On May 1, 2020, President Donald Trump signed Executive Order 13920 which directed utilities not to purchase bulk power systems from “adversaries.” It is believed this order was the result of what was found in a WAPA transformer at the Ault substation outside Denver in the summer of 2019.
One man has been relentlessly pursuing the issue of backdoors and vulnerability of the utilities. He is Joe M. Weiss, an engineer who has become an activist. Weiss has struggled to direct the attention of anyone who will listen to what he sees as the weaknesses in the cybersecurity of the electric utilities and therefore of the grid. A veteran of the Electric Power Research Institute, he is now the managing partner of Applied Control Systems in Cupertino, California.
Weiss’s basic argument is that the real danger to the grid may lie not in the networks, but rather in the industrial controllers and the hardware, like the transformers and turbines. Contributing to this danger: engineers who manage the industrial control systems used to be responsible for their cybersecurity but have surrendered that function to computer engineers. IT and OT (operational technology) has taken over from the engineers. These sensors and controllers, which are the workhorses of modern industrial systems, are fundamental in electric utilities and other critical infrastructures: shutting, opening, assigning, and generally running the systems. The problem, according to Weiss, is that they are vulnerable to being disrupted by bad actors without the normal IT alerts being sounded.
https://www.forbes.com/sites/llewellynking/2021/01/28/how-the-supply-chain-in-heavy-bulk-power-equipment-is-vulnerable-to-undetected-cyberattack/?sh=2319631f7213