Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds cyberattack. Even though SolarWinds is a significant threat to IT networks and the Cloud, it is also a control system threat, although less obvious than the hardware backdoors.
In the transformer case, the scope of the compromise remains unknown. There are more than 200 large Chinese-made electric transformers in the US bulk electric system and it is unknown how many of these transformers have hardware backdoors installed. It is also unknown what and how much other Chinese-made equipment throughout the US (international) commercial and industrial infrastructure have Chinese hardware implants.
The Order has now been REVOKED by the new president.
But now Michaelk Mabee has filled I formal complaint with FERC to get the issue addressed.
Read more at Woods LLP