Chinese-made technology in U.S. critical infrastructure: an interview with Patrick Miller
By AMPYX CYBER STAFF
Patrick C. Miller of Ampyx Cyber is going to testify in front of the Senate U.S. - China Economic and Security Review Commission on Thursday, April 24, at the hearing on "China’s Domestic Energy Challenges and Its Growing Influence over International Energy Markets.” His testimony at 11 am ET is viewable live here.
Q: What are you testifying about?
A: My testimony is about the Chinese threat to power systems in the U.S. for the Senate U.S. - China Economic and Security Review Commission.
Q: What is your experience in this area?
A: I have 35 years in cybersecurity, primarily in the electric sector, with a long history with the technologies and a global view of China's practices, not just in the U.S., but around the world.
Q: What are the risks associated with the U.S.'s use of China's technology?
A: China has already shown that they are laying the groundwork for using U.S. infrastructure as leverage, whether through trade negotiations or through actual kinetic warfare, to pressure the U.S. into capitulation. They play a long game, a slow game.
Q: What is an example of the kind of technology in place that is a risk?
A: Many inverters and inverter-based resources have Chinese technology, things like solar and wind and battery storage, pump storage. There's a lot of research showing that the technology has many vulnerabilities. Forescout recently published a report showing a large number of problematic inverter vulnerabilities. That's just one of the reports showing problems. The Department of Energy's Battery Energy Storage Systems report, or BESS, at the end of 2024, illustrates the massive problems at hand -- showing, for example, that 90% of solar inverters are made in, or source parts from, China -- and discussing the many vulnerabilities that as a result exist in U.S. critical infrastructure.
Q: Are there other inverter options available, or are the only ones Chinese-made?
A: Most of them are either from China, or Chinese products or software. So, there aren't a lot of options yet. We're essentially having to live on a diet of poison fruit for a while.
Q: How did we get here and what can we do about it?
A: China has been producing enormous amounts of inexpensive technologies to go into our infrastructures and we've already identified some with backdoors. We've identified that many of them 'phone home.' We have not reverse-engineered enough of them to understand the actual scope of the potential threat, but the technology is everywhere in our telecom, power system and many other infrastructures. We're still figuring out solutions beyond what we already do in terms of things like isolation and monitoring the traffic. We're looking at things like, "How do we repurpose the technology with our own firmware -- or other solutions -- so that we don't have to rip and replace everything?"
Ripping and replacing is enormously expensive and takes a lot of care and engineering. You have to redesign the system in many places. You can't just replace it all. But we may be able to do things like use our own firmware on Chinese-made technologies to mitigate the vulnerabilities. We’re exploring the options and I'm going to talk about potential solutions in front of the Senate Commission, laying out our best path forward.
