Sens. Cruz, Cramer, Cotton Oppose Biden Administration’s Decision to Revoke Trump-Era Rule to Protect Electric Grid from Chinese Cyberattack

WASHINGTON, D.C. - In the wake of the cyberattack against Colonial Pipeline, U.S. Sens. Ted Cruz (R-Texas), Kevin Cramer (R-N.D.), and Tom Cotton (R-Ark.) today sent a letter to the Department of Energy (DOE) criticizing its decision to revoke a Trump-era order that prohibited electric utilities that supply critical defense facilities from importing certain power system equipment from China.

In the letter, the senators wrote:

"DOE has a significant responsibility to protect the U.S. electric grid and help ensure that critical equipment supplied from foreign adversaries does not pose a risk to the national security of the citizens of the United States. While President Biden's CIA director recently acknowledged that China is ‘formidable authoritarian adversary' your agency's action does not appear to treat them as one."

[...]

"While you acknowledge that ‘adversarial nation-state actors are targeting our critical infrastructure' and pose a threat, revoking the prior Order in order to ‘create a stable policy environment' and ‘develop a strengthened and administrable strategy' does not justify the increased threat risk from your action. As evidenced by recent events, any weakening of the United States' defenses against cyberattacks on critical infrastructure could jeopardize the national security of our citizens."

Read their full letter here and below.

May 19, 2021

The Honorable Jennifer Granholm
Secretary of Energy
U.S. Department of Energy
1000 Independence Ave., Southwest
Washington, D.C. 20585

Dear Secretary Granholm:

The recent cyberattack on the Colonial Pipeline and the temporary shutdown of its operations illustrates the importance of protecting the United States critical infrastructure from such attacks. The Department of Energy (DOE), however, recently revoked an order titled, "Prohibition Order Securing Critical Defense Facilities" (Order), that protected the United States' bulk-power system from threats by the People's Republic of China (PRC or China). Your agency's action is recklessly irresponsible and seriously jeopardizes the security of the Nation's electric power grid.

DOE has a significant responsibility to protect the U.S. electric grid and help ensure that critical equipment supplied from foreign adversaries does not pose a risk to the national security of the citizens of the United States. While President Biden's CIA director recently acknowledged that China is "formidable authoritarian adversary" your agency's action does not appear to treat them as one.

The now revoked Order prohibited "the acquisition, importation, transfer, or subsequent installation" of certain bulk-power system (BPS) electric equipment "subject to China's ownership, control, or influence." In support of that Order, DOE determined that some BPS electric equipment from China constitutes an "undue risk to the security of the BPS and to U.S. national security."

While you acknowledge that "adversarial nation-state actors are targeting our critical infrastructure" and pose a threat, revoking the prior Order in order to "create a stable policy environment" and "develop a strengthened and administrable strategy" does not justify the increased threat risk from your action. As evidenced by recent events, any weakening of the United States' defenses against cyberattacks on critical infrastructure could jeopardize the national security of our citizens.

In order to understand how DOE is protecting the U.S. power grid from future cyberattacks, I respectfully request that you answer the following questions within thirty (30) days of receipt of this letter:

Revoking the prior administration's Order is completely inconsistent with the Biden administration's "100-Day Plan to Address Cybersecurity Risks to the U.S. Electric System." Please explain why it was necessary to revoke the Order if DOE "recognizes the threat our foreign adversaries pose to our critical infrastructure." In answering that question, please further clarify how creating a "stable policy environment" overrides concerns about the threat of cyberattacks by the PRC.

What actions is your agency taking to ensure that the electric equipment under the "ownership, control, or influence" of the PRC and other foreign adversaries is not used in the operation of the U.S. electric grid that serves critical defense facilities?

In revoking the Order, DOE indicated that it is "developing recommendations to strengthen requirements and capabilities for supply chain risk management practices." When do you expect DOE to finalize and implement these recommendations?

Thank you in advance for your prompt response to these questions and for your attention to this matter of great importance to the national of the United States.