The total number of malware infections that occur in a given year has been on the rise for the last decade. Flash forward to 2018 and that number had climbed to an impressive 812.67 million.
The Biden administration believes they have a plan that can help accomplish this. The end goal on helping protect power plants and other electric utilities to improve the ability to identify cyber threats to their network, and put a stop to them.
The new initiative was announced in April by the United States Department of Energy, and it includes a variety of milestones for owners and operators of environments like power plants to use as they beef up their cybersecurity efforts. It makes recommendations for how to properly safeguard the energy system supply chain, among others.
One of the reasons why this is happening at this particular moment has to do with a report from a Government Accountability Office that was released in April. In it, it was found that the United States grid’s distribution systems – which is how electricity is transported from the grid to consumers – is increasingly at risk from cyberattacks. This includes hackers using various techniques to gain access to critical suppliers and compromising the supply chain. All a hacker needs to create the right piece of software to manipulate assets in power plants and exploit virtual private networks.
It is equally important to highlight how quickly these recommendations are coming on the heels of the devastating SolarWinds hack. For those unfamiliar, this was a major cyberattack that involved hackers secretly breaking into the systems of Texas-based SolarWinds, allowing them to add rogue code into the company’s main software offering. That application – dubbed “Orion” – is a popular way for companies of all types to manage their IT resources. Not only does this put the more than 33,000 customers of SolarWinds at risk, but a lot of those organizations are parts of the federal government. The Energy Department found SolarWinds-related malware on its own IT networks, although it has stated that critical systems were and are unaffected.
Alongside this new plan, the Biden administration (through the DOE) issued a Request for Information to get expert feedback on what steps are necessary to improve the electric power system supply chain risk management processes in the country. This in and of itself underlines how important the administration is taking this topic, which will be a key part of the program’s success moving forward.