With the rising cybersecurity incidents in the U.S., the Biden administration is focusing on elevating the country’s security strategy to protect its critical infrastructure and take a step further towards modernized technology.
Recently, the U.S. Department of Energy (DOE) launched an initiative to improve the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain. The initiative, named as 100-Day Plan, is a coordinated effort between the DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA).
What is the 100-Day Plan?
The 100-day initiative implements swift and aggressive actions to tackle the rising cyberattacks. Over the next 100 days, the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will advance the technologies and systems to provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities. The initiative will enhance the cybersecurity defenses and:
- Encourage owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities.
- Include concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real-time situational awareness and response capabilities in the critical industrial control system (ICS) and operational technology (OT) networks.
- Reinforce and enhance the cybersecurity posture of critical infrastructure information technology (IT) networks; and
- Include a voluntary industry effort to deploy technologies to increase the visibility of threats in ICS and OT systems.
A Collective Effort
The DOE also released a new Request for Information (RFI) from the electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders for recommendations for supply chain security in U.S. energy systems. The RFI will enable the DOE to implement new initiatives to secure the nation’s critical infrastructure against state-sponsored cyber campaigns. The government and organizations in the U.S. have focused on improving the cybersecurity standards in the wake of the recent high-profile cyberattacks like the Russian-backed SolarWinds hacking campaign and exploitation of Microsoft Exchange server vulnerabilities.
What the Experts Say…
Commenting on the new initiative, the Secretary of Energy Jennifer M. Granholm said, “The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses. It’s up to both government and industry to prevent possible harms—that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”
“The safety and security of the American people depend on the resilience of our nation’s critical infrastructure. This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors,” said CISA Director (Acting) Brandon Wales.