The Biden administration is escalating efforts to safeguard the US power grid from hackers, developing a plan to better coordinate with industry to counter threats and respond to attacks, said people familiar with the matter.
Top administration officials, including Energy Secretary Jennifer Granholm and Deputy National Security Adviser Anne Neuberger, briefed top utility industry executives on the efforts in a March 16 meeting, said the people, who requested anonymity because the session was private.
The plan, which could prompt widespread changes in standards and cyber defense strategies, is set to be issued within weeks.
The high-level meeting indicated the seriousness of the initiative, which is meant to knit together the full force of the government, in alignment with the private sector, to confront increasingly aggressive actions by US adversaries to target the electrical grid.
Those acts include operations to insert malicious software that could be activated to interfere with electricity generation or distribution in the US.
Russia is among the adversaries that have already launched such operations, including a sprawling attack in 2017. But other countries targeting the grid include North Korea and Iran, one person familiar with the government’s assessment said.
The issue has gained renewed attention in the wake of a highly sophisticated attack that compromised popular software from Texas-based SolarWinds Corp. The hack, which affected as many as 18,000 SolarWinds customers, has underscored concerns about the vulnerability of the nation’s critical infrastructure amid persistent cyber threats.
The administration plans to produce a so-called operational technology action plan that will begin with the power industry and expand to other critical sectors such as natural gas distribution, chemical refining and municipal water systems, said one person briefed on the plan.
Operational technology, also known as OT, includes the specialised controls used to run the nation’s nuclear plants, refineries, pipelines and other infrastructure.
The administration is starting with the electrical sector because of its importance to the economy and following an assessment of the recent activities targeting the grid by foreign hackers, one person said.
Power industry advances in cybersecurity make the sector a good place to start as officials beef up protections for the nation’s critical infrastructure, another person said.
A National Security Council spokeswoman didn’t immediately comment.
The federal government and utilities have a long history of coordination on cybersecurity, with power companies required to report not just successful breaches of their control systems but attempted intrusions. The sector is a chief target of US foes, with security analysts and utility executives warning of a barrage of constant attempts on their systems.
Companies, however, have long complained that the government hasn’t spoken with one voice about how to address vulnerabilities, and that its recommendations haven’t always been synchronised -- concerns that were raised in this month’s meeting. The National Commission on Grid Resilience last year said the industry still needs more information on threats.
President Joe Biden intends to put the full weight of the government into the effort, with agencies including the State and Energy departments along with the National Security Agency enlisted to harden defenses and respond to breaches.
The Biden administration’s plan will include efforts to get greater visibility on private sector risks, and to clarify the role of key agencies, including the Homeland Security and Energy departments. The administration also wants to better plot responses to incidents -- including who’s involved and what resources are deployed after a company is compromised.
Although similar blueprints have been developed in the past, the involvement of top administration officials and their holistic approach is new, according to one person familiar with the matter.
A chief concern is deciding the shape of collective defense and response efforts. Administration officials at the March 16 meeting made clear they were seeking to enhance coordination, communication, reporting and response between the industry and government.
The virtual session was the first broad meeting between top Biden administration officials and executives in the Electricity Subsector Coordinating Council, a group designed to further industry-government coordination on protecting the grid. – Bloomberg