US modernizing cybersecurity defenses to protect critical electric infrastructure

The U.S. government announced on Tuesday a 100-day plan that will modernize critical electric infrastructure using cybersecurity defenses with aggressive milestones, and assist owners and operators to deliver better detection, mitigation, and forensic capabilities. The plan will help meet cybersecurity threats faced by the nation’s electric system, apart from seeking feedback from stakeholders on protecting the critical electric infrastructure.

The critical electric infrastructure is vital to the nation’s energy security, supporting national defense, emergency services, critical infrastructure, and the economy. 

The Biden administration is taking steps to safeguard U.S. critical electric infrastructure from persistent and sophisticated cyber threats. As a pilot of the administration’s broader cybersecurity initiative planned for multiple critical infrastructure sectors, the Department of Energy (DOE) launched its initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and protect the energy sector supply chain.

The move to strengthen the nation’s critical electric infrastructure comes after the Oldsmar water plant hack where a remote hacker came close to altering the chemical balance of the community’s drinking water to include dangerous levels of lye, and the SolarWinds supply chain attacks, which U.S. intelligence agencies alleged last week were the work of Russian Foreign Intelligence Service (SVR), who exploited five publicly known vulnerabilities.    

Technologies and actions help address perceived future threats, and possible risks to approaches moored in technology-based cybersecurity defense systems. Increased connectivity has led to efforts to ensure the reliability of the grid are highlighted and potential grid vulnerabilities are explored with a focus on the electric power sector’s mutual dependency on other critical infrastructure. 

The DOE’s actions will assist the administration’s comprehensive strategy and are part of a government effort to improve the resilience, diversity and security of American supply chains and ICS, in order to ensure economic prosperity and national security.

This is a coordinated effort between DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA), according to a White House statement. Public-private partnership is paramount to the administration’s efforts because protecting the nation’s critical infrastructure is a shared responsibility of government and the owners and operators of that infrastructure, it added.

“It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system,” said Jennifer M. Granholm, Secretary of Energy.

“The safety and security of the American people depend on the resilience of our nation’s critical infrastructure,” said acting CISA director Brandon Wales. “This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors.” 

The DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in alliance with electric utilities will continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for ICS of electric utilities.

The pilot program will modernize cybersecurity defenses and urge owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities. It will include concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real-time situational awareness and response capabilities in critical ICS and operational technology (OT) networks.

The pilot will also reinforce and boost the cybersecurity defenses of critical infrastructure IT networks, apart from including a voluntary industry effort to deploy technologies to increase the visibility of threats in ICS and OT systems. 

The Department will also look into additional actions that could be taken by regulators to address the security of critical electric infrastructure and the incorporation of criteria for evaluating foreign ownership, control, and influence into supply chain risk management.

The DOE also released a new Request for Information (RFI) to seek inputs from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to make future recommendations for cybersecurity defenses and supply chain security in U.S. energy systems. 

The RFI will provide a consistent and clear policy environment, and enable DOE to evaluate new executive actions to further secure the nation’s critical infrastructure against malicious cyber activity and strengthen the domestic manufacturing base. It is focused on preventing exploitation and attacks by foreign threats to the U.S. supply chain.

The DOE expects that, during the period of time in which further recommendations are being developed, utilities will continue to act in a way that minimizes the risk of installing electric equipment and programmable components subject to foreign adversaries’ ownership, control or influence.

A recent paper released by NRRI, the research arm of the National Association of Regulatory Utility Commissioners (NARUC) revealed that cyber threats to the grid are increasing at a rapid pace. “Given the rapid evolution of both the threats and technological protections, it would be useful for regulators to have an understanding of how cyber-attacks can be mounted against utility assets and the ability of alternative types of commercially available technologies to provide flexible protection,” according to the paper. 

“This paper will help regulators to understand the kinds of threats the utility industry is facing and the potential methods for protecting against them,” said Carl Pechman, NRRI director.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.