Testimony Before the U.S.-China Economic and Security Review Commission: Protecting U.S. Energy Infrastructure from Strategic Risks
By Patrick Miller
On April 24, 2025, I had the privilege of delivering both oral and written testimony to the U.S.-China Economic and Security Review Commission (USCC) during their hearing on "China’s Domestic Energy Challenges and Its Growing Influence Over International Energy Markets." Specifically, my panel was on “The Risk of Chinese Components and Critical Minerals in Global Energy Infrastructure.”
This hearing could not have been more timely. China's expanding influence over global energy markets—and its growing footprint inside U.S. critical infrastructure—represents a complex and evolving risk that demands serious, coordinated action.
My testimony focused on a critical but often overlooked dimension of this risk: the cybersecurity and supply chain vulnerabilities introduced through Chinese-manufactured equipment embedded across the U.S. electric grid and broader energy infrastructure.
Why This Matters
While most discussions of grid modernization focus on cost, reliability, and carbon reduction, the geopolitical and cybersecurity dimensions are now impossible to ignore. State-sponsored Chinese actors are actively pre-positioning inside our energy infrastructure, using access to compromised hardware, software, and communications platforms as strategic leverage.
This is not theoretical. It is already happening—and in a future conflict scenario, these latent threats could be activated with devastating consequences for U.S. national security, economic stability, and technological leadership.
Our ability to maintain energy dominance, support the AI and quantum computing revolution, and protect critical manufacturing hinges on resilient, secure, and trusted infrastructure. Energy security is no longer just an economic issue—it's a fundamental component of national defense.
Key Themes from My Testimony
Persistent Pre-Positioning by Adversaries
Chinese state-backed groups like Volt Typhoon have shifted from espionage to operational pre-positioning, embedding themselves in energy, water, and telecommunications networks to enable potential future sabotage.Insecure Supply Chains Create Strategic Vulnerabilities
Transformers, load tap changers, battery storage systems, and monitoring devices sourced from Chinese manufacturers often come with embedded firmware risks, remote update capabilities, and opaque supply chains—creating hard-to-detect threat vectors.Regulatory Gaps Must Be Closed
While NERC CIP standards have strengthened cybersecurity for large generation and transmission entities, new classes of risk are emerging from distributed energy resources, vendor-controlled assets, and aggregators.
Current frameworks leave major portions of our evolving grid outside formal governance structures.A Full "Rip and Replace" is Not Feasible—But Resilience Is
The installed base of foreign-sourced grid equipment is vast.
Rather than pursuing an impractical mass replacement, we must harden, monitor, and compartmentalize existing systems, using Cyber-Informed Engineering (CIE) practices to ensure mission continuity even when compromise occurs.Strategic Competitiveness Depends on Energy Resilience
The U.S. must recognize that AI, quantum computing, advanced manufacturing, and economic competitiveness depend on access to abundant, reliable, and secure energy.
Allowing adversarial actors to hold latent control over energy infrastructure puts every other national priority at risk.
Specific Policy Recommendations
Create a National Supply Chain Security Baseline for critical energy components, tracking vulnerabilities at the firmware, software, and hardware level.
Mandate Cyber-Informed Engineering (CIE) across critical infrastructure sectors, prioritizing isolation, monitoring, and resilience.
Modernize NERC CIP and Create New Governance Models for emerging threats from DER aggregators, vendor platforms, and grid-edge devices.
Incentivize Domestic and Allied Manufacturing for critical grid components, similar to industrial strategies seen in the CHIPS and Science Act.
Expand Federal Testing and Reverse Engineering programs for field-deployed foreign equipment.
Drive International Standards Alignment to reduce PRC influence in global energy markets and technology platforms.
Fund Targeted Contingency Planning for consequence-based incident response across the energy sector.
You can access the materials here:
Final Thoughts
Our adversaries are patient. They are not waiting for a conflict to start building leverage—they are laying the groundwork now. We must respond with equal patience, persistence, and strategic vision.
Protecting America's energy infrastructure is not simply about cyber defense—it is about preserving economic freedom, technological innovation, and national security for the next century.
I’m honored to have contributed to this important conversation, and I look forward to working with policymakers, industry leaders, and the broader community to build a safer, stronger future.
Thank you to the Commissioners, staff, and fellow experts for the opportunity to contribute to this important dialogue.
