The Biden administration is taking steps to protect the country's electric system from cyberattacks through a new 100-day initiative combining federal government agencies and the private industry.
The initiative, announced Tuesday by the Energy Department, encourages owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put into use technologies so they can spot and respond to intrusions in real time.
The department is also soliciting input from electric utilities, energy companies, government agencies and others for recommendations about how to safeguard the energy system supply chain.
"Innovative partnerships like these are essential to addressing the urgent cybersecurity challenge because much of our critical infrastructure is owned and operated by the private sector," Emily Horne, a spokeswoman for the White House's National Security Council, said in a statement.
The effort, which besides the electricity industry also involves the Cybersecurity and Infrastructure Security Agency, underscores the heightened concern about the prospects for cyberattacks that disrupt the power supply. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said in an interview with The Associated Press earlier this month that the administration was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks.
A Government Accountability Office report last month found that the U.S. grid's distribution systems, which transport electricity from transmission systems to consumers, are increasingly at risk. It said hackers can use multiple techniques to gain access, including compromising the supply chain by manipulating software or hardware or exploiting virtual private network connections.
"Distribution systems are growing more vulnerable, in part, because their industrial control systems increasingly allow remote access to connect to buisness networks," GAO auditors reported. "As a result, threat actors can use multiple techniques to access those systems and potentially disrupt operations."
Last year, Russian hackers took advantage of cyber weaknesses in Microsoft software in what became known as SolarWinds to mine at least nine U.S. government agencies - the departments of Justice and Treasury, among them - and more than 100 private companies and think tanks.
The report recommended that the Energy Department, the primary federal agency for the energy sector, do more to address those risks.
The U.S. "faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses," Energy Secretary Jennifer Granholm said in a statement announcing the new effort.
"It's up to both government and industry to prevent possible harms - that's why we're working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system," she added.