The US signing of the CHIPS and Science Act of 2022 is a major advancement for supporting the NERC mandated Supply Chain Risk Mitigation Program. There are no NERC mandates for this, however this funding supports supply chain management. There are two reasons for this. First, outsourced chips are in itself a supply chain risk that can not only be affected by transportation or resource constraints, but also from political differences (Taiwan for example).
The major cybersecurity risk however, is that companies (utilities or suppliers to utilities) rarely have the resources or expertise to vet virus embedded chips from foreign countries. Not that foreign manufacturing is bad, but risks are increased with multiple parties. Building our North America based infrastructure is simply good business, even if it ultimately costs a little more.
- Darrell Massie