Inside Biden's Plan to Protect the Power Grid from Hackers

Cybersecurity News


The Biden Administration has announced plans to launch a '100-day sprint' to shore up the US power grid against cyber-attacks.  
      
This effort is part of a larger project to reinforce the country's utilities that is projected to take years, if not decades to complete.

Background

It's no secret that US infrastructure is laced with digital vulnerabilities. Most utilities are developed, operated, and owned by local organizations, making it very difficult to leverage a unified and effective approach to cybersecurity management. For example, recently reported on an attack that successfully directed a Florida water-treatment plant to poison its drinking water.

Unlike the financial and health sectors, utilities have thus far not been a major target for hackers and have therefore been rather more willing to hold off overhauling their networks and investing in expensive equipment upgrades. However, a major disruption to a utility (such as water, power, or telecoms) could lead to a domino effect that would drag multiple sectors down with it. Think about the downstream effects of a sudden electricity outage. Or what if cellular data and WiFi went offline across wide sections of the country?

But all this is nothing new.

The question is: what do we do about it? How do we slingshot our infrastructure into the 21st century without inducing a counterproductive showdown between the government and utilities operators?

The Proposal

Rather than taking on utilities as a whole, the Biden team has put forward an “action plan” that first focuses on the power grid. This makes sense; everything else -- water, refineries, banking -- inevitably collapses without electricity. The recent outages in Texas tragically demonstrated this lesson all too well. Without power, people froze in their homes, ran out of drinking water, and lost contact once their phones died.

Moreover, the proposal asks relevant companies to identify critical links in their network which, if they went down, would have an outsized effect across the remaining system.

Furthermore, it expands an already existing program which focuses on identifying key network flaws that could make easy targets for foreign state-sponsored hackers (most likely from Russia, Iran, or China).

But perhaps the most important element is that the plan relies on positive incentives, rather than heavy-handed regulation. In other words, instead of fining companies for non-compliance, the Biden plan will reward compliance with tax breaks, subsidies, and federal support.

The Challenges

Like any ambitious proposal, this one comes with its fair share of challenges. Biden is not the first president to try to break the cybersecurity stalemate, but previous plans have always failed just as they were getting off the ground.

On the one hand, a significant amount of data sharing will be necessary if the federal government is to have any chance of identifying and responding to cyber-threats. Currently, federal intelligence and security agencies are operating in the dark, relying on local officials who often lack the resources for proper network monitoring. At the same time, operators are predictably (and understandably) nervous about perpetually sharing vast quantities of data with the government.

Moreover, the government plans to issue a list of approved manufacturers, which companies will need to purchase their supplies from in order to be compliant. This is meant to introduce a level of consistency, quality, and security into the grid. However, such a list would likely drive up costs across the sector.

Finally, we expect a considerable amount of inter-agency turf wars to be waged. While the Biden plan is attempting to head off potential conflicts by granting the Energy Department (rather than the Cybersecurity and Infrastructure Security Agency) jurisdiction over this project, we can expect more heated wrangling if and when the project begins to grow.

Is the new administration up to the challenge? We'll just have to wait and see.


More Stories Like This:
UN Passes Critical Cybersecurity Resolution
How Hackers Briefly Poisoned Florida's Water Supply
US Companies Struggle To Notice When They've Been Hacked


About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.