In a new move to revamp the US power grid cybersecurity, President Biden unveiled a $2tn plan which included $100bn for a variety of infrastructure priorities such as upgrading the electric power grid and cybersecurity projects.
The Biden administration’s newly unveiled plan, dubbed the American Jobs Plan, includes several proposed technology investments, some of which include countering cyber threats and addressing supply chain vulnerabilities.
Funds are to be used by states and regional grid organisations to hire new talent to better regulate and improve grid security. Experts have long warned that cyber threats to the grid could create wide-scale disruption and economic devastation especially as the electric grid faces millions of attempted intrusions a day, including from foreign adversaries, according to a senior Biden administration official.
While grid operators are regulated by the government, owners are responsible for ensuring the cybersecurity of the software they use.
“The administration is committed to improving cyber vulnerabilities in the core services Americans rely on as a top cybersecurity priority,” Deputy National Security Adviser Anne Neuberger said. “We designed this initiative — focused on the electricity utilities — to achieve that. And, as with every element of our cybersecurity strategy, we’re doing it in partnership with the private sector.”
The initiative aims to counter hackers trying to insert malicious software that could disrupt electricity generation or distribution in the country. Fears of such an attack have grown since Russian hackers shut down Ukraine’s power grid in 2015. Additionally, the Department of Homeland Security and the FBI released a report in 2018 that Russian hackers were targeting the US energy sector.
Concerns about foreign hackers have grown after recent supply-chain hacks, one being Texas-based SolarWinds. The SolarWinds attack highlighted the lack of security standards for hardware and software used by grid providers and therefore brought the issue to light.
The White House is likely to directly address the issues raised by the SolarWinds attack through a series of executive orders, which could include sanctions against those responsible for the attack as well as changes in how the government approaches security, such as creating a rating system and security scorecard for US software.
Additionally, the administration plans to produce an action plan that will begin with the power industry and then expand to other sectors such as natural gas distribution, chemical refining and municipal water systems.
In January this year, the House of Representatives passed the $1.9tn American Rescue Act which included $650m for the Cybersecurity & Infrastructure Security Agency for “cybersecurity risk mitigation” as well as $1bn for the General Services Administration to spend on IT modernization projects.
Copyright © 2018 RegTech Analyst