Earlier this month, the May 1, 2020 Executive Order (EO) on Securing the U.S. Bulk-Power System (BPS) was issued, and we wanted to pass along the following comments/insights about such EO. We find that it is helpful first to put these recent actions in some context. We then address the potentially affected transactions and the specific scope and implications of the term “foreign adversary”:
BPS EO Background
The BPS EO is the most public and potentially far-reaching action to address long-standing U.S. government (USG) concerns about security of the energy grid. Traditionally, the procurement policies of energy companies and utilities for bulk power components (e.g., transformers, capacitors, and metering equipment) have not included national security considerations and generally favor selection of the lowest bidder. Meanwhile, over the past several years, there have been cybersecurity breaches at certain bulk power facilities within the U.S. grid (e.g., a small hydropower dam in Rye, New York and facilities of an unnamed utility in the western United States).
Context from Other Recent USG Actions
A series of recent actions by the USG to address perceived threats from foreign entities to U.S. “critical infrastructure” assets have limited the deference traditionally afforded to utilities. These recent USG actions are aimed at protecting against foreign exploitation of vulnerabilities in U.S. critical infrastructure (e.g., attacking or manipulating the BPS), and thwarting foreign attempts to conduct espionage through components of these systems. These recent actions include, among others:
- A similar EO was issued in May 2019 aimed at securing the supply chain for information and communications technology and services (ICTS). That EO included language very similar (and in some cases identical) to the BPS EO, and directed the Secretary of Commerce to develop regulations to prohibit transactions involving ICTS produced by “foreign adversaries” that pose a risk of sabotage or subversion of U.S. ICTS infrastructure, catastrophic effects on critical infrastructure, or other risks to U.S. national security or U.S. persons. Commerce issued these proposed rules in November 2019, which would establish an evaluation process somewhat analogous to the process of the Committee on Foreign Investment in the United States (CFIUS) for transactions involving covered ICTS assets, including USG reviews of information supplied by parties to a proposed transaction, and negotiation of mitigation agreements to resolve national security concerns.
- New regulations were implemented in February 2020 expanding CFIUS’s jurisdiction to review non-controlling foreign investments in U.S. companies involved in “covered investment critical infrastructure” functions. The types of infrastructure covered by these new regulations include any system used for “the generation, transmission, distribution, or storage of electric energy comprising the bulk-power system” and other facilities relating to electric power generation and storage, as well as several other types of facilities relating to ICTS infrastructure, oil and gas production and storage, public utilities, and transportation.
- Section 889 of the FY2019 National Defense Authorization Act (“Section 889”), which prohibits USG agencies from entering into certain types of contracts involving telecommunications equipment or services from Chinese entities, continues to be implemented.
- The FCC continued its actions in 2019 and 2020 to mitigate national security concerns that the USG perceives are related to large, state-controlled Chinese telecom companies. These actions include rejecting China Mobile USA’s 2019 application to provide telecom services between the United States and foreign destinations, and the FCC’s May 2020 orders to show cause issued to China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet directing the companies to explain why the FCC should not begin the process of revoking authorizations enabling them to operate in the United States.
Key Features of the BPS EO
The BPS subject to the EO includes only facilities and control systems necessary for operating electric energy transmission networks at or above 69kV, or electric energy from generation facilities needed to maintain transmission reliability. The BPS EO does not apply to local distribution facilities.
- Unlike the ICTS EO, the BPS EO provides a reasonably specific listing of the “bulk-power system electric equipment” used in system substations, control rooms, and power generating stations that are within its scope. The listing includes transformers, and does not specifically identify wind turbine equipment or solar modules, but it does reference “generation turbines” and “generating power stations,” which leaves open the question as to whether utility-scale wind farms, solar farms or battery storage systems may fall within the EO’s scope. The Office of Electricity of the Department of Energy (DOE) has said that it intends to be thoughtful and surgical in identifying prohibited equipment.
- Like the ICTS EO, the BPS EO directs the Secretary of Energy to develop regulations within 150 days to provide for the evaluation and prohibition of transactions that pose a risk to the U.S. BPS, other critical infrastructure, or U.S. national security or persons.
- Notably—and unlike the ICTS EO—the BPS EO also directs the Secretary of Energy to “develop recommendations on ways to identify, isolate, monitor, or replace” problematic equipment already installed in the United States. This suggests that the regulations could have a retroactive effect on U.S. companies currently using foreign equipment of concern, although the DOE has advised that the EO is not intended as a broad “rip and replace” directive.
- The BPS EO also establishes a task force on Federal Energy Infrastructure Procurement Policies Related to National Security (the “Task Force”), which among other things will be charged with developing energy infrastructure procurement policies and procedures for USG agencies to be added to the Federal Acquisition Regulation.
- It is important to note that many details of the BPS EO appear vague or potentially contradictory, including how the DOE will treat transactions that are initiated after the May 1, 2020 issuance date but before the Secretary of Energy’s regulations are established. The implementation process by the Secretary of Energy and the Task Force should provide greater clarity on these points over the coming months.
“Foreign Adversary” Scope
Both the BPS and ICTS EOs prohibit transactions involving procurement of equipment “designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary.” In both cases, a foreign adversary is defined as “any foreign government or foreign non-government person engaged in a long term pattern or serious instances of conduct significantly adverse to the national security of the United States or its allies or the security and safety of United States persons.”
- The proposed rules implementing the ICTS EO do not further define “foreign adversary.” However, when viewed in the context of the other recent USG actions relating to critical infrastructure, and based on other comments by the DOE on stakeholder calls, we would expect the main focus of such reviews under the BPS EO and regulations to be Chinese-origin electric power-related equipment.
- The DOE’s Office of Electricity has indicated that it is focusing on China and, to a lesser extent, Russia, which is not a significant producer of BPS equipment. The DOE is also concerned about “asymmetric threats” like Iran and North Korea, although these asymmetric threats are only likely to be relevant to the BPS to the extent that they have made indirect investments through Chinese entities.
Qualified and Prohibited Suppliers
Based on the proposed rules issued for the ICTS EO, we would not expect implementation of the BPS EO to include a public list of specific Chinese or other entities from which procurement of equipment is prohibited, though the effect of implementing the EO may create a de facto blacklist for BPS suppliers. The BPS EO will, however, result in the establishment of “pre-qualified” vendors and equipment.
- We would also expect reviews of specific BPS-related transactions (as opposed to the broader review to identify problematic equipment in the BPS) to be performed on a case-by-case basis, with the results being kept confidential (as with the CFIUS review process) unless the parties decide to disclose these details or the transaction becomes the subject of a presidential order.
- It is always possible that the USG will take its own actions against specific Chinese entities that it believes pose a particular threat to U.S. national security or the electric grid, similar to Section 889 and other recent export control-related actions against Huawei and its affiliates. If this happens, we can help evaluate the potential business and reputational risks associated with any vendors or entities affected by such actions.