D.C. Takes On Energy Sector Threats: A Summary of Recent Agency and Congressional Efforts
Cybersecurity researchers often walk a fine line between objectively presenting the facts surrounding cybersecurity threats without fearmongering to garner the attention necessary to pressure policy makers and decision makers to take action. This is particularly true in the Energy sector, where the exploitation of vulnerabilities can lead to genuine high-risk outcomes such as regional black-outs and potential loss-of-life incidents.
While emphasis is rightfully placed by the media and researchers on both the actions of bad actors and the vulnerabilities which plague our critical infrastructure sectors when reporting on the energy sector, ICIT believes it is also important to recognize the work being done on the part of public and private sector stakeholders to respond to this threat. While there is no question significant progress must be made, the public must be made aware of existing initiatives that demonstrate government vigilance and may offer immediate solutions and resources to some of the security challenges faced by the energy sector.
This publication, which draws on research from ICIT’s Monthly Analyst Reports as well as analysis from recent threat reports from Dragos and FireEye, will discuss threats that the XENOTIME, HEXANE, and APT10 groups pose to the energy sector while also highlighting the efforts underway within Congress and federal agencies to secure the sector in response to emerging threats, including:
Department of Energy (DoE) funding for Grid Modernization and other Energy Sector initiatives
Energy Sector Cybersecurity Risk Assessment Model
DoE and FERC Collaboration
The Army’s Jack Voltaic Initiative
Proposed legislation to secure and modernize the grid