President Trump recently issued an Executive Order to bar the purchase of certain critical electrical grid components from foreign adversaries. This order—like a similar telecommunications order released last year—reflects an acknowledgment by the federal government of a longstanding cyber threat to the electric grid posed by compromised equipment.
As with other threats to our critical industries such as the financial and defense sectors, it’s not a problem the government can solve on its own. However, the executive order convenes a task force made up of no less than seven separate government agencies with the Department of Energy in the lead. Industry, through the Electricity Subsector Coordinating Council (ESCC), only has a consulting role and this should get expanded.
We’ve long known about the threat posed to our electric power sector and other critical industries by foreign cyber actors, particularly nation-states with advanced capabilities such as Russia and China, as well as those with increasing capabilities like Iran and North Korea. And to address these threats, the electric power industry has taken steps to work with one another and the government through a variety of public and private sector-led efforts, including the Electricity ISAC and the Electric Sector Coordinating Council (ESCC), composed of large utilities, municipalities, cooperatives and leading industry groups.
Cyber Industry Delivers Cutting-Edge Automation
Industry can offer a very important role in solving the cyber threat to the electric grid. Private sector companies own and operate our critical infrastructure and they know where the risks are. These companies are on the front line of resilience and have the closest viewpoint into the prevailing vulnerabilities and threats.
While the energy sector has become a model for how industries should work together, we need to transition from human-based collaboration to automated, machine-based. Only by leveraging technology developed by private companies can we match the speed and scale that nation-state adversaries operate. An automated system that gives energy companies early warning of coordinated cyberattacks that may have never been seen previously will also become an important factor to our success.
With such tools, energy companies can actually see what’s hitting their sector in real-time and together with SOCs, can analyze the information for everyone’s benefit. The industry can then share this information with the federal government, giving them a real-time view into the attacks hitting critical infrastructure. If our adversaries are leveraging technology to make coordinated attacks on the sector, it stands to reason that we need to use technology to defend together.
While collaboration opportunities around threat-sharing within groups such as the Cyber Threat Alliance are valuable, we should go beyond that to address the potential risk in the supply chain. It will take years to work through the replacement schedule for the legacy equipment that makes up the electric grid; as risks are identified, private sector cybersecurity companies can innovate and deploy a solution to mitigate them.
The electricity sector should convene a team of energy companies, trade organizations, major equipment suppliers and the leading cybersecurity companies to take this on. The group would focus on how to leverage technology to mitigate risk with the scope of solutions being widely deployable and cost-effective. The group would make reports public in a limited manner so that energy companies can leverage the full private-sector cybersecurity market to support competition and rapid development without disclosing sensitive information.