Hurd on the Hill: Keeping an Enemy out of our Backyard
by Will Hurd on September 11, 2020 at 6:02 AM
As our nation continues to deal with the COVID-19 pandemic and political unrest, we still have a broader global threat to be concerned about: The Chinese Communist Party (CCP).
Guanghui Energy—a company owned by a member of the CCP—is attempting to gain access to the Texas power grid by constructing a wind farm in the Devil’s River area of West Texas. Unfortunately, the federal government is not moving fast enough to prevent it, and the state government lacks enough power to stop it.
Regulatory changes to the Texas utility sector opened the door to any entity, including our adversaries like China, to connect to our power grid. Allowing an adversary to connect to our power grid enables attackers to perform a false data injection attack, where the attacker spoofs the system’s monitoring tools to falsely think activity is happening on the grid.
To put things into perspective, Texas’ power grid connects power generators to consumers via transmission and distribution networks across the state. For the system to work, tools and techniques must estimate the condition of the power grid at any time. This also prevents rolling black outs and ensures consumers get power when they need it.
Usually, when a single power plant fails, a transmission line is cut, or a generator fails, other units throughout the system pick up the load. However, when demand for electricity is high, failures on the grid can lead to a cascade of breakdowns resulting in many people losing power. This scenario happened in August 2003 when a massive blackout impacted 50 million people in the Northeast. In fact,an analysis by the U.S.-Canada Power System Outage Task Force found that this blackout started “with a few generators going offline in northern Ohio because of mechanical trouble. The load was shifted to nearby generators, but overgrown trees made contact with overhead power lines, causing those lines to trip. Utility companies in the region didn’t have adequate monitoring systems in place, so workers failed to recognize the severity of the situation before generators across the region became overloaded and shut down.”
Most cyber professionals believe they can defend against attacks, but often — when tested by a sophisticated adversary — fail. While I trust grid operators to do as they see is best, federal resources must be available to help operators verify they can defend against this type of attack.
To address this discrepancy, Congress should quickly implement the concept of “Systemically Important Critical Infrastructure (SICI),” an idea and recommendation by the Cyberspace Solarium Commission that would enable the federal government to “bring to bear its unique authorities, resources, and intelligence capabilities to support” entities that operate systems like the power grid. However, while SICI is a specific action to better protect our power grid, more general actions to counter the threat of the Chinese government should also be taken. We need a general policy of reciprocity — if American companies and investors are unable to do something in China, then Chinese companies and investors should be prevented from doing the same here.
If the owners of the Devils Wind Farm, Blue Hills Wind, become part of the power community, they will be able to gain access to security industry alerts, private industry insights and national security threat assessments. This could create the ultimate fox in the hen-house scenario, where we are giving an adversary access to our playbook and telling them which play we are running and when. The potential for a foreign government to access the Texas power grid would erode trust in the power community, and as Rob Lee, a pioneer in the industrial security incident response and CEO of Dragos, explains “community and trust are the best national defenses we have for the electric system.”
The Committee on Foreign Investment in the United States (CFIUS) was created by President Gerald Ford in 1975 to review impact transactions involving foreign investments that the U.S. would have on national security. As the Blue Hills Wind project meanders through this process, many questions are being generated, but a few things we know: the CCP threatens global supply chains, steals American intellectual property and economically bullies smaller countries in efforts to become the world’s superpower by 2049. Through government state sponsorship, the Chinese company, Huawei, has captured nearly 30 percent of the global 5G market, and the U.S. and our allies are scrambling to prevent Huawei from infiltrating telecommunications networks globally. To prevent a similar scenario in our power markets, Congress must act now.
I’m proud to have joined my colleagues, Senator Ted Cruz (R-Texas) and John Cornyn (R-Texas) in leading a letter to U.S. Treasury Secretary Mnuchin, Chairman of CFIUS, about the dangers and concerns of the Blue Hills Wind project having ties to the CCP. I’ll continue to do all I can to help keep Texas’ 23rd Congressional District and our nation safe from adversaries that jeopardize our national security.