Ride the Lightning

President Biden’s 100 Day Plan to Improve Electric Grid Cybersecurity

April 21, 2021

The Washington Post (sub.req.) reported on April 20 that the Biden administration is launching a 100-day plan to beef up the cybersecurity of the nation’s electricity infrastructure.

The plan is a joint effort between the Energy Department and the Cybersecurity and Infrastructure Security Agency. It focuses on helping operators in the electricity industry update their security systems and implement new technologies to detect and mitigate threats.

“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” Secretary of Energy Jennifer M. Granholm said in a statement. “It’s up to both government and industry to prevent possible harms — that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”

The electric industry experiences daily attacks by cybercriminals. Those attacks have increased during the pandemic when remote working created more opportunities for hackers, researchers and government officials.

Recent attacks on SolarWinds and Microsoft Exchange software, both of which ensnared the electric industry, have renewed the urgency to modernize and secure America’s electric grid. Some owners and operators still rely on decades-old equipment that was not designed with modern cybersecurity risks in mind.

“That’s something that really has our attention as we think about the potential for a coordinated attack against the against the electric sector,” Jim Robb, president and chief executive officer of North American Electric Reliability Corporation (NERC), said in a call with reporters last week.

Experts have long warned about the potential devastation that could result from a coordinated attack on America’s grid by foreign adversaries. A 2015 attack by Russia on Ukraine’s power grid caused a mass blackout and significant economic losses.

The electric industry currently shares threats through NERC’s Electricity Information Sharing and Analysis Center. But some members of the electric industry have voiced concerns the federal government does provide enough guidance on critical vulnerabilities.

The National Commission on Grid Resilience, a bipartisan group of former government officials and electricity sector experts, called last year for greater declassification of threat intelligence as well as real-time threat notification center for owners and operators.

“The new initiative addresses some of those concerns. The voluntary initiative will allow for sharing of insights and detections rapidly with participants, the federal government, participants, and trusted organizations such as relevant information sharing and analysis centers,” an Energy Department spokesperson said in an email.

Members of the electric industry have also called for greater guidance around security requirements for third-party software and hardware vendors. While grid operators must submit to strict federal regulations, owners and operators are responsible for vetting the cybersecurity of the equipment and software they use.

“The safety and security of the American people depend on the resilience of our nation’s critical infrastructure,” acting CISA director Brandon Wales said in a statement. “This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors.”

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson