Energy Sector Supply Chain Review – U.S. Department of Energy
Image: Tada Images – stock.adobe.com
Comments and Recommendations of Michael Mabee on
Energy Sector Supply Chain Review
Submitted to DOE on December 19, 2021
Introduction
I am a private citizen who, for over a decade, has conducted public interest research on the security of the electric grid because I recognize the absolutely vital role of this infrastructure in powering every one of the nation’s 16 critical infrastructures and in undergirding not just the well-being but the very survival of our country. I am a retired U.S. Army Command Sergeant Major, and I maintain one of the world’s most comprehensive grid security databases as an unpaid volunteer grid security researcher. I have been quoted by the Wall Street Journal, the Washington Post and many other publications on grid security and have intervened and submitted testimony in over 200 federal dockets on electric grid security issues.
This filing contains my recent research[1] and provides evidence that:
- Entities in the U.S. Bulk Power System (BPS) as well as the overall U.S. electric grid are buying critical equipment from the People’s Republic of China to install into our critical electric infrastructure that the Communist regime’s state sponsored and state supported hackers are already probing and attacking.
- There is no requirement that existing Chinese equipment or systems already installed in the electric grid be checked and tested for risks and vulnerabilities.
- There is no requirement that newly imported Chinese equipment or systems be checked and tested for risks and vulnerabilities before being installed on the electric grid
Background
The Cyber Threat from China
On April 8, 2009 the Wall Street Journal reported[2]:
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.
The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”
In 2019 Daniel R. Coats, Director of National Intelligence (DNI) informed Congress[3] that:
China presents a persistent cyber espionage threat and a growing attack threat to our core military and critical infrastructure systems… China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States.
On June 6, 2021 Secretary of Energy Jennifer Granholm confirmed in a CNN interview that U.S. adversaries have the capability to shut down our power grid.[4] And the following month, the U.S. formally accused China of a campaign of cyber-attacks and indicted several Chinese nationals who conducted the hacks on behalf of the government of the People’s Republic of China.[5]
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has been issuing alerts for years about China’s cyber-attacks against the U.S. including the energy sector and currently assesses[6]:
The Chinese government—officially known as the People’s Republic of China (PRC)—engages in malicious cyber activities to pursue its national interests. Malicious cyber activities attributed to the Chinese government targeted, and continue to target, a variety of industries and organizations in the United States, including healthcare, financial services, defense industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace), communications, IT (including managed service providers), international trade, education, video gaming, faith-based organizations, and law firms.
As far back as 2003, Congress expressed concern about China conducting “coordinated cyber reconnaissance” and “probing” U.S. electric utilities in a hearing entitled: “Implications of Power Blackouts for The Nation’s Cybersecurity and Critical Infrastructure Protection.”[7]
Alarmingly, despite almost two decades of knowledge that China is hacking the U.S. Energy sector, U.S. electric utilities have been buying large transformers and other equipment from China to install in the U.S. electric grid.
An April 25, 2019 E&E News article titled “China and America’s 400-ton electric albatross”[8] quoted a sobering statement from the U.S. Department of Energy:
“There have been over 200 Chinese transformers that have come into the U.S. energy sector in the last 10 years,” said Charles Durant, deputy director of counterintelligence at the Department of Energy. “Before that, there were zero.”
The U.S. Government Seizes a Chinese-Manufactured Transformer
On May 27, 2020, Wall Street Journal reporter Rebecca Smith reported that a large Chinese transformer purchased by the Western Area Power Authority (WAPA) from JiangSu HuaPeng Transformer Co., Ltd. (JSHP) was seized by the U.S. government at the Port of Houston in the summer of 2019. The transformer was taken to Sandia National Laboratories.[9] Nobody from the government would comment on the seizure.
In an interview on July 16, 2021 Latham Saddler, the former Director of Intelligence Programs at the National Security Council in the last administration, confirmed that after the Chinese transformer was taken to the National Lab “They found hardware that was put into that that had the ability for somebody in China to switch it off.”[10]
One would think after finding a security issue in a Chinese-manufactured transformer in 2019 that by 2021 the U.S. would have addressed the threat.
One would be wrong.
The U.S. Continues to Import Large Transformers from China for the Electric Grid
According to official U.S. import data, the U.S. imported 66 Chinese large power transformers in 2020. 54 of these were classified as “having a power handling capacity exceeding 100,000 kVA.”[11] 2021 Data is only available through October of 2021 but shows that the U.S. is continuing to import Chinese large power transformers in 2021.
Since 2006, official U.S. import data shows that the U.S. has imported 374 “liquid dielectric transformers having a power handling capacity exceeding 10,000 kVA” from China—299 of these have a power handling capacity exceeding 100,000 kVA.[12]
Figure 1:
Electrical transformers; liquid dielectric, having a power handling capacity exceeding 10,000 kVA:
Figure 2:
Electrical transformers; liquid dielectric, having a power handling capacity exceeding 100,000 kVA:
A 2012 U.S. Department of Energy publication “Large Power Transformers and the U.S. Electric Grid”[13] contained a chart that separately showed power transformers imported from China exceeding 100,000 kVA. However, in the April 2014 Update[14] to this chart, the number of rows listing individual countries were reduced and China disappeared (falling into the “All Others” category). This publication has not been publicly updated since 2014.
Here are both charts:
Figure 3:
Department of Energy 2012 Chart
Figure 4:
Department of Energy 2014 Chart
Imports and orders of large Chinese transformers into the critical electric infrastructures continued in 2020 and 2021.
In August of 2021, a Chinese company, JiangSu HuaPeng Transformer Co., Ltd. (JSHP) posted on their website that “JSHP has been awarded to design, build, and supply of a 345KV 610MVA Step-up Power Transformer by a US comapny” [sic].[15]
Step-up transformers are a key component of the U.S. electric grid. Moreover, JSHP claims that their transformers handle 10% of the load of New York City and 20% of the load in Las Vegas, NV.[16]
JSHP also boasts of several recent U.S. orders and deliveries. In sum, evidence from the official U.S. import data and this Chinese manufacturer demonstrates that the U.S. electric grid continues to import large Chinese transformers in 2020 and 2021. Here are a few examples – screenshots straight from the JSHP’s website – of U.S. imports of large Chinese transformers in 2020 and 2021:
Figure 5:
Screen Shot from JSHP Website, taken August 12, 2021
Figure 6:
Screen Shot from JSHP Website, taken August 12, 2021
Figure 7:
Screen Shot from JSHP Website, taken August 12, 2021
Figure 8:
Screen Shot from JSHP Website, taken August 12, 2021
Attached as Exhibit A is a partial listing of transformers and equipment imported from China that are believed to be installed in the U.S. Energy Sector.
Attached as Exhibit B are numerous bills of lading for imported Chinese-manufactured transformers and components between 2018 to 2020.
Attached as Exhibit C is a summary from U.S. Census Bureau import data showing the imports of large Chinese transformers between 2006 and October of 2021.
None of the current mandatory reliability standards address risks and vulnerabilities to the Bulk Power System (and the electric grid in general) represented by the imports in Exhibits A, B and C.
A Direct Line to the Government of the People’s Republic of China
Behind many of the U.S. imports of Chinese-manufactured transformers, other equipment and components is a company called Doubletree Systems, Inc. Doubletree Systems, Inc. also represents several other Chinese companies that sell transformers and other equipment imported for use in the U.S. Critical Electric Infrastructure.[17] In addition, Doubletree sells grid security and monitoring systems and works with the Electric Power Research Institute (EPRI) on grid security issues.
There is evidence that the government of the People’s Republic of China has an ownership and/or control interest in Doubletree Systems, Inc. This relationship is detailed below.
According to Doubletree Systems, Inc.’s successful contract bid to WAPA for a JSHP transformer obtained under the Freedom of Information Act (FOIA):[18]
“Doubletree Systems, authorized by JSHP (see attached letter), acts as exclusively partner for JSHP in North America market, provides marketing and service support (pre-sale and warranty service) and so far, in about 8 years, with this partnership, there are over a hundred of JSHP power transformers are in operation in USA & Canada. The biggest one is a 345KV 610MVA transformer connected to Con Edison New York from the Bayonne Energy Center.” [sic.]
Starting, for example, with JSHP which has sold hundreds of transformers in the U.S., what follows is the relationship to the government of the People’s Republic of China, step-by step:
- JiangSu HuaPeng Transformer Co., Ltd., (who manufactured the transformer seized by the U.S. government), is located in the People’s Republic of China.[19]
- JSHP Transformer USA Corporation was registered in California on December 5, 2008.
- JSHP Transformer USA Corporation is a U.S. subsidiary or close affiliate (and certainly an agent) of JiangSu HuaPeng Transformer Co., Ltd.[20]
- The CEO and “General Manager” of JSHP Transformer USA Corporation is “Yunqing (Jim) Cai.”
- Another listed Officer of JSHP Transformer USA Corporation is Hongjin Qian, whose listed address is the same address in China as JiangSu HuaPeng Transformer Co., Ltd.
- Doubletree Systems, Inc. was registered in California on February 9, 2000.
- The CEO of Doubletree Systems, Inc. is “Jim Y Cai.”
- The California address for Doubletree Systems, Inc. and JSHP Transformer USA Corporation is the same.
- Numerous documents I found on Doubletree’s website identifies Doubletree Systems, Inc. as “A XJ Group Company.”[21] (Xuji Group Co., Ltd. d.b.a XJ Group)
- Another page on Doubletree’s website states: “the XJ group and the China State Grid signed a ‘Cooperation Structure agreement’ through China Electric Power Research Institute. Based on the agreement, the China State Grid will acquire 100% share of the XJ group and will become the sole owner of the XJ group.”[22]
- XJ Group’s website says: “XJ Group Corporation, directly subordinate to SGCC [State Grid Corporation of China], is a high-tech modern industry group focused on electric power, automation and intelligent manufacturing.”[23]
- State Grid Corporation of China [SGCC] is a state-owned corporation, owned by the government of the People’s Republic of China.[24]
- Jim Cai’s ‘LinkedIn profile says he is a Director of “C-EPRI” (China Electric Power Research Institute) which is also part of State Grid Corporation of China[25]; President of Doubletree Systems, Inc.; and Manager of JSHP Transformer USA, Inc.[26]
Thus, we have clear connection from Doubletree Systems, Inc. -> XJ Group -> State Grid Corporation of China -> government of the People’s Republic of China.
All Chinese companies have an obligation under the 2017 Chinese National Intelligence Law[27] to “support, assist and cooperate with the state intelligence work.” Moreover, under China’s 2014 Counter-Espionage Law[28] a company may not refuse the Chinese government when asked for information. In fact, according Dr. Murray Scot Tanner’s[29] Lawfare Institute analysis:
“The Intelligence Law, by contrast, repeatedly obliges individuals, organizations, and institutions to assist Public Security and State Security officials in carrying out a wide array of ‘intelligence’ work. Article Seven stipulates that ‘any organization or citizen shall support, assist, and cooperate with state intelligence work according to law.’ Article 14, in turn, grants intelligence agencies authority to insist on this support: ‘state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organizations, or citizens provide needed support, assistance, and cooperation.’ Organizations and citizens must also protect the secrecy of ‘any state intelligence work secrets of which they are aware’.”
Doubletree Systems, Inc. not only imports and markets Chinese-manufactured transformers and other equipment in the U.S., but is sells a variety of grid protection and monitoring products, which according to their promotional materials include:
- POLARIS (substation monitoring system)[30]
- SA200 (substation automation)[31]
- Substation Network Sentinel (SNS)[32]
- Wide Area Measurement System (WAMS).[33] According to Doubletree’s website: “WAMS solution provided is field-proven in Bonneville of Power Administration of WSCC”[34] [35]
- Generator Testing & Model Validation. According to Doubletree’s website: “The standard generator testing and model validation provided by Doubletree Systems, Inc. has extensive experience and has been certificated by Western Systems Coordinating Council (WSCC).”[36]
- A wide variety of XJ Group (SGCC) grid protection and monitoring products[37]
- Special Protection System (SPS)[38]
- Transfer Limits Monitoring[39]
- SCADA/EMS/DMS/DA consulting[40]
In a vendor listing for the 2015 DISTRIBUTECH Conference and Exhibition,[41] Doubletree held itself out as collaborating with EPRI to help the industry comply with NERC’s Critical Infrastructure Protection (CIP) Standards through Doubletree’s Substation Network Sentinel (SNS) product:
Figure 9
In other words, an entity owned or controlled by the People’s Republic of China – which is hacking the U.S. energy sector – is also helping our electric grid “to comply with NERC CIPs.” [North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.]
In fact, in EPRI’s write up on DISTRIBUTCH Conference and Exhibition in 2014[42], they noted:
“Network Security: A kickoff meeting was held on the floor of DistribuTECH for a group of vendors currently interested in participating in the ‘Protective Measures for Securing T&D Systems’ project, which involves validating the mapping of IEC 62351-7 network security events. Vendors currently engaged in the project include SISCO, Ruggedcom, OSIsoft, Doubletree Systems, and Radiflow. Other vendors expressing interest include Cisco, Schneider Electric, and SEL. The project will be driven by use cases developed in early 2014 with proof-of concept implementations to be developed and demonstrated in the EPRI Cyber Security Research Lab throughout 2014.” [Emphasis added.]
It is of great concern that the People’s Republic of China (and its controlling Chinese Communist Party) is marketing equipment or systems to the same U.S. critical infrastructures that multiple U.S. government agencies have confirmed – for years – are the target of China’s past and present cyberespionage, probing, and cyberattacks.
This raises security concerns. But there are no U.S. government requirements or mandatory reliability standards that such equipment or systems be checked.
In sum, it appears that not only are we importing transformers from China, we may be employing grid monitoring systems that have a direct tie to the People’s Republic of China.
In addition to large transformers, official U.S. Import data shows that the U.S. is also importing other critical equipment from China, such as:
- Inverters[43]: The U.S. has imported 171,288,538 inverters from China between 2002 and October 2021. Attached as Exhibit D is a summary from U.S. Census Bureau data showing the imports of Chinese inverters during this period.
- Electricity Meters[44]: The U.S. has imported 3,217,154 Electricity Meters from China between 2002 and October 2021. Attached as Exhibit E is a summary from U.S. Census Bureau data showing the imports of Chinese electricity meters during this period.
These data show that our entire critical electric infrastructure from generation all the way down to the meters on homes and businesses – and everything in between – may be easily compromised or is already compromised by adversaries.
Conclusions:
Official U.S. import data, as well as data from contract bids and from the Chinese companies involved in manufacturing and importing transformers to the U.S. demonstrate that:
- Entities in the U.S. Bulk Power System (BPS) as well as the overall U.S. electric grid are buying critical equipment from the People’s Republic of China to install into our critical electric infrastructure that the Communist regime’s state sponsored and state supported hackers are already probing and attacking.
- There is no requirement that existing Chinese equipment or systems already installed in the electric grid be checked and tested for risks and vulnerabilities.
- There is no requirement that newly imported Chinese equipment or systems be checked and tested for risks and vulnerabilities before being installed on the electric grid.
The U.S. does not have time to rely on voluntary regulation, studies and kicking the grid security can down the road for another day. This approach has historically amounted to what can be best described as inadequate “trickle down grid security.” Meanwhile, adversaries continue to exploit our supply chain vulnerabilities while we continue to help them do so by failing to secure our critical electric infrastructure supply chains.
Recommendations:
The Department of Energy must ensure that mandatory standards address the risks and vulnerabilities presented by the import and installation of equipment or systems originating from adversaries of the U.S., including China. These standards must apply to the entire critical electric infrastructure, including generation, transmission and distribution.
A new supply chain Executive Order[45] and a replacement DOE Prohibition Order[46] would be the fastest and surest way to accomplish this.
Respectfully submitted,
Michael Mabee
Attachments to Supply Chain Review RFI Comments:
Exhibit A – List of Chinese Transformers in the U.S. Electric Grid
Exhibit B – Bills of Lading for Imported Chinese Transformers & Equipment from 2018 to 2020
Exhibit C – U.S. Import Data for Large Chinese Transformers from 2006 to October 2021
Exhibit D – U.S. Import Data for Chinese Inverters from 2002 to October 2021
Exhibit E – U.S. Import Data for Chinese Electricity Meters from 2002 to October 2021
Footnotes to Supply Chain Review RFI Comments:
[1] I have also provided this information to the Federal Energy Regulatory Commission (FERC) in Docket No. EL21-99-000, which is currently pending.
[2] Wall Street Journal, “Electricity Grid in U.S. Penetrated By Spies.” April 8, 2009. https://www.wsj.com/articles/SB123914805204099085
[3] “Worldwide Threat Assessment of the U.S. Intelligence Community.” Before the Senate Select Committee on Intelligence. January 29, 2019. http://bit.ly/357Iakx
[4] See https://www.cnn.com/2021/06/06/politics/us-power-grid-jennifer-granholm-cnntv/index.html
[5] Steve Holland and Doina Chiacu. Reuters. “U.S. and allies accuse China of global hacking spree.” July 20, 2021. https://www.reuters.com/technology/us-allies-accuse-china-global-cyber-hacking-campaign-2021-07-19/
[6] See: https://us-cert.cisa.gov/china
[7] Implications of Power Blackouts for The Nation’s Cybersecurity and Critical Infrastructure Protection, Before the US House, Joint Hearing of the Subcommittee on Cybersecurity, Science, and Research and Development, and the Subcommittee on Infrastructure and Border Security of the Select Committee on Homeland Security, (108th Congress) September 4 & 23, 2003. http://bit.ly/2qV9La3
[8] See: https://www.eenews.net/stories/1060216451/
[9] See: Wall Street Journal. “U.S. Seizure of Chinese-Built Transformer Raises Specter of Closer Scrutiny.” May 27, 2020https://www.wsj.com/articles/u-s-seizure-of-chinese-built-transformer-raises-specter-of-closer-scrutiny-11590598710
[10] See: https://youtu.be/x0EawFC18MI
[11] For details and underlying U.S. International Trade Commission and U.S. Census Bureau data, see: https://securethegrid.com/u-s-electric-grid-imports-more-chinese-transformers/
[12] Id.
[13] See: http://bit.ly/2rzi4IQ
[14] See: https://bit.ly/39tpBMO
[15] See: http://www.jshp.com/news.html
[16] Id.
[17] In addition to JiangSu HuaPeng Transformer Co., Ltd. (JSHP), Doubletree is also listed as the U.S. office/contact or markets for Suzhou Porcelain Insulator Works Co., Ltd. (d.b.a. Suz Insulators); Ningbo Orient Wires & Cables Co., Ltd. (d.b.a. Orient Cables); Beijing Power Equipment Group; Nanjing Electric Group Co., Ltd. (“a Baiyun Power Group company”); TGC (parent: Jiansu Tongguang Electronic Wire & Cable Co. Ltd.); Henan Tong-Da Cable Co. Ltd. (d.b.a. TDDL Cable); Sieyuan Electric Co., Ltd.; Changshu Fengfan Power Equipment Co. Ltd. (d.b.a. CS Tower); China Electric Power Equipment and Technology Co., Ltd.; Jiangsu Shuanghui Power Development Co., Ltd., (d.b.a. JS Hardware); Liling Huaxin Insulator Technology Co., Ltd (d.b.a. HPK Insulators)
[18] Document available at: https://securethegrid.com/wp-content/uploads/2021/08/WAPA-Doubletree-Systems-Bid-and-Contract.pdf
[19] See: http://www.jshp.com/index.html
[20] Note the same U.S. address on the JiangSu HuaPeng Transformer Co., Ltd. website and on the CA Secretary of State Statement of Information. There is also a letter of agency in the WAPA bid, available at: https://securethegrid.com/wp-content/uploads/2021/08/WAPA-Doubletree-Systems-Bid-and-Contract.pdf
[21] See for example: http://www.dsius.com/lib/Library/2002418.pdf and http://www.dsius.com/lib/Library/XJ_Facticer_flyer.pdf and http://www.dsius.com/lib/Library/PMUTester_intro_OETD_Oct.pdf and http://www.dsius.com/lib/Library/papers/WAMS_IEEE_2005.pdf
[22] See: http://www.dsius.com/lib/news.htm
[23] See: http://www.xjgc.com/html/xjen/col2015100652/column_2015100652_1.html. Also see: http://www.sgcc.com.cn/html/sgcc_main_en/col2017112321/column_2017112321_1.shtml
[24] See directory of the State-owned Assets Supervision and Administration Commission of the State Council: http://en.sasac.gov.cn/directory.html
[25] See: http://www.epri.sgcc.com.cn/html/eprien/index.html
[26] See: https://www.linkedin.com/in/jim-cai-5236089/
[27] See: https://www.lawfareblog.com/beijings-new-national-intelligence-law-defense-offense
[28] See: https://www.reuters.com/article/us-china-lawmaking-spy-idUSKBN0IL2N520141101
[29] See: https://www.uscc.gov/sites/default/files/Murray Scot Tanner_Bio.pdf
[30] See: http://www.dsius.com/lib/Library/POLARIS%20brochure.pdf
[31] See: http://www.dsius.com/lib/Library/SA200%20Brochure.pdf
[32] See: http://www.dsius.com/lib/Library/dsi_SNS_flyer.pdf
[33] See: http://www.dsius.com/lib/Library/WAMS-brochure.pdf
[34] See: http://www.dsius.com/lib/wams/wams-1.htm
[35] See: http://www.dsius.com/lib/Library/papers/WAMS_IEEE_2005.pdf
[36] See: http://www.dsius.com/lib/wams/gen.htm
[37] See: http://www.dsius.com/lib/Library/XJ_Products_Brochures_En.pdf
[38] See: http://www.dsius.com/lib/Library/SPS-brochure.pdf
[39] See: http://www.dsius.com/lib/Library/Transferlimits-brochure.pdf
[40] See: https://www.electricnet.com/doc/doubletree-systems-inc-0001 and https://www.poweronline.com/doc/doubletree-systems-inc-0001
[41] See: https://digital.pennwell.com/pennwellevents/dtech_2015_showguide?pg=132#pg132
(Page 131 of the PDF file)
[42] See: https://smartgrid.epri.com/doc/EPRI%20DistribuTECH_Brief_Feb2014.pdf
[43] Harmonized Tariff Schedule of the United States Basic Revision 12 (2021) HT Code: 8504409570 – Inverters. See https://hts.usitc.gov/current.
[44] Harmonized Tariff Schedule of the United States Basic Revision 12 (2021) HT Code: 902830 – Electricity Meters. See https://hts.usitc.gov/current.
[45] See “postponed” Executive Order 13920 “Securing the United States Bulk-Power System” available at: https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-09695.pdf
[46] See revoked DOE Prohibition Order “Securing Critical Defense Facilities” available at: https://www.govinfo.gov/content/pkg/FR-2021-01-06/pdf/2020-28773.pdf, revocation available at https://www.govinfo.gov/content/pkg/FR-2021-04-22/pdf/2021-08483.pdf
[wpedon id=”5868″ align=”center”]