In 2017, the President’s National Infrastructure Advisory Council released a report addressing urgent cyber threats to critical infrastructure in the United States. The report concluded that the technical knowledge needed to launch an attack has greatly decreased over the past two decades, leaving the nation’s critical infrastructure security at increased risk.
According to the report, the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team reported 290 cyber attacks on critical infrastructure control systems in fiscal year 2016.
The report also looked at the effects of cyber attacks on critical infrastructure around the globe. As far back as 2010 an attack on critical infrastructure disrupted Iranian nuclear facilities, resulting in the destruction of 984 uranium enrichment centrifuges.
Nearly a decade later, the threat is larger than ever. To highlight this growing risk, how government agencies are addressing it and how other parties can help, this month, the United States recognizes National Critical Infrastructure Security and Resilience Month.
“The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge,” the Cybersecurity and Infrastructure Security Agency wrote in a November 1 release. “CI plays a vital role in keeping our Nation and communities safe and secure. Everyone is involved in the mission to protect CI and can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review.”
CISA is just one of the U.S. government agencies emphasizing the need for cybersecurity as part of National Critical Infrastructure Security and Resilience Month. Several governmental offices have redoubled their cybersecurity efforts in light of ever increasing cyberattacks.
Among them is the Office of Electricity, which is focused on increasing the resiliency and reliability of the critical systems and assets of the bulk-power system. The OE has been working to develop a mix of technology and policy solutions while leading efforts to ensure the nation’s most critical energy infrastructure is secure and able to recover rapidly from disruptions.
“The disruption or destruction of these critical assets can negatively affect national and economic security, public health, safety, or a combination of all,” the OE wrote in a release this month. Our goal is to enhance resilience through preparedness and to promote investment in our Nation’s infrastructure.”
As part of this effort, the OE is developing the North American Energy Resilience Model, a comprehensive resilience modeling system for the North American energy sector and its associated infrastructure. The NAERM will enable the identification of threats to energy infrastructure and provide enhanced situational awareness to minimize the impact of threats while increasing system resilience.
Similarly, the OE is focused on mitigating threats against Defense Critical Electric Infrastructure to help assure the U.S. government’s ability to defend the country, empower military forces, and maintain essential civilian functions during crises. According to the OE, their team works across the government, industry, and the private sector to improve and prioritize information-sharing, collaboration, and investments.
Additionally, the OE is pursuing megawatt scale storage capable of supporting frequency regulation, ramping, and energy management for bulk and distribution power systems. The OE is also pursuing high-fidelity, low-cost sensing technology for predictive and correlation modeling for electricity. According to the OE, improved sensing technology will provide increased observability of electric infrastructure which will help to mitigate threats.
To learn more about the efforts various agencies are taking to address threats to critical infrastructure and how to get involved, CISA encourages critical infrastructure owners and operators to download the Critical Infrastructure Security and Resilience Month Toolkit and to visit CISA’s Critical Infrastructure Security and Resilience Month resource page throughout November for information and updates.