The White House has blacklisted the Chinese telecommunications companies that dominate the market for 5G wireless systems.
For months, Trump administration officials have hopscotched across Europe to warn governments that China’s telecom giants are duplicitous and their real aim is to spy on the West.
But one layer under the high-profile U.S.-China telecom fight are concerns about other core technology that rolls off China’s factory lots. In the U.S. energy sector, China’s emergence as a maker of large power transformers has grabbed the attention of industry executives and U.S. officials. Transformers are the backbone of America’s power grid.
"There have been over 200 Chinese transformers that have come into the U.S. energy sector in the last 10 years," said Charles Durant, deputy director of counterintelligence at the Department of Energy. "Before that, there were zero."
Karen Evans, DOE’s assistant secretary for cybersecurity, energy security and emergency response, said her office is looking at the supply-chain threat posed by transformers. "We know the risk associated with that," she said.
Yet against the backdrop of a U.S.-China trade war, security experts rush to separate fact from fiction when scrutinizing a vital grid component often sourced outside U.S. borders.
In a global economy, Durant pointed out, any transformer manufacturer could be sourcing parts from China. "The rules say you have to go to the lowest bidder," he said. "Most transformers come from overseas."
Electricity flows out of step-up transformers at the high-voltage levels needed to move power over long-distance lines. Then transformers on the other end step down the voltage for delivery to homes and businesses.
They’re the electrical equivalent of on- and off-ramps to major highways.
Security planning for the power grid has centered on threats to the approximately 2,000 extra high-voltage transformers that carry 345 kilovolts of power or more, since these units — often containing several hundred tons of steel, copper and aluminum — cannot easily be replaced.
"Without sufficient spares or timely access to replacements, the loss of large power transformers can result in severe disruptions for long periods of time," said Ken Collison, vice president of energy consulting at ICF.
About 85 percent of new utility transformer orders have come from abroad in the past decade. Since 2010, domestic production has increased, but DOE reported in 2017 that only one U.S. manufacturer produced the special-grade electrical steel required for transformer cores.
Chinese producers have stepped in to fill the gap.
In 2010, JiangSu HuaPeng Transformer Co. delivered a 345-kilovolt large power transformer to a utility in Oklahoma, according to company marketing materials, teeing up a boomlet in U.S.-bound large power transformers, or LPTs. Just two years later, the Changzhou-based manufacturer boasted that it supported 10 percent of New York City’s electricity load.
German conglomerate Siemens and Swiss manufacturing giant ABB Group are among the largest foreign transformer manufacturers to invest in factories in China.
"The actual iron core and copper coils [inside the transformers], I don’t think the origin of that is any real concern," said Craig Stiegemeier, an ABB product manager for transformers. "ABB builds those in more than 50 countries around the world. There is nothing that inherently comes on the transformer that’s at risk."
Instead, he indicated that components added to transformers such as digital monitoring devices and remote sensors could open the door to hacking. Such devices could monitor power loads, equipment temperature, oil levels or other vital signs.
"Most manufacturers have some kind of smart devices in the transformer so you can understand the condition of the equipment. If those devices are tampered with, it could have a significant cyber impact," Stiegemeier said.
For instance, a false alarm signaling the need for maintenance or replacement of a "smart" transformer could pose a hazard. So could manipulating "tap changers" that set voltage levels, or the temperature gauges that trigger fans, he said. A hacker could, at least in theory, cause a digitized transformer to overheat.
"Utilities are taking this really seriously," he said. "They are looking to the traceability of every component, potentially down to the chip level, to make sure they know what the origin of the component is."
Multiple sources in the utility industry confirmed the vetting process in place for multimillion-dollar pieces of equipment like high-voltage power transformers.
Power companies typically dispatch "expert witnesses" to manufacturing plants to monitor transformer production from the outset, and various parts of the transformer, from the tap changers to the stacked-pancake bushings, undergo rigorous testing before being installed in the grid.
"If that thing catches on fire, it’ll require a foam truck or better to put it out," noted Patrick Miller, managing partner at Archer Energy Solutions. "The whole substation would likely burn. That creates a much bigger problem than just a bad transformer."
Unlike China’s telecom giants Huawei and ZTE, where concerns over cyberespionage or "logic bombs" are paramount in U.S. national security circles, counterfeit or faulty parts are seen as the larger threat in power transformers.
"Transformer components are not typically sensitive; they do have sensors, pumps and fans that utilities use to monitor and maintain cooling," noted Chris Sistrunk, principal industrial control system consultant at cybersecurity firm FireEye. "If the transformer has manufacturing defects or is installed incorrectly and there is a failure, there’s language in the contract to cover liability."
A deliberately faulty or booby-trapped component has yet to be uncovered in any Chinese equipment, whether in hardware or software. Still, U.S. national security officials say the potential for subversion is every bit as dangerous as more direct threats to supply chains.
Suspicion within the Trump administration and Congress about security risks tied to China’s Huawei is a heavy burden for the company, said Paul Triolo, geotechnology practice leader at the Eurasia Group consultancy, during a recent podcast for the SupChina digital media site.
"Huawei is a global company, operating in 170 countries. If it became clear that Huawei was simply an arm of the Chinese government and was doing Beijing’s bidding at every turn, then they wouldn’t be able to operate as a global company," he said. "The problem here is that the company is forced to prove a negative; it’s really difficult."
Chinese leaders are likely to make the case against trade protectionism and security concerns at the second Belt and Road Forum for International Cooperation, which kicks off this week in Beijing. Russian President Vladimir Putin, among other global leaders, is set to attend.
"All too often in this context, the security of a product or service, or the threat from a company that sells it, is debated as if the test is binary: whether there is proof, a ‘smoking gun,’ so to speak, that the company in question is currently breaking the law by, say, conducting illicit surveillance," said Adam Hickey, deputy assistant U.S. attorney general, at a recent telecom conference.
"But whether a company has a culture that promotes theft, dishonesty or obstruction of justice is just as relevant," he said. "It tells you how the company will behave when it suits its interests."