There seems to be a lot of talk about cybersecurity lately. At first glance, it might seem like a subject that doesn’t really apply to energy, however if we take a closer look, we can see that energy related cybersecurity is extremely important. We know this because the Department of Energy has recently released a cybersecurity strategy to try and strengthen our electricity grid’s security, processes and management. The reason why they developed this strategy is to try and better manage the hacking activities that have taken place in recent years.
Before we dive into the strategy and the different ways in which the United States government plans to address cybersecurity, let’s take a look at defining cybersecurity and the major problem that occurs if/when it is not addressed.
What is Cybersecurity?
The majority of everything we do today is or can be done online or with a computer. Personal information, government secrets and even things like the energy grid depend on a secure Internet connection or technology infrastructure. Cybersecurity evolved out of a need to keep information and data private, something that is extremely important in this day and age.
For example, government organizations tend to have a lot of top secret information that only a select group of individuals know about. If that information were leaked or given to the wrong people, the government could be in a lot of trouble. Another, more personal example includes credit card information. When you use your credit card, that information is stored. If the organization is hacked, your credit card information could get stolen too.
Hackers and Cybersecurity
People known as hackers spend their time trying to break down the security set up by organizations like the government. This also includes utilities or organizations that control the generation and delivery of electricity throughout the United States. There are many hacker groups across the globe, some who simply desire to cause minor headaches, while others are a serious threat.
If a hacker breaks through an organization’s network, they can gain access to the information stored there. They can then block those who need that information from using or accession that information. At that point, a hacker can do whatever they want and it becomes very difficult for the organization to manage the incident.
What’s The Problem?
A major problem with an energy related cyber attack is that hackers could gain control over energy in the United States. It’s been reported that hackers had gained entry into several energy sectors, including those within the United States. These cyber attacks began in 2015, only to increase in April of this year.
The cold hard truth is hackers attempt to break into different systems all the time. It is up to us to stay on top of our networks and ensure that our technologies are up to date so that we remain protected. This is why the United States government has turned their attention to stopping hackers in their tracks, especially when it comes to our energy.
Department of Energy’s Cybersecurity Strategy
The United States Department of Energy released their cybersecurity strategy to help American’s better understand the steps the government takes to ensure that our energy is protected. The purpose of this cybersecurity strategy is to the Department of Energy’s, “commitment to responsible information sharing and safeguarding, together with rigorous privacy and civil liberties protections.”
Principles and Goals
The strategy focuses on three principles that help to define four goals. Principles include,
- Focus on gaining trust of the public to ensure success
- Department assets include: information
- Use a distributed, and standards-based risk management approach
The strategy’s four goals include,
- Find and hire cyber talent
- Effectively distribute information with authorized users
- Keep information safe from cyber threats
- Increase the strength of the department’s cyber protection
Within each of the four goals, the Department of Energy outlines several objectives. These objectives include,
Goal 1: Find and hire cyber talent
- Find and reach out to talent
- Create a team of employees dedicated to handling cyber threats
- Ensure cyber threat talent is satisfied in their role to support employees
Goal 2: Effectively distribute information with authorized users
- Increase information sharing processes
- Apply better practices to help support the information sharing processes
- Implement proper government approved protections
Goal 3: Keep information safe from cyber threats
- Manage risks using gathered intelligence
- Reduce risk with developed controls and processes
- Focus on resources and tools that help to identify threats faster
- Increase analysis, reaction and management time for any and all cyber threats
- Implement proper process for management of cyber threats
Goal 4: Increase the strength of the department’s cyber protection
- Streamline processes to develop strong communication within the department
- Invest in cyber technologies to increase the strength of the department’s processes
- Focus on developing partnerships with organizations focused on energy security
- Evaluate processes to ensure accountability and success
The good news is the Department of Energy is not attempting to address their strategy alone. Together with many different partners, they aim to better prepare the United States for the new cybersecurity strategy. A few of the Department of Energy’s partners include,
- Electricity Subsector Coordinating Council (ESCC)
- Electricity Information Sharing and Analysis Center (E-ISAC)
- DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
- Science & Technology, and the National Cybersecurity and Communications Integration Center (NCCIC)
- NIST Smart Grid Interoperability Panel (SGIP)
National Electric Grid Security and Resilience Action Plan
To help support the Department of Energy’s cybersecurity strategy, the United States government released a National Electric Grid Security and Resilience Action Plan in 2016. This plan is available online on the White House’s website.
This plan provides an in-depth look at, “three strategic goals to reduce the systemic risk to the electric grid through combined and aligned organizational, technical, and policy efforts across the public and private sectors.” The three strategic goals might look a little familiar, as they are very close to the goals presented by the Department of Energy’s plan. These goals include,
- Develop a secure and robust electric grid.
- Increase readiness and protection of the electric grid
- Focus on response, recovery and electricity grid management
Energy Security Moving Forward
Both the United States government and the Department of Energy strive to help the public better understand the steps involved in energy cybersecurity. They want everyone to know that they are taking the safety and security of energy very seriously, to prevent major problems before they occur.
Overall, the key to having a cybersecurity strategy is flexibility. Hackers adapt to our strategies all the time as they spend their days trying to work around the security measures put in place. The Department of Energy is putting their efforts towards hiring the best cyber threat talent out there, in addition to streamlining their processes with the explicit goal of keeping the country’s energy safe.