the US issued an Executive Order (E.O. 13920, hereafter EO) declaring an energy emergency due to supply chain threats to the US electricity system. The EO established a number of responsibilities for government agencies, but especially for owners and operators of energy utilities. Unsurprisingly, the EO was received with considerable scepticism by the companies concerned, with a strong emphasis on the potentially horrendous costs of what it contained.

The Biden administration is working on a review of the EO. As part of this process, it has solicited comments and suggestions from industry stakeholders through RFI (request for information).

Responses received by the 7 June deadline will be made available in stages. These responses are not without lessons, since in the “shadow” of strong government communication, for example, it is possible to infer the thinking and priorities of other stakeholders from these responses.

For example, the Pacific Northwest National Laboratory (PNNL) – a federal institution! – response. It makes six recommendations. Unlike the original approach of the EO,

these are typically not directed at the owners and operators of energy utilities, but largely at the federal agencies (!).

What is just as interesting as what is described is what the respondent does not respond to. Well,

there is not a single reference to the EO underlying the RFI!

It should come as no surprise that that

none of the tasks required by the EO are even mentioned!

And remember that this answer comes from a federal institution!

Do you think it is reasonable/possible that the opinion of a public professional body on the cyber security of energy critical infrastructures should ignore public ideas to such an extent?!

As the developments in this ill-fated EO will have a profound impact on the cybersecurity of electricity systems, even in the near future, we will return to developments around EO in a further post(s) in case of new developments.

We will do the same if further interesting responses to the RFI become available.

We welcome messages either agreeing or disagreeing with the above. For example, by responding to them in a new post, a substantive professional exchange of views could be initiated.

Translated by DeepL