The U.S. Department of Energy (DOE) launched an 100-day initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain.
The initiative involves DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). It aims to advance actions to confront cyber threats from adversaries that seek to compromise critical systems that are essential to U.S. national and economic security.
“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” said Secretary of Energy Jennifer M. Granholm.
DOE also said that following a 90-day suspension, EO 13920 resumes effect. The Executive Order was signed in May 2020 by President Trump and restricted the import of certain pieces of bulk power system electrical equipment.
(Read “‘We have a real adversary’: Work intensifies to safeguard solar from cyber attacks.”)
The initiative encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities. It includes milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real-time situational awareness and response capabilities in critical ICS and operational technology (OT) networks.
It also is intended to reinforce and enhance the cybersecurity posture of critical infrastructure information technology networks; and includes a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems.
DOE also released a new Request for Information (RFI) to seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to inform future recommendations for supply chain security in U.S. energy systems.
DOE said that comments received in response to the RFI will enable it to “evaluate new executive actions to further secure the nation’s critical infrastructure against malicious cyber activity” and strengthen the domestic manufacturing base. DOE said that it expects utilities to “continue to act in a way that minimizes the risk of installing electric equipment and programmable components that are subject to foreign adversaries’ ownership, control, or influence.”
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: firstname.lastname@example.org.
If you have a grid tied inverter, that can be accessed by an app, blue tooth or Wi-Fi, that allows operating system updates and configuration over the internet, your inverter could be vulnerable to outside hacks. These hacks could shut down your system, reduce the output of your system or even override the anti islanding portion of the controls putting linemen at risk injury, trying to restore power, after an event, slowing down recovery.
Edward, you make a good point. pv magazine covered some of those issues in this recent article: https://bit.ly/3xfGrsc
Thank you David, this is exactly what I was saying and since PG&E has requested the new grid tied inverters ,installed after June of 2020, all have a back door through the utility management system.
By submitting this form you agree to pv magazine using your data for the purposes of publishing your comment.
Your personal data will only be disclosed or otherwise transmitted to third parties for the purposes of spam filtering or if this is necessary for technical maintenance of the website. Any other transfer to third parties will not take place unless this is justified on the basis of applicable data protection regulations or if pv magazine is legally obliged to do so.
You may revoke this consent at any time with effect for the future, in which case your personal data will be deleted immediately. Otherwise, your data will be deleted if pv magazine has processed your request or the purpose of data storage is fulfilled.
Further information on data privacy can be found in our Data Protection Policy.