8895950496?profile=RESIZE_400xThe current US administration is introducing a 100-day plan to improve cybersecurity and address cyber threats across the nation's electrical grid.  Officials state the program is part of a broader cybersecurity plan designed to address issues across the nation's critical infrastructure.

The 100-day initiative will involve government agencies that are responsible for the security of critical infrastructure as well as businesses and private utilities that oversee or own infrastructure, such as electrical distribution systems that deliver power to homes.  "Public-private partnership is paramount to the administration's efforts because protecting our nation's critical infrastructure is a shared responsibility of government and the owners and operators of that infrastructure," says a spokesperson for the National Security Council.

Some lawmakers and a government watchdog agency have recently criticized the US Department of Energy (DOE) for its cybersecurity practices, especially in the wake of the SolarWinds supply chain attack, which led to follow-on attacks on the DOE and eight other federal agencies, plus 100 companies.  In March 2021, the Government Accountability Office (GAO) released a report that found the US electrical grid's distribution systems, which deliver electricity directly to customers, are increasingly vulnerable to cyber threats and urged the DOE to incorporate these systems into its current and future cybersecurity plans.

Some security experts have criticized the current US president's recent $2 trillion infrastructure spending proposal for lacking cybersecurity specifics, including security enhancements for the nation's electrical grid.  Other analysts, however, noted that any improvements in infrastructure would likely strengthen security by updating and replacing older equipment.[1]

As part of the 100-day plan for the nation's electrical grid, the DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), will work with the Cybersecurity and Infrastructure Security Agency (CISA) and private utilities to make a series of cybersecurity improvements.

The goals of the project include:

  • Encouraging owners and operators of power plants and facilities to enhance security incident detection, mitigation, response and forensic capabilities;
  • Deploying technologies to allow for real-time situational awareness within industrial control systems and operational technology networks;
  • Reinforcing the IT networks and infrastructure used within facilities;
  • Deploying technologies to increase the visibility of threats within ICS and OT systems.

The DOE also is seeking suggestions from electric utilities, energy companies, academia, research laboratories, government agencies and others for improving supply chain security within US energy systems.  While the emphasis on protecting and shoring up cybersecurity around the nation's electrical grid is long overdue, updating and improving complex OT and ICS systems will be a time-consuming process, says a former FBI agent. 

"Operational technology - or computing systems used to manage industrial operations opposed to administrative actions often rely on outdated, unprotected systems that were not manufactured with security in mind," says an expert who is now global head of professional services at cybersecurity firm BlueVoyant.  "In many instances, this will require a complete transformation of process and technology. There will need to be a significant investment in resources, both human and capital, to bring many energy companies up to a higher standard of cybersecurity."

CyberSaint Security also notes that when making changes and updates to ICS and OT systems, the federal government is in a unique position to help private organizations focus on what needs to be modernized.  "With so much of the infrastructure privatized and in need of modernization, it can be difficult to get everyone pulling in the same direction, and the Department of Energy and CISA can really help with this," the security professional said. 

US lawmakers are growing more concerned about cyber threats facing the nation's electrical grid, including from nation-state attackers and others.  In March 2021, a bipartisan group of US senators sent a letter to the DOE demanding that the DOE place a greater emphasis on cybersecurity as part of strategic planning and that the new administration keep the leadership of CESER in place to better respond to threats.

At a recent US Senate Intelligence Committee hearing, a California the head of cyber security at the US National Security Agency, agreed about China's ability to use cyber tools to disrupt natural gas pipelines and Russia's ability to interfere with the US electrical grid.  Both acknowledged that China and Russia have continued to improve their cyber capabilities and noted that the US government is looking to strengthen its defenses for critical infrastructure.

Red Sky Alliance has been has analyzing and documenting these type of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.  Many past tactics are often dusted off and reused in current malicious campaigns.  Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network. 

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings

REDSHORTS - Weekly Cyber Intelligence Briefings


[1] https://www.govinfosecurity.com/100-day-plan-to-enhance-electrical-grid-security-unveiled-a-16434