Biden administration releases 100-day plan to address electric system cybersecurity risks
On April 20, the Biden administration, through the United States Department of Energy (DOE), issued what it is calling its 100-day plan to address cybersecurity risks to the US electric system. The plan is a coordinated effort among DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). It “represents swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to US national and economic security,” according to the announcement.
The idea is that DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), working with utilities, will “continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.” To achieve this goal, the efforts undertaken in this “sprint” focus on encouraging power grid players to:
1.Implement measures or technology that enhance their detection, mitigation and forensic capabilities.
2.Deploy technologies that enable near real-time situational awareness and response capabilities in the critical industrial control system (ICS) and operational technology (OT) networks.
3.Enhance the security posture of their IT networks.
4.Deploy technologies to increase the visibility of threats in ICS and OT systems.
Trump EO banning purchases from adversaries reactivated
As part of the plan, the administration has reactivated an executive order put into place by the Trump administration and initially suspended when Biden first took office. That order bars electric utilities from purchasing what has been deemed high-risk electric equipment purchases, such as high-voltage transformers, from foreign adversaries, particularly China.
To further manage supply chain threats that stem from adversarial nations, the DOE also announced a new request for information (RFI), “Ensuring the Continued Security of United States Critical Electric Infrastructure,” that focuses on “preventing exploitation and attacks by foreign threats to the US supply chain.” This RFI is part of a broader initiative, “America’s Supply Chains” EO 14017, that seeks to examine and increase the resilience of supply chains across the US economy.