Electric utilities serving some 56 million US customers have installed tools to better detect cyber attacks or have pledged to do so, a White House official said Tuesday, providing a plan for gradual protection of other private infrastructure. after the Colonial Pipeline Co. hack.
Nearly half of the utilities designated by the Biden administration as security priorities say they have implemented or agreed to deploy sensors in their systems to detect and block cyber threats, according to Anne Neuberger, deputy national security adviser for cyber and emerging technology.
Neuberger said the administration intends to replicate the approach, part of a 100-day sprint to shore up the power grid, through other essential resources like fuel and water pipelines after a series of cyberattacks on critical infrastructure in USA.
“We started with the electric utility sector for the obvious reason that energy impacts all of our lives,” said Ms. Neuberger, speaking at an event hosted by Silverado Policy Accelerator, a think tank.
Monitoring tools can help prevent attacks on companies’ information technology networks from spreading to their operating technology and hampering day-to-day business, cyber experts say.
The line between IT and OT systems has blurred in recent years as many industrial companies digitize their facilities. At the same time, lax regulation of sectors such as pipelines has generated uneven investment in cybersecurity.
The Biden administration began encouraging power companies to use monitoring tools in April as part of a broader effort to secure the grid. The Department of Energy, in collaboration with the Cybersecurity and Infrastructure Security Agency, identified 250 “priority entities” for the initiative, Neuberger said, of which 121 have implemented or accepted the technology.
Those participants “include the vast majority of large utility companies,” he added. A spokeswoman for the National Security Council did not respond to a request for comment on how many companies had installed such tools prior to the Biden administration’s initiative.
About 105 members of the National Association of Rural Electricity Cooperatives meet the 50,000 customer threshold outlined in the Biden administration’s recommendation to use such technology, said Emma Stewart, chief scientist for the trade group. Eleven of those cooperatives have already implemented a tool designed by a trade group that meets the administration’s criteria for threat detection, he said, while another 25 intend to do so.
More than 50 additional cooperatives in the group are waiting to see if Washington offers any incentives to install the technology, financial or otherwise, Stewart said.
“We are trying to make sure we keep costs at a reasonable level,” he added. “Cooperatives are non-profit.”
US officials have funneled more resources into cybersecurity after a series of high-profile attacks on public and private sector systems in recent months. In May, President Biden signed an executive order aimed at improving security practices among government contractors, while the Transportation Security Administration issued unique requirements for pipeline companies to report cyber attacks.
Colonial Pipeline pre-emptively shut down the largest fuel pipeline on the East Coast for six days in early May after a ransomware attack hit its IT systems, prompting panic buying and gas shortages in several states. Meat processing giant JBS SA
similarly it halted production at many facilities after a ransomware strike later that month. Both companies said they paid their attackers multi-million dollar ransoms.
On Tuesday, Neuberger said the incidents illustrated how cyberattacks can quickly cause real-world damage to the US economy. Long recovery times for companies’ IT systems can create bottlenecks in supply chains optimized for efficiency, he said.
“In the event of a business interruption, be it cyber or a tornado,” he said, “there is less capacity in the system to allow 24, 48, 72 hours to recover.”
Write to David Uberti in [email protected]
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
