Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

Department of Energy strategy aims to strengthen systems against hacking

Written by  May 16, 2018

Citing an increase in hackers targeting the energy sector, the Department of Energy has released a five-year strategy to cut down on the risk of power-supply disruptions resulting from cyber attacks.

“Despite improving defenses, it has become increasingly difficult for energy companies to keep up with growing and aggressive cyberattacks,” the document states.

The department is trying to change that dynamic through a strategy to boost threat-sharing with the private sector, curb supply-chain risk, and accelerate research and development to make energy systems more resilient to hacking.

The strategy will serve as a roadmap for the new Office of Cybersecurity, Energy Security, and Emergency Response.

“Today, any cyber incident has the potential to disrupt energy services, damage highly specialized equipment, and threaten human health and safety,” Bruce Walker, an assistant secretary of Energy, said in the plans.

The document acknowledges the risk of cascading power disruptions due to the interconnectivity of the country’s energy systems. As a result, the department is looking to improve its response ability to cyber incidents, which it says “may require a different set of resources, personnel, and skills than traditional energy disruptions.”

DOE officials also want to expand the department’s Cybersecurity Risk Information Sharing Program, which shares threat data with the private sector, and set up a virtual “malicious code repository” for organizations to exchange a trove of malicious files for analysis.

Alongside DOE’s cybersecurity efforts, regulators and lawmakers have moved to make the grid more resilient to hacking.

Advertisement

ruling issued last month by the Federal Energy Regulatory Commission requires utilities to implement security controls on everyday electronics like laptops and flash drives that interact with “low-impact” systems. Legislation currently before the House of Representatives, meanwhile, would set up a voluntary DOE program for testing the security of ICS products.

The DOE strategy follows a Department of Homeland Security advisory in March that Russian government hackers had been collecting data on industrial control systems (ICS) in the U.S. energy sector as part of a two-year hacking campaign.

Such reconnaissance on the ICS that underpin the power sector is one thing, but documented cases of malware tailored to attack those systems are much rarer. The last decade has seen just a handful of them, with one example coming last August when hackers caused an oil and gas plant in Saudi Arabia to shut down.

ICS security specialists have drawn lessons from each of those high-profile malware incidents, and regulations in recent years have strengthened cybersecurity considerably in the energy and nuclear sectors.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Top News

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« May 2018 »
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Advertisement 

Advertisement