The Biden Administration recently announced a 100-day plan aimed to address cybersecurity risks in the U.S. electrical system.
The Department of Energy (DOE) launched the initiative to "enhance the cybersecurity of electric utilities industrial control systems (ICS) and secure the energy sector supply chain."
The DOE is partnering with the Cybersecurity and Infrastructure Security Agency (CISA) and the electrical industry to address cyber concerns relating to the U.S. electrical grid and other critical infrastructure.
Secretary of Energy Jennifer M. Granholm explained the purpose of the initiative in this way:
"The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses. It's up to both government and industry to prevent possible harms—that's why we're working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system."
What will the 100-day plan do?
The DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will play a key part in pulling off the 100-day plan.
Here are four specific initiatives underway to modernize cybersecurity defenses:
- "Encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities"
- "Includes concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real time situational awareness and response capabilities in critical industrial control system (ICS) and operational technology (OT) networks"
- "Reinforces and enhances the cybersecurity posture of critical infrastructure information technology (IT) networks"
- "Includes a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems."
Industry advice for the U.S. electrical system
As part of the 100-day plan, the Biden Administration is also seeking input from cybersecurity and power industry leaders on the best ways to secure the U.S. energy system.
The DOE recently released a new Request for Information (RFI) "to seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to inform future recommendations for supply chain security in U.S. energy systems."
The Department of Energy says the responses it receives will help to evaluate executive actions and will further secure critical infrastructure from cyberattacks.