The United States must harness its technical know-how to defend energy infrastructure from advanced hacking, Energy Secretary Rick Perry said Monday, touting his department’s investments in cybersecurity research and development.
Cyberattacks have gotten easier to carry out and their sophistication, scale and frequency have increased, Perry said in a speech at a Department of Energy conference in Austin.
“The sustained and growing threat of cyberattacks to our energy infrastructure requires us to think differently, to act proactively,” the former Texas governor said. That means investing in new technologies to fortify the grid against hackers whose toolkits are only expanding, according to Perry.
DOE in April announced $25 million in funding for research and development to boost cybersecurity in energy delivery systems. Last September, the department awarded $50 million through its national laboratories to improve energy-sector resiliency, including about $20 million in cybersecurity projects.
With the unveiling of a new cybersecurity strategy last month, DOE has been vocal about its efforts to strengthen the grid’s defenses. That strategy seeks to curb the risk of power-supply disruptions resulting from cyberspace incidents, and will serve as a roadmap for a new DOE cybersecurity office.
The energy sector drills regularly for cyberattacks and shares threat information through the Electricity Information Sharing and Analysist Center. However, Perry said, more can be done to stay ahead of hackers that have probed the sector’s weak links for vulnerabilities.
“From hostile regimes, to terrorist groups, to cybercriminals, we face a host of bad actors eager to exploit our vulnerabilities and disrupt, or even destroy, our energy assets,” Perry said.
The Department of Homeland Security warned in March that Russian government hackers had targeted the energy sector, among others, in a two-year campaign that collected information on industrial control systems used in the sector.
“We know that attacks are coming, and we can never let down our guard,” Perry cautioned.
A report that DHS and DOE released last week found that the United States is, on the whole, well prepared to handle power-supply disruptions that could result from cyberattacks. There are, however, gaps in “situational awareness” of cyberthreats and incident response that the sector needs to work out, the report said.