Hoosier Energy expands review process to comply with mandate
EnergyLines June 2020
On May 1, President Trump signed an executive order declaring a national emergency to strengthen the process of identifying foreign adversaries that can adversely affect the electric Bulk Power System (BPS).
Equipment suppliers are to be reviewed to determine if manufacturing is under control of or influenced by foreign adversaries. This change reflects consensus by senior intelligence officials that adversaries, including Russia and China, are creating and exploiting vulnerabilities in the BPS to commit malicious acts against the United States.
“The risk is that a company uses equipment for a network connection made by a Chinese company that could exfiltrate data about the Bulk Power System to a government that we are not on the best of terms with,” said Richie Field, Manager of Cybersecurity and Network Operations at Hoosier Energy.
Under guidance from the North American Electric Reliability Corporation (NERC), electric utility BPS purchases are to follow the new CIP-013 cybersecurity and supply chain risk management standard effective October of this year. Vendors that manufacture equipment under review include servers, SCADA systems, firewalls in control centers and relays in transmission stations.
“This executive order should not have an impact on Hoosier Energy short term, as it will be periodically assessed as we move toward an approved supplier list next year,” said Bob Solomon, Manager NERC Compliance.
Plans at Hoosier Energy are in place to adopt the new standards through risk assessments. By October, additional assessments will take place for new or renewed contracts – completed by cybersecurity and network operations personnel.
“Hoosier Energy is going above and beyond as we complete risk assessments for low-impact facilities, such as generating stations and transmission stations that supply 69kV transmission lines to our members,” said Solomon.
Before the executive order was enacted, the Hoosier Energy Purchasing and Contracts Department monitored purchases from domestic and foreign-owned companies commonly called an OFAC check. This procedure ensures companies sourced are not listed on the Specially Designated Nationals and Blocked Persons List produced by the United States Department of the Treasury Office of Foreign Assets Control.
Stemming from the executive order, Hoosier Energy has begun a review of suppliers the cooperative does business with. To accomplish this, the Information Services department is developing custom queries that will help identify suppliers that need to be reviewed for compliance on an ongoing basis. These new queries will also enable the Purchasing department to upload supplier data into a batch OFAC check of all identified suppliers instead of keying in data for each individual supplier.
“We are using technology to automate and create a supplier list more efficiently to meet the requirements. By streamlining the process, we can perform an OFAC check on all of our active suppliers annually to ensure they remain favorable with the Treasury Office of Foreign Assets Control,” said Manager of Purchasing and Contracts Damon Crain.
The May 1 executive order falls under the provisions of the National Emergencies Act and must be renewed annually to remain in effect.