Electric utilities serving about 56 million U.S. customers have either installed tools to better spot cyberattacks or have pledged to do so, a White House official said Tuesday, providing a blueprint for the gradual securing of other privately-owned infrastructure after the Colonial Pipeline Co. hack.
Nearly half the electric utilities designated by the Biden administration as security priorities say they have rolled out or agreed to roll out sensors in their systems to detect and block cyber threats, according to
deputy national security adviser for cyber and emerging technology.
Ms. Neuberger said the administration intends to replicate the approach, part of a 100-day sprint to shore up the electric grid, across other essential resources like fuel pipelines and water after a series of cyberattacks on U.S. critical infrastructure.
“We started with the electric utility sector for the obvious reason that power impacts all of our lives,” said Ms. Neuberger, who spoke at an event hosted by the Silverado Policy Accelerator, a think tank.
Monitoring tools can help keep hacks of companies’ information-technology networks from spreading to their operational technology and hobbling day-to-day business, cyber experts say.
The line between IT and OT systems has blurred in recent years as many industrial firms digitize their facilities. At the same time, lax regulation of sectors such as pipelines has yielded uneven investment in cybersecurity.
The Biden administration began encouraging electric utilities to use monitoring tools in April as part of a broader effort to secure the grid. The Energy Department, working with the Cybersecurity and Infrastructure Security Agency, identified 250 “priority entities” for the initiative, Ms. Neuberger said, of which 121 have deployed the technology or agreed to.
Those participants “include the vast majority of the big utilities,” she added. A spokeswoman for the National Security Council didn’t respond to a request for comment on how many firms had installed such tools before the Biden administration’s initiative.
About 105 members of the National Rural Electric Cooperative Association meet the 50,000-customer threshold outlined in the Biden administration’s recommendation to use such technology, said Emma Stewart, the trade group’s chief scientist. Eleven of those co-ops already have deployed a trade-group designed tool that meets the administration’s criteria for threat detection, she said, while roughly 25 others intend to.
More than 50 additional co-ops in the group are waiting to see if Washington offers any incentives to install the technology, financial or otherwise, Ms. Stewart said.
“We’re trying to make sure we keep the costs at a reasonable level,” she added. “Co-ops are not-for-profit.”
U.S. officials have channeled more resources toward cybersecurity after a series of high-profile attacks on public- and private-sector systems in recent months. In May, President Biden signed an executive order intended to improve security practices among government contractors, while the Transportation Security Administration issued first-of-their kind requirements for pipeline companies to report cyberattacks.
Colonial Pipeline pre-emptively shut down the East Coast’s largest conduit for fuel for six days in early May after a ransomware attack hit its IT systems, spurring panic-buying and shortages of gasoline in several states. Meat-processing giant
similarly halted production at many facilities after a ransomware strike later that month. Both companies said they paid their attackers multimillion-dollar ransoms.
On Tuesday, Ms. Neuberger said the incidents illustrated how cyberattacks can quickly cause real-world damage across the U.S. economy. Lengthy recovery times for companies’ computer systems can create bottlenecks in supply chains streamlined for efficiency, she said.
“In the event of a business disruption, whether it’s cyber or a tornado,” she said, “there’s less capacity in the system to allow for 24, 48, 72 hours to recover.”
Write to David Uberti at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8