President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their Cyber-Security protections against hackers in the next 100 days, amidst increasing cyber-attacks
A 100-day race to improve Cyber-Security will rely on incentives rather than regulation, the White House has explained.
SolarWinds Malware
The White House push to strengthen electrical grid security comes after a report that a full quarter of the 1,500 utilities across N. America were infected with the SolarWinds malware, now formally attributed to Russian state players.
There was no evidence the so called “back door” was used by the threat players to breach any electrical grids, according to The Intercept, which added that it’s impossible to know how deep these attacks went into the industrial control systems (ICS). Also, recent publicised attacks on the Kansas & Florida water utilities have raised alarm.
Incentives to Utilities
In connection with this, a 6-page draft of the plan was created by the National Security Council (NSC) & described to Bloomberg News, which reported that the govt. will offer incentives to utilities to install monitoring software to spot hackers & then report any suspicious activity to the Federal Govt. to coordinate a response.
The plan also requests utilities to identify sites which are particularly sensitive to attack & would have the most catastrophic impact, Bloomberg reported. It will also give the US Energy Department the ability to expand its current classified program to flag power-grid vulnerabilities which could be exploited by attackers.
Power-Grid Oversight
Bloomberg reported that the final version of the plan could be released as early as this week. While details are still being finalised, the Federal Govt. is also still trying to decide which agency will take on oversight, Bloomberg added.
“This initiative is a partnership between the private sector and other government agencies, including [the Cybersecurity and Infrastructure Security Agency] CISA & DoE,” a White House spokesperson told Bloomberg about the plan. “DoE will take certain actions within their current role & authorities, in coordination with CISA & other partners.”
Homeland Security Secretary Alejandro Mayorkas told Bloomberg he sees CISA as the appropriate “quarterback” on cyber-security issues.
Texas Power Grid Collapse
The collapse of the unregulated Texas power grid in Feb. during an intense winter storm was a stark reminder of how deadly the loss of electricity can be.
Millions of Texas residents lost power, heat & even water after a week of sub-freezing temperatures. Early reports from state officials said 57 people died because of the power loss, but ABC News reported that is likely a drastic undercount.
“Cyber-Security improvement is something that should be happening across all critical infrastructure,” Edgard Capdevielle, CEO of Nozomi Networks outlined. “Not being able to see, secure & defend against inevitable attacks can lead to unnecessary deaths or cripple our economy.”
Logical Place
Bloomberg reported that sources familiar with discussions about the plan said the electrical grid infrastructure was a ‘logical place’ for the administration to start with its upgrade efforts since these utilities already coordinate & share data with the Govt.
“A plan like this is definitely a step in the right direction,” Capdevielle added. “While there may be some reluctance to share data with the government, the alternative of not doing anything or enough could be devastating.”
3 Simple Things
Capdevielle added these utilities need 3 simple things to get the job done: authority, budget & technology.
“It’s good to see action finally being taken at the highest levels to incentivise companies & organisations to defend against potential crippling attacks,” he commented.
$100b Investment
In addition to this 100-day cyber-security push for power grids, the Biden infrastructure plan includes a $100b investment toward creating a “more resilient grid, lower energy bills for middle-class Americans, improve air quality & public health outcomes & create good jobs, with a chance to join a union, on the path to achieving 100%, carbon-free electricity by 2035.”
Part of that could be reserved for Cyber-Security efforts.
https://www.cybernewsgroup.co.uk/virtual-conference-may-2021/