The White House on Tuesday unveiled a 100-day plan to protect the U.S. power grid from cyber attacks, primarily by creating a stronger relationship between U.S. national security agencies and the mostly private utilities that run the power system. .
The plan is among the first major steps towards fulfilling the Biden administration’s promise to urgently improve the country’s cyber defenses. The nation’s electrical system is both highly vulnerable to hacking and a target for adversaries of nation states seeking to counter the US advantage in conventional military and economic power.
“The United States faces a well-documented and growing cyber threat from malicious actors seeking to disrupt the electricity Americans depend on to power our homes and businesses,” said Energy Secretary Jennifer Granholm .
Although the plan is billed as a 100-day sprint – which includes a series of consultations between utilities and government – it will likely take years to be fully implemented, experts say. It will require utilities to pay for and install the technology to better detect hacks on specialized computers that run the nation’s power systems, known as industrial control systems.
The Edison Electric Institute, the trade group that represents all electric companies owned by U.S. investors, praised the White House plan and the Biden administration’s focus on cybersecurity. “Given the sophisticated and ever-evolving threats posed by adversaries, US power companies remain focused on securing the industrial control systems that operate the North American energy grid,” said EEI President Tom Kuhn.
While an early draft proposed to help small utilities and rural co-ops pay for the new monitoring, the final version is more vague as to whether the money will come from the federal government or whether it will be passed on to the government. customers in the form of higher utility bills. Large utilities often have sophisticated security teams and pay for cutting edge surveillance technology, but it’s unclear how enthusiastically smaller utilities will shoulder the cost of additional security.
The government will take suggestions from utilities within 21 days on how to encourage participation in the voluntary effort, according to the details of the plan outlined by someone familiar with it.
The final plan also abandons the project proposal to strengthen supply chain security for network components by calling for a list of recommended equipment suppliers. Now the administration plans to ask utilities for suggestions for improvement.
Experts say initiatives to improve the security of the U.S. electricity grid are years behind more well-known efforts to protect data centers and corporate systems. At the same time, hackers from Russia, China, Iran and North Korea are launching increasingly aggressive attacks against US electricity companies, hoping to install malware that could leave towns and villages in the dark.
Under the new plan, owners and operators of power grids are now expected to “improve their detection, mitigation and forensics capabilities,” according to the Energy Ministry statement. They should also share information with the federal government if anything happens to their systems. Priority sites will need to identify and report their technological capabilities, gaps and requirements within 45 days of launch.
CISA, the Agency for Cybersecurity and Infrastructure Security, will establish a team of government and agency officials to coordinate analysis between government and the private sector.
“The safety and security of the American people depends on the resilience of our nation’s critical infrastructure,” Brandon Wales, Interim Director of CISA, said in a statement. This partnership “would prove to be a valuable pilot as we continue our work to secure industrial control systems in all sectors.
– With the help of Shaun Courtney and Josh Saul.
Copyright 2021 Bloomberg.
Cyber United States
Interested in Cyber?
Receive automatic alerts for this topic.