The electric grid is interconnected. The interconnectivity goes not only between utilities but also between facilities connected to the grid. The Chinese (and other threat actors) are exploiting this cyber security gap. Chinese transformers, cranes, inverters, process sensors, etc. are comparably well-made and inexpensive leading to their continued use in US critical infrastructures. Many of these devices have known hardware backdoors or other cyber security concerns. Warnings have been issued by the US, UK, and Australian governments about their use including the Executive Order to change out Chinese port cranes. Despite these warnings, the US utility sector continues to ignore the cyber threat from Chinese equipment. Some of the largest utilities in the country, including the “leaders in grid security”, have Chinese transformers and other critical grid equipment. Moreover, the US government and private industry continue to focus on network vulnerabilities to the exclusion of hardware issues that can cause long term physical damage. Why won’t US utilities stop buying and start removing Chinese equipment from our grids?
