Key Takeaways from the White House’s ‘America First Investment Policy’ Memo

The Power of Illumination to Strengthen Electricity Supply Chains

February 24, 2025

Article

Introduction: Threat Summary

Adversaries can hold the U.S. power grid at serious risk through exploiting its heavy reliance on foreign-manufactured High-Voltage Power Transformers (HVPTs) and their critical components.

Exiger’s illumination of the HVPT supply chain uncovered four key threats:

Cybersecurity vulnerabilities – Transformers rely on logic-bearing components sourced from China and Hong Kong, exposing the grid to potential malware, tampering, and remote shutdowns.
Regulatory and legal risks – Over 100 companies in the supply chain source components from entities linked to Uyghur forced labor, creating compliance challenges.
Geopolitical instability – The U.S. supply chain is overwhelmingly dependent on foreign suppliers, making it highly vulnerable to trade disputes and political tensions.
Material shortages – The U.S. has only one significant domestic producer of grain-oriented electrical steel (GOES), a key transformer material, potentially creating a major supply bottleneck.

With 80% of transformers imported and lead times exceeding 120 weeks, any disruption — whether from cyberattacks, trade restrictions, or supply instability — could severely impact national security and grid reliability.

How We Got Here

Large Power Transformers (LPTs) are a critical component of the U.S. electrical grid, with a significant projected increase in demand over the coming years to handle electrification trends. As the National Infrastructure Advisory Council found in 2024, “Rising demand for transformers has exacerbated supply chain challenges, driven by increasing electrification across the U.S. and global economies, the build-out of renewable electricity generation, and growth in large-load customers such as data centers.”

Newly manufactured LPTs are currently experiencing significantly long lead times, of up to 210 weeks. Manufacturing new LPTs is extremely import-reliant at all levels of the supply chain, from raw materials through to finished products. Consequently, the already stressed LPT supply chain is vulnerable to impacts from trade shocks, regulatory changes, or disruptions from natural disasters.

Perhaps more worrisome is that, given the tenuous nature of LPT availability, the supply chain is also vulnerable to security flaws introduced through supplies that have foreign ownership, control and influence concern (FOCI) from potentially adversarial nations. Reliance on foreign-manufactured logic bearing components for High Voltage Power Transformer (HVPT) systems and other components of the bulk power system has created pathways for the introduction of malware and backdoors, examples of which have already been discovered.

Addressing and anticipating supply chain vulnerabilities in the HVPT market is a national security imperative, and critical for electric utilities to meet reliability requirements.

Action to Address Bulk Power

President Trump signed an Executive Order in May of 2020 that prohibited any acquisition, importation, transfer, or installation of any bulk-power system electric equipment that presented undue foreign ownership, control and influence risk. That authority was sunset by the Biden administration. But with the new Trump administration in place, there is movement in policymaking circles for similar action, and it is important that the security of a critical aspect of the electric sector is prioritized.

In anticipation of such action, Exiger recently analyzed the High Voltage Power Transformer market to help prepare for new efforts to secure the bulk power supply chain. Among the key findings in our analysis were:

1. The power transformer market is dominated by foreign entities. Of the 33 HVPTs identified as market players, only two are headquartered in the United States — General Electric and Niagara. The vast majority of HVPT and HVPT component manufacturing is conducted in South and Southeast Asia, with India and China leading.

Exiger Insight:
As of 2019 over 80% of new HVPTs in the U.S. were imported. Many of those come from countries that are generally seen as trustworthy (see map); but others are not, and the ownership and manufacturing of most elements of HVPTs are still largely done outside of the United States. In response to global transformer supply shortages and extended lead times, multiple HVPT manufacturers announced plans in 2024 to expand operations and increase production capacity worldwide, including in the U.S., potentially alleviating global supply constraints. This is a long-term effort, however, and in the meantime the United States must rely on international players.

2. In addition to the transformer market itself, the HVPT supply chains are also dominated by foreign entities. Less than one-third of companies involved in the HVPT supply chain are U.S.-based. Our analysis shows that India and Germany are the top supplier headquarters locations outside the U.S., accounting for at least 12% of supplier countries each. China, Japan, and South Korea account for nearly 20% of supplier countries across three levels of bills of material.

Exiger Insight:
As an example of a key supply for HVPTs, laminations for stacked cores, along with stacked and wound cores, are largely imported, even for those transformers manufactured in the U.S. In 2019, 88% of laminations were imported, and 75% of wound cores were imported. Laminations largely came from Canada and Mexico, currently the subject of potential tariffs. Stacked and wound cores were frequently supplied by China, currently the subject of potential tariffs and broader geopolitical tension. Additionally, in Exiger’s mapping of the component and subcomponent supply chains for HVPT global manufacturing, there were six products with no identified U.S. suppliers.

3. Of particular concern are logic-bearing devices. Transformer systems rely on logic-bearing devices, such as relays, which are critical to managing the flow and integrity of electrical power. Exploiting these systems via cyberattacks or sabotage could potentially result in equipment damage and cascading outages.

Exiger Insight:
Seven transformer manufacturers directly source logic-bearing components from China and/or Hong Kong, potentially compromising the security and integrity of their products. In the past five years, there have been multiple instances of preinstalled malware and backdoors in China-origin devices, including one instance in 2019 involving a transformer that was discovered to contain hardware potentially enabling remote shutdown.

Additionally, Exiger analysis has shown that China is a major indirect provider of other components to U.S. critical infrastructure, with printed circuit boards (PCBs) sourced from China, often acquired through Electronic Manufacturing Services (EMS). For instance, a European HVPT manufacturer, with U.S. manufacturing facilities, imported PCBs from a Singapore-based company, but those PCBs were manufactured in China and shipped. The Singapore company had recently been sold to a company backed by a Chinese state-owned entity.

4. In addition to cyber risks, there are some specialty materials available in the U.S. that are subject to high concentration risk. For instance, grain oriented electrical steel (“GOES”) is only manufactured by one U.S. company, AK Steel Holdings Corp. In recent years, AK Steel has warned that it may be forced to close U.S. operations due to competition from lower-cost foreign imports, and has had to close multiple production facilities.

Exiger Insight:
In addition to trade and market-related concerns, components such as GOES can also be threatened by regulatory impacts. For instance, in 2023 the U.S. Department of Energy proposed a rule on transformer efficiency, which would have effectively required transitioning from GOES to amorphous steel. Amorphous steel is similarly concentrated, with a single U.S. manufacturer, Metglas. Metglas faces competition from low-cost imports, and would be unlikely to be able to meet the sudden surge in demand from such a regulatory change.

Mitigating the National Security Risk

Whether the Trump administration re-issues a new version of the Bulk Power Executive Order, there is no doubt that strengthening the security and resilience of the HVPT supply chain will be a focus of national security efforts, given the importance of HVPTs as critical infrastructure. Cyberattacks on critical infrastructure from groups like Salt Typhoon or Volt Typhoon will continue to bring focus on all threat vectors to critical infrastructure. Given the state of the HVPT supply chain, the threat posed by logic-bearing components sourced from adversarial nations poses a particularly sensitive risk.

Utilities should continue to look for alternative suppliers — to include working with their vendors to identify sub-tier risk — and utilize their industry and policy leverage to help build out a more secure supply chain. Government and industry partnership efforts should remain focused on identifying the most critical supply chain vulnerabilities and incentivizing efforts to close them.

What’s Essential: Multi-Tier Supply Chain Visibility

To mitigate the risks threatening the bulk power supply chain — whether from cyberattacks, trade shocks, regulatory changes, or natural disasters — utilities and energy producers need visibility into every tier of their supply chains. Exiger’s Supply Chain Illuminations provide exactly that, offering a view of supplier networks, component origins, and potential vulnerabilities.

A supply chain illumination is an analysis into where a product’s parts and materials come from and who supplies them. Exiger’s team conducts this analysis by leveraging our proprietary supply chain data and risk intelligence to map supply chains, identify risks, and uncover hidden connections. It’s delivered as a report with visual maps to help clients understand their supply chains and make safer, smarter decisions. These findings assist utilities in securing reliable sources of supply and preventing downtime.

Some organizations need ongoing, real-time intelligence for every tier of their supply chain. Exiger’s technology helps them understand their entire supply chain, from finished products to raw materials. Using the world’s most comprehensive supply chain relationship knowledge graph and artificial intelligence, Exiger builds a bill of materials (BOM) that shows exactly what goes into a product and who supplies each part.

Once the BOM is mapped, Exiger monitors risks across suppliers, components, and raw materials to help organizations spot threats like cyber risks, trade issues, or supply shortages before they cause problems. Exiger’s technology works with existing data or can create a BOM from scratch, to meet manufacturers, utilities, and energy producers wherever they are in their supply chain maturity.

By using these insights, energy producers, utilities, and their manufacturers can make smarter purchasing decisions, prevent disruptions, and stay ahead of changing regulations.

More Resources: