The Biden administration wants to help power plants and other electric utilities protect their networks from cyberattacks. The following is an overview of their plan.
The new initiative was announced in April by the United States Department of Energy, and it includes a variety of milestones for owners and operators of environments like power plants. It makes recommendations for how to properly safeguard the energy system supply chain, among others.
One of the reasons this initiative was begun is because of a report from a Government Accountability Office that was released in April. The report found that the United States grid’s distribution systems – which is how electricity is transported from the grid to consumers – is increasingly at risk from cyberattacks. This includes hackers using various techniques to gain access to critical suppliers and compromising the supply chain. All a hacker needs to do is create software that manipulates assets in power plants and exploits virtual private networks.
It is equally important to highlight how quickly these recommendations are coming on the heels of the devastating SolarWinds hack. For those unfamiliar, this was a major cyberattack that involved hackers secretly breaking into the systems of Texas-based SolarWinds, allowing them to add rogue code into the company’s main software offering. That application – dubbed “Orion” – is a popular way for companies of all types to manage their IT resources. Not only does this put the more than 33,000 customers of SolarWinds at risk, but a lot of those organizations are parts of the federal government. The Energy Department found SolarWinds-related malware on its own IT networks, although it has stated that critical systems were and are unaffected.
Alongside this new plan, the Biden administration (through the DOE) issued a Request for Information to get expert feedback on what steps are necessary to improve the electric power system supply chain risk management process. This feedback will be another key part of the program’s success moving forward.
For many small and midsize companies, cybersecurity is a priority but not a core competency. Contact us to learn how Xantrion’s managed service offerings can free you from the burden of cybersecurity and ensure that your entire team, from leadership on down, can work confidently and productively.