U.S. unveils plan to protect power grid from foreign hackers
WASHINGTON — The White House on Tuesday unveiled a 100-day plan intended to protect the U.S. power grid from cyberattacks, mainly by creating a stronger relationship between U.S. national security agencies and the mostly private utilities that run the electrical system.
The plan is among the first big steps toward fulfilling the Biden administration’s promise to urgently improve the country’s cyber defenses. The nation’s power system is both highly vulnerable to hacking and a target for nation-state adversaries looking to counter the U.S. advantage in conventional military and economic power.
“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” Secretary of Energy Jennifer Granholm said.
Although the plan is billed as a 100-day sprint — which includes a series of consultations between utilities and the government — it will likely take years to fully implement, experts say. It will ask utilities to pay for and install technology to better detect hacks of the specialized computers that run the country’s power systems, known as industrial control systems.
The Edison Electric Institute, the trade group that represents all U.S. investor-owned electric companies, praised the White House plan and the Biden administration’s focus on cybersecurity. “Given the sophisticated and constantly changing threats posed by adversaries, America’s electric companies remain focused on securing the industrial control systems that operate the North American energy grid,” said EEI president Tom Kuhn.
While an early draft had proposed helping small utilities and rural co-ops pay for the new monitoring, the final version is more vague about whether the money will come from the federal government or be passed to customers in the form of higher utility bills. Large utilities often have sophisticated security teams and pay for cutting edge monitoring technology, but it’s unclear how enthusiastically smaller utilities will take on the cost of additional security.
The government will take suggestions from utilities within 21 days about ways to incentivize participation in the voluntary effort, according to details of the plan described by a person familiar with it.
The final plan also drops the draft’s proposal for enhancing supply chain security for grid components by calling for a list of recommended equipment vendors. Now, the administration plans to ask utilities for suggestions for improvement.
Experts say initiatives to enhance the security of the U.S. electrical grid are years behind better-known efforts to shield data centers and corporate systems.