Long-Term Plans to Address Risk in Energy Sector
On the heels of the Department of Homeland Security releasing its cybersecurity strategy, the US Department of Energy has unveiled its own Multiyear Plan for Energy Sector Cybersecurity, an effort to make US energy systems more resilient and secure.
While the nation's critical infrastructure has increasingly become a target for cyber-attacks that have the potential to cause damage and disruption to energy services, energy companies struggle to keep pace with – much less get ahead of – sophisticated attacks. Anticipating and reacting to the latest cyber-threat is a ceaseless endeavor that requires ever more resources and manpower.
"Despite the sector’s ever-improving defenses, the variety of threat actors and methods of attack are expanding, while the impact of incidents has evolved from exploitation to disruption to destruction. A 2015 survey of 150 IT professionals in the energy sector, conducted by Tripwire, showed that more than 75% of energy companies reported an increase in successful cyber-attacks in the previous 12 months, with many reporting increases of 50% or more," the plan stated.
In addition to planning to curb supply-chain risk and boosting threat-sharing with the private sector, the plan also sets forth the intention to accelerate research and development to make energy systems more resilient to hacking.
“Reliable energy and power is the cornerstone of our advanced digital economy and is essential for critical operations in transportation, water, communications, finance, food and agriculture, emergency services, and more,” the plan stated.
The White House administration has requested $96m in the 2019 federal budget, and the energy sector plan will also serve as as roadmap on how to best allocate funds for the new office of cybersecurity, energy security, and emergency response.
Many welcome the DOE’s efforts to raise awareness around the threats to the energy sector, but Ray DeMeo, chief operating officer, Virsec questioned whether laying out a strategy would be enough to overcome the obstacles inherent in legacy systems.
“While the strategy pillars are sound, making them actionable will be challenging. It's critical that we invest with speed and agility, and the roadmap’s goal to accelerate game-changing RD&D of resilient systems stands out. The administration’s funding request for $96m is hopefully just a down payment, because protecting our infrastructure adequately will cost billions."
Source: Information Security Magazine