FERC’s failure to protect America’s electric grid: A national security blind spot

AdobeStock_951293959

On October 1, 2024, the Federal Energy Regulatory Commission (FERC) delivered its long-awaited decision: it denied the complaint that was filed by Michael Mabee three years prior, on August 26, 2021. Mabee’s complaint had warned of a critical and growing vulnerability—massive power transformers manufactured in China, now embedded across the U.S. electric grid. These transformers, essential to the operation of the Bulk Power System, could potentially serve as backdoors for hostile actors to disrupt the nation’s power supply, but FERC’s response has been nothing short of federal indifference.

Despite waiting three years to respond, FERC’s denial does little to address the profound national security implications raised in Mabee’s complaint. These concerns are not hypothetical. In one documented instance, a transformer manufactured by China’s Jiangsu Huapeng Transformer Company, weighing 500,000 pounds, was seized by federal officials and sent to Sandia National Laboratories. Though many details of the findings remain undisclosed, it was revealed by Latham Saddler, the former the former Director of Intelligence Programs at the National Security Council under the previous administration that the transformer contained hardware that could allow “somebody in China to switch it off.” The discovery of such a backdoor device underscores the precarious state of America’s electric grid, yet FERC’s inaction continues.

Mabee’s Complaint had outlined clear, reasonable steps to mitigate these risks:

  1. The Federal Energy Regulatory Commission should direct the North American Electric Reliability Corporation (NERC) to conduct a comprehensive survey of all registered entities in the Bulk Power System to determine what Chinese equipment or systems are currently in use in the Bulk Power System.
  2. The Federal Energy Regulatory Commission should direct NERC to submit to the Commission a proposed reliability standard for testing and security of Chinese equipment or systems currently in use in the Bulk Power System or purchased for future use.
  3. The Federal Energy Regulatory Commission should work with all State Public Utility Commissions to encourage adoption of the reliability standard promulgated as a result of #2 above (or a state equivalent standard) for the protection of generation and distribution portions of the electric grid under state jurisdiction.

Unfortunately, FERC did not embrace any of these suggestions in full. Instead, the commission chose to ignore the growing threat posed by Chinese-manufactured transformers.

A Threat Ignored

FERC’s refusal to act stands with other federal actions failing to acknowledge the risks of Chinese-made equipment. Breaking with that convention in 2020, President Trump signed Executive Order 13920, which directed the Department of Energy to protect the grid from foreign adversaries. The order empowered the federal government to address vulnerabilities in the Bulk Power System. However, by early 2021, the Biden administration had suspended and ultimately nullified EO 13920, dismantling the most effective security measure designed to prevent catastrophic grid failures due to foreign interference.

Mabee’s complaint was filed as a direct response to this lapse in protection. He sought to restore some semblance of national security foresight, understanding the urgency of the problem. His argument was backed by compelling data. At the time of his filing, the U.S. had imported 366 liquid dielectric transformers from China, with 294 of these exceeding a power-handling capacity of 100 megavolt-amperes (MVA)—critical pieces of infrastructure that could be sabotaged remotely.

The problem has only grown worse. By December 30, 2023, U.S. imports of large power transformers from China increased to 449 transformers exceeding 10 MVA, with 366 exceeding 100 MVA. These are the transformers most vital to the functioning of the grid, and they have steadily become more prevalent, creating new opportunities for hostile actors to exploit.

FERC’s Inadequate Response

FERC’s October 2024 Denial acknowledges the gravity of the situation in part, but it fails to go far enough. While the denial references NERC’s ongoing Supply Chain Risk Management (SCRM) program and the existence of cybersecurity protocols, these measures are insufficient. Mabee’s complaint was not premature, as FERC suggested; it was prescient, foreseeing a looming disaster that FERC itself has only begun to address, halfheartedly.

In Paragraph 32 of the Denial, FERC touts its Notice of Proposed Rulemaking (NOPR) from September 19, 2024, claiming that it will strengthen supply chain protections. However, these actions fall far short of what is needed. Mabee’s demands for thorough testing, state-level protections, and strict reliability standards remain largely unfulfilled. FERC’s NOPR is an incremental step forward, but it does not confront the magnitude of the threat that China poses to the grid.

Worse, FERC appears to be positioning itself to take credit for the very solutions Mabee proposed three years earlier. By launching its NOPR just days before issuing the Denial, FERC hopes to undermine the significance of the complaint, avoiding the perception that an outsider identified the correct path to safeguard America’s infrastructure.

The Consequences of Inaction

The numbers tell the story. For recent historical perspective, from 2006 to 2009, the U.S. imported just 15 transformers exceeding 100 MVA from China. Fast forward to the most recently reported four-year period, 2020 to 2023, during which time that number has ballooned to 126 transformers of the same extra-large capacity. This explosive growth has created a national security vulnerability of unprecedented scale.

Should some of these massive transformers be compromised, the effects could cascade into a nationwide, longterm blackout. The ability of foreign actors to cripple our critical infrastructure is no longer a theoretical risk; it is a reality that federal regulators are still not taking seriously enough.

The Need for State-Level Action

Given FERC’s abdication of its responsibility, it is now up to the states to step in. More stringent state-level requirements will be needed to protect national security, our homes, and families. States must adopt robust standards for testing and securing Chinese-made equipment, going beyond what FERC has been willing to do. Only by recognizing the scale of the threat and implementing comprehensive protections can we hope to secure the nation’s electric grid from a devastating cyber-attack.

It is clear that FERC’s actions, or lack thereof, leave the U.S. vulnerable to foreign interference in its most critical infrastructure. For the sake of national security, it is time for states to lead where federal agencies have faltered.

Please Share: