"President Donald Trump signed an executive order on May 1 last year prohibiting bulk power system equipment from foreign companies in the U.S. grid,"

Ahem.

Industrial Control Systems (ICS), such as those which control energy management currently have no certifications nor requirements to meet before being placed in Federal facilities...and those are US-owned!!! That is, unless they are vendor-supplied from overseas to locations that are overseas..like say, a military base in Italy using Italian HVAC/ICS/SCADA, which for logistics, makes sense. Now add China back into the mix? Bruh...

"Analysts believe this means that the United States will set up a whitelist for the procurement of such equipment."

That would be Common Criteria or an ICS spinoff of Common Criteria (https://www.commoncriteriaportal.org/). Perhaps not focusing solely on IA-enabled ICS because some of those are rather "dumb" and do not perform actions such as passing credentials/storing passwords/enacting authentication. If that effort gets stood up, they build labs to test equipment which handles IA-enabled operations and overall security functionality of the systems they purchase. Along with that, they'd need to standardize a LOT of ICS. When I say a lot, I mean .. let's say there were 50 Navy bases, the chance that all 50 use the same energy management is 0. There will be 10+ different vendors and that doesnt account for releases/versions of hardware and software at each location from the same vendor. You could have Johnson Controls System v4 at one base, and v8 at another, and they'd be wildly different. Now hypothetically I will hazard a guess that there could be as many as 840 ICS over say.. 60 federal locations, and 700 of them are all different... I totally made that up. Now take that math and extrapolate that for every federal building/military location... get a number yet? I cant.. that's high.

So what this EO is doing is introducing more unknowns in a place we already have a ton of unknowns and doing so from a country we already cannot purchase IA-enabled products from, being that China-supplied products are outright forbidden. I dont care how good your DMZ platform is.. if the energy supplied it goes down, and your generator goes down too.. because there are backdoors galore in it. That's assuming you have cybersecurity measures in place for your ICS in the first place. Yep.

That's about all I can - TOTALLY GUESS ON - regarding Federal ICS and issues we could possibly have with allowing China in a already fragile ecosystem with little to no cyber oversight.

• I totally guessed on all this. yep