The Department of Energy Warns of Increasing Cyber Threats to Electricity
Our nation’s electrical grid, which is a key component of the critical infrastructure, is better than much of the world, but as recent outages following winter storms have shown, it could use a little “TLC.” Most of today’s grid actually was built in the 1950s and 1960s and was expected to have a 50-year life expectancy. As a result, across much of the country, the grid is living is on borrowed time.
According to a U.S. Energy Administration report from 2016, the average utility customer had 1.3 power interruptions per year, and a total blackout time averaging four hours. Much of the loss of power was nature or accidents, and updating that critical infrastructure is crucial to ensuring that rolling blackouts don’t become a norm.
CYBERSECURITY AND THE ELECTRICAL GRID
However, there is also the issue of securing the electrical grid to ensure that it can’t be taken down with the proverbial “flip of a switch” by a bad actor or foreign adversary. By the very virtue of its complexity and size, the U.S. electric grid is vulnerable to physical and cyber attacks.
This week the Department of Energy (DOE) launched an initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS), as well as to secure the energy sector supply chain, as one part of the Biden administration’s efforts to safeguard critical infrastructure.
The DOE kicked off a “100-day plan,” which it described as a coordinated effort between the department, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). The plan calls for swift, aggressive actions to confront cyber threats from adversaries who could seek to compromise the critical systems that are essential to U.S. national and economic security.
“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” Secretary of Energy Jennifer M. Granholm said in a statement. “It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”
THE 100 DAY PLAN
The DOE announced that over the next 100 days, the department’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) – in partnership with electric utilities – will continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.