The national focus on cyber security has been on data breaches including ransomware which is what precipitated the August 25, 2021, White House Cyber security meeting. For IT networks, the focus on data breaches is sufficient. However, the real concern for critical infrastructures is not data breach but equipment damage that can cause very extended outages and potentially kill people. Chinese-made grid equipment is widely used in the US electric grid. Backdoors have been found in some of the Chinese-made equipment bypassing all cyber security protections. Securing the electric grid will require a combination of many different approaches including making the economics of buying Chinese-made products less affordable, eliminating the use of known Chinese-front companies providing grid equipment and services, addressing networking and engineering issues, changing the scope of the NERC CIPS to focus on the reliability and cyber security of the grid, not just routable networks, monitoring the process sensors off-line and in real-time, and having engineering participation.
Do the Chinese “own” our electric grids and other infrastructures?