The White House is readying a scheme to increase the cyber security and resilience of its electrical grid, according to a document verified by Bloomberg yesterday.
The plan, created by the National Security Council, is part of a longer-term strategy to secure several systems that are a part of critical national infrastructure, including water utilities and gas pipelines.
The electrical grid resilience plan will be largely voluntary to avoid resistance to regulation. It will carry incentives that will make it more appealing for electrical operators to implement protections.
Those protections include cyber security monitoring equipment and an assessment to identify sites that would present the most risk to the grid in an attack.
Incentives are reportedly still a work in progress but might include government funding for smaller utilities.
The plan will also extend Cyber Testing for Resilient Industrial Control Systems (CyTRICS), a partially classified plan that identifies vulnerabilities in the electrical grid that intruders could exploit.
There will also be an initiative to share cyber incident information with the US government, although the plan reportedly assures utilities they won’t need to share sensitive data.
The initiative will begin with a 100-day sprint followed by a process that will take years, according to the document that Bloomberg says could be released as early as this week.
In a startling move, the plan makes the Department of Energy the lead agency rather than the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), Bloomberg reported. CISA, which could soon have a new director, is supposed to be the go-to agency for protecting domestic infrastructure from cyber attacks.
Last month, the General Accountability Office (GAO) warned that the Department of Energy needs to do more to secure the electrical grid from attack, arguing that it had focused too heavily on protecting generation and transmission systems.
"The U.S. grid's distribution systems — which carry electricity from transmission systems to consumers and are regulated primarily by states — are increasingly at risk from cyberattacks," it said. "Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks."
The US electrical grid has been a concern for some time. In 2019, the Xenotime hacking group, which created the Triton malware, extended its focus from the oil and gas sector to the US electrical infrastructure.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcosAnalysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standardsNews Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
-
The US could be set to ban TP-Link routersNews US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
-
US government IT contractor could face death penalty over espionage chargesNews The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
-
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpinNews Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
-
Breach at US Transportation Department exposes 240,000 employee recordsNews An investigation is underway into the breach, which affected former and current employee data
-
IRS mistakenly publishes 112,000 taxpayer records for the second timeNews A contractor is thought to be responsible for the error, with the agency reportedly reviewing its relationship with Accenture
-
US begins seizure of 48 DDoS-for-hire services following global investigationNews Six people have been arrested who allegedly oversaw computer attacks launched using booters
