U.S. federal government agencies and private industry will collaborate on a newly kicked off initiative to safeguard the United States power grid, the Department of Energy said.
The undertaking, designed to encourage power plants and electric utilities owners and operators to upgrade their cyber tools to identify cyber threats to their networks, is slated to run for 100 days. It includes markers for owners and operators to install new technologies that help them identify and respond to incidents in real time.
DOE also said it is asking electric utilities, energy companies, government agencies and others to recommend how best to safeguard the energy system supply chain. The DOE is not going it alone on executing the plan, the Cybersecurity and Infrastructure Security Agency (CISA) is also involved.
U.S. Power Grid and Cybersecurity: Four Priorities
The four point strategy calls for the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response and the electric utility companies together to:
- Encourage owners and operators to implement measures or technology that enhance their detection, mitigation and forensic capabilities.
- Set milestones for owners and operators to identify and deploy technologies and systems over the next 100 days that enable near real time situational awareness and response capabilities in critical industrial control system (ICS) and operational technology (OT) networks.
- Reinforce and enhance the cybersecurity posture of critical infrastructure information technology networks.
- Support a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems.
There’s a fair amount of heightened urgency attached to the campaign. Amid recently elevated worries that it wouldn’t take much for foreign backed operatives to disrupt the power supply, the U.S. Government Accountability Office (GAO) in a new report said that U.S. electrical grid distribution systems, which carry electricity from transmission systems to consumers, are vulnerable to cyber attacks that could result in extensive power outages.
The DOE is intent upon making the point that protecting the energy grid requires a combined effort of the government and the private sector. “The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” said Energy Secretary Jennifer Granholm. “It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”
U.S. Energy Systems and Supply Chain Security: Call for Input
DOE is also asking for input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to craft future recommendations for supply chain security in U.S. energy systems. “The safety and security of the American people depend on the resilience of our nation's critical infrastructure. This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors,” said Acting CISA Director Brandon Wales.
Here’s some additional MSSP Alert coverage of measures to protect the energy grid:
- Trump issues an executive order barring federal agencies from”acquiring, transferring, or installing” energy equipment owned or operated by a foreign country or individual.
- GAO report finds electrical distribution systems lacking.
- House passes three bipartisan bills to strengthen the cybersecurity profile of the nation’s electric grid and energy infrastructure.
- Cyber attacks disrupted energy grid operations in parts of California, Utah and Wyoming in early March 2019.
