EXECUTIVE SUMMARY:

A new report indicates that 25 percent of North American utilities incurred infection with the SolarWinds malware. Despite the discovery of this statistic, forensics investigators have not yet determined extent of the intrusion within industrial control systems (ICS). It may be impossible to know. How can the US prioritize and improve power grid security?

Will utility groups be able to shore up cyber security ahead of the next big breach? The Biden administration has called on leaders to pursue incentives and new guidelines.

The White House is pushing for utility groups to massively scale up power grid security within the next 100 days. In addition to the latest grid analyses, recently publicized attacks on water systems have also raised alarm bells.

Power grid plans

The National Security Council states that the Biden administration’s six-page plan offers “incentives to utilities to install monitoring software to spot hackers and then report any suspicious activity to the federal government to coordinate a response”.

This initiative functions as a partnership between the public and private sectors. CISA, and the Department of Energy play key roles. Homeland Security Secretary Alejandro Mayorkas views the plan as an appropriate “quarterback” in regards to emerging cyber security threats.

Electric loss, deadly consequences

In February, a Texas power grid collapsed amidst a winter storm. Millions of individuals lost power, heat and water in the face of sub-zero temperatures. At least 57 people perished due to power loss, and news outlets report that this number likely represents a significant undercount.

Inaction around securing the grid can lead to unnecessary deaths. Biden’s power grid security plan represents a step in the right direction.

Utility groups need three things to “get the job done”, according to CEO Edgard Capdevielle. Authority, budget and technology. “It’s good to see action finally being taken at the highest levels to incent companies and organizations to defend against potential crippling attacks”.

Beyond the 100 day push

While this cyber security plan represents progress, how else can the US address grid-related challenges?

The Biden infrastructure plan provides $100 billion for investments in a “more resilient grid, [and] lower energy bills for middle-class Americans…” and more. Some funds may be earmarked for cyber security efforts.

For more on the US power grid security plan, visit Threatpost.com.