The Still-Untold Story of Electric Grid Insecurity

Episode 346 of the Cyberlaw Podcast

|

It's a story that has everything, except a reporter ready to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern. The Trump administration was galvanized by the threat, even seizing Chinese power equipment when it arrived in the US to do a detailed breakdown of the gear and then issuing an executive order and follow-up rulings designed to cut Chinese products out of the US grid supply chain.

Yet now the Biden administration has suspended this order for 90 days – the only Trump cybersecurity order to be called into question so far. Industry lobbying? Chinese maneuvering? Tech uncertainty?  No one knows, but Brian Egan and I sketch the outlines of an irresistible story that will surely reward a persistent journalist.

The SolarWinds story, meanwhile, needs a new moniker, as the compromises spread beyond SolarWinds distributions, reaching victims like Malwarebytes. Increasingly, it looks as though Microsoft and its cloud are the common denominators, Sultan Meghji and I observe, but that's one moniker the story will never acquire.

In other cyber TTP news, the Chinese are stealing airline passenger reservation data, Sultan notes. Maybe they're just trying to find out when Mike Pompeo next plans to come to China so they can meet him at the airport and enforce their latest sanctions – no Great Wall tours for you, Mr. Secretary!

This is our last week of Trumpian cyber news, so we wallow in it. President Trump also issued a last-minute order calling for an assessment of the security risks of Chinese drones, Maury Shenk tells us. And Brian unpacks the other last-minute Trump administration order requiring U.S. U.S. cloud providers to know which foreigners they are selling virtual machines to.

I claim victory in my short letter to Secretary Mnuchin, suggesting that, instead of jamming a cryptocurrency regulation through on his watch, he concentrate on convincing Secretary-designate Yellen to carry the project through.  If he took my advice, it seems to have worked. Sultan reports that she is showing signs of wanting to "curtail" cryptocurrency. In other news, Sultan boldly predicts the advent of interplanetary cryptocurrency in Elon Musk's lifetime.

Brian and I unpack the latest Cyberspace Solarium Commission product—its persuasive Transition Book for the Biden administration. I predict that the statutorily mandated cybersecurity director it recommends will have to be subordinated to the Deputy National Security Adviser for cybersecurity if the office is to be accepted in the White House.

And in quick hits: Maury covers the surprisingly robust European enforcement of employee protections against video surveillance. I explain Parler's loss in trying to overturn the AWS ban that pushed it off the internet. Sultan explains why the Biden Peloton is a cybersecurity risk, and I tip my hat to the President's physical fitness. I summarize the Mike Ellis story; he held the job NSA's general counsel for about a day before a political witch-hunt caught up with him, and he may never serve another day.

And, finally, a little schadenfreude for the European Parliament, which is being investigated by the EU's lead data regulator for poor cookie notices on a website it set up for MEPs to book coronavirus tests. The complainant? Max Schrems, who is now well on his way to becoming as unpopular with European politicos as he is in the U.S.

And more!

Download the 346th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

NEXT: Classes #3: Unprotected Speech and Law and Judges

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I summarize the Mike Ellis story; he held the job NSA’s general counsel for about a day before a political witch-hunt caught up with him, and he may never serve another day.

    Not a witch hunt. Ellis is unqualified, and a likely Trump mole.

  2. The energy grid takeover already happened. It was in California in 2000 and it was orchestrated by corporate interests and sold to the public as an “energy crisis” (and most still believe that’s what it was). Why worry about the Chinese? The greater threat is in our own boardrooms.

  3. Will a ChiCom blackout finally wake people up?

    1. No.
      Next question?

  4. Once upon a time there was an electric grid. Things were fine. Once in a while something went wrong, but overall it worked ok. Predictions about it not working well were wrong almost all the time, but were correct on very rare occasions. The end.

  5. “Yet now the Biden administration has suspended this order for 90 days – the only Trump cybersecurity order to be called into question so far. Industry lobbying? Chinese maneuvering? Tech uncertainty? No one knows, but Brian Egan and I sketch the outlines of an irresistible story that will surely reward a persistent journalist.”

    Reward them with a quick trip to the unemployment line you mean.

    1. The Chinese firm Hunter is involved with has a heavy investment in more than one company supplying electrical utility equipment.

  6. I do not understand. Why is our weak legalistic system reply so limp wristed? Shut down the lawyer scumbag legalistic approach, taking years to prosecute one guy, while billions of hacks are allowed.

    Replace the scumbag lawyer approach with programs that will cause the cell phone of the hacker to send messages about his location 5 times a second, so the killer drones with facial recognition can be sent. All collateral damage to family and neighbors is immunized, and the bigger the better, to deter.

    Then, have their computers short out and cause a fire. Embed Tik Toks showing their having sex with animals, and send them to the entire contact list of the hacker. Don’t we have the technology to do that? Such a video should be an antecedent and a warning to avoid the vicinity of the hacker, because a drone is on its way.

  7. I looked at the headline, and thought, “All right! Someone is finally going to take a look at the collapse of maintenance on electric grid rights of way.”

    Pretty disappointing to find out its only speculation about a commie plot.

  8. Emerald Robinson completely stumps @jrpsaki (Biden spokeswoman) when she asks about Biden allowing China into our power grid.

    “I have to… uh… i think I tried to… uh… I’ll have to… circle back with you, directly on that specific piece.”

    How do you sign an EO in conflict with your statement on China, and not expect that question?

Please to post comments