President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks.
The White House push to boost electrical grid security comes in the wake of a report that a full quarter of the 1,500 utilities across North America were infected with the SolarWinds malware, now formally attributed to Russian state actors. There was no evidence the so called “back door” was used by the threat actors to breach any electrical grids, according to The Intercept, which added that it’s impossible to know how deep these attacks went into the industrial control systems (ICS). And meanwhile, recent publicized attacks on the Kansas and Florida water utilities have raised alarm bells.
Against this backdrop, a six-page draft of the plan was created by the National Security Council and described to Bloomberg News, which reported that the government will offer incentives to utilities to install monitoring software to spot hackers and then report any suspicious activity to the federal government to coordinate a response.
The plan also asks utilities to identify sites which are particularly sensitive to attack and would have the most catastrophic impact, Bloomberg reported. It will also give the Energy Department the ability to expand its current classified program to flag power-grid vulnerabilities which could be exploited by attackers.
Power-Grid Cybersecurity Oversight
Bloomberg reported that the final version of the plan could be released as early as this week. And while details are still being hammered out, the federal government is also still trying to decide which agency will take on oversight, Bloomberg added.
“This initiative is a partnership between the private sector and other government agencies, including [the Cybersecurity and Infrastructure Security Agency] CISA and DoE,” a White House spokesperson told Bloomberg about the plan. “DoE will take certain actions within their current role and authorities, in coordination with CISA and other partners.”
Homeland Security Secretary Alejandro Mayorkas told Bloomberg he sees CISA as the appropriate “quarterback” on cybersecurity issues.
Texas Power Grid Collapse: A Warning
The collapse of the unregulated Texas power grid in February during an intense winter storm was a stark reminder of how deadly the loss of electricity can be. Millions of Texas residents lost power, heat and even water after a week of subfreezing temperatures. Early reports from state officials said 57 people died because of the power loss, but ABC News reported that is likely a drastic undercount.
“[Cybersecurity improvement] is something that should be happening across all critical infrastructure,” Edgard Capdevielle, CEO of Nozomi Networks told Threatpost. “Not being able to see, secure and defend against inevitable attacks can lead to unnecessary deaths or cripple our economy.”
Bloomberg reported that sources familiar with discussions about the plan said the electrical grid infrastructure was a logical place for the administration to start with its upgrade efforts since these utilities already coordinate — and share data — with the government.
“A plan like this is definitely a step in the right direction,” Capdevielle added. “While there may be some reluctance to share data with the government, the alternative of not doing anything or enough could be devastating.”
Capdevielle added these utilities need three simple things to get the job done: authority, budget and technology.
“It’s good to see action finally being taken at the highest levels to incent companies and organizations to defend against potential crippling attacks,” he said.
Beyond this 100-day cybersecurity push for power grids, the Biden infrastructure plan includes a $100 billion investment toward creating a “more resilient grid, lower energy bills for middle-class Americans, improve air quality and public health outcomes and create good jobs, with a chance to join a union, on the path to achieving 100-percent, carbon-free electricity by 2035.” Part of that could be earmarked for cybersecurity efforts.
Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a FREE Threatpost event, “Underground Markets: A Tour of the Dark Economy.” Experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. Register here for the Wed., April 21 LIVE event.