From: David Jonas Bardin Sent: Monday, April 26, 2021 6:16 PM To: Secretary Subject: [EXTERNAL] DoE RFI Bardin Preliminary Comments — submitted April 13, 2021 Dear Secretary Granholm, Please consider my attached 2-page Preliminary Comments to your Department’s Request for Information (RFI). See pdf below and copy below my contact info. I believe your team should be able to answer questions these Preliminary Comments raise and that DoE’s answers should be transparent. ******************************************************************** This message does not originate from a known Department of Energy email system. Use caution if this message contains attachments, links or requests for information. ******************************************************************** Thank you. Faithfully, David Jonas Bardin davidbardin@aol.com +1 (202) 966-7678 Department of Energy (DoE) Notice of Request for Information (RFI) on Ensuring the Continued Security of the United States Critical Electric Infrastructure Preliminary Comments of David Jonas Bardin April 23, 2021 For: Michael Coe, ElectricSystemEO@hq.doe.gov Dear Mr. Coe, Thank you for the RFI published at 86 Federal Register 21309 (Vol. 86, No. 76, April 22, 2021). Herewith my Preliminary Comments. I expect to follow up before the June 7, 2021 deadline. My perspectives Vulnerabilities of our electric infrastructures, and weaknesses in previous Administration’s attempted approach, concern me based on my experiences in and out of government: I served in the then-new DoE, under its first two Secretaries, as a Senate-confirmed Presidential appointee (having previously served as the Deputy Administrator of the Federal Energy Administration). Today, I am an 87-year-old retired member of Arent Fox, LLP, whose pro bono activities have included electric reliability and infrastructure issues. Earlier, I held civil service and SES positions at the Federal Power Commission (1958-69) as trial attorney, assistant general counsel for legislation and rulemaking, and deputy general counsel. These Preliminary Comments are my personal views, submitted solely on my own behalf. Compliance with Executive Order (EO) 13990 of January 20, 2021 President Biden’s EO 13990, which revoked several of his predecessor’s EOs, merely suspended EO 13920 of May 1, 2020, for 90 days and directed the Secretary of Energy (SoE) and Director of the Office of Management and Budget (OMB) to use that time to conclude and recommend whether EO 13920 (Securing the United States Bulk-Power System) should be revoked, retained, or amended. The 90 days are over. Have the SoE and Acting OMB Director reached a timely conclusion? If so, what is it? I believe they should (and trust they have or will) recommend stronger and more effective protections — for installed as well as yet-to-be-procured equipment — than the previous Administration achieved to secure the bulk-power system and other critical electric power facilities, and to safeguard the public. I therefore anticipate they will recommend that President Biden’s Administration carefully improve and strengthen EO 13920 of May 1, 2020, by fixing defects and better enforcing its implementation. All of Department, not just Office of Electricity (OE) Please confirm that SoE Granholm intends to enlist all of DoE, not just OE, to improve and strengthen EO 13920 and to fix its defects and better enforce its implementation. I urge that all of DoE include roles for the Energy Information Administration (EIA), agreed to by its Administrator. Concerns which an improved and strengthened EO 13920 should address Please explain how DoE will face up henceforth to vulnerabilities involving large transformers, small sensors, and everything in between. — Have SoE Granholm and Deputy Secretary Turk been fully briefed about (a) circumstances and feared back-door vulnerabilities which led to seizure of an imported large transformer at the Port of Houston, Texas, and its trucking to Sandia National Laboratories (SNL) for analyses (as reported by the Wall Street Journal), and (b) about SNL’s conclusions? — Has DoE identified locations and ownerships in the United States of other sensitive, possibly vulnerable imported equipment? — Has DoE found practical ways to warn owners of such equipment about vulnerabilities they may face? — Has DoE briefed appropriate Congressional leaders or committees? — Had DoE modified past extreme secrecy policies? Who needs to know, in DoE’s current view? (Acting Assistant Secretary Hoffman declined to answer even whether “appropriate” briefings about SNL conclusions had been given to anybody.) Is a vulnerable, large imported transformer now operating at the Western Area Power Administration (WAPA) substation in Ault, Colorado where it was installed? (This WAPA substation serves the high-voltage intertie between the Powder River Basin in Wyoming in the Western Interconnection of the electric power grid and the Eastern Interconnection of the electric power grid — one of only a few East-West interties.) — If yes, have the vulnerabilities been addressed? — What could an improved and strengthened EO 13920 do to avoid such vulnerabilities in the future and to mitigate current risks? Cybersecurity How and where does RFI address control system cybersecurity? Does RFI seek comments and information as to control system cybersecurity? Respectfully submitted, David Jonas Bardin