Energy Department Must Address Risks to Grid Distribution Systems, GAO Says
The Department of Energy’s national cybersecurity plans do not fully address risks to the U.S. grid’s distribution systems, which carry electricity from transmission systems to consumers, according to the Government Accountability Office.
Distribution systems are becoming more vulnerable to cyber attacks partly because of their increasing reliance on industrial control systems that allow remote access connection to business networks, GAO said in a March 18 report.
Industrial control systems are integrated hardware and software designed to control machines and devices in industrial environments, according to an article on TechTarget.
GAO noted that some states have already taken actions to protect industrial control systems outside the bounds of federal mandates.
Such actions include the incorporation of cybersecurity into routine oversight processes and hiring dedicated cybersecurity personnel, Homeland Security Today said.
In its report, GAO said the Department of Energy has not addressed vulnerabilities in the industrial control systems supply chain.
The department has instead prioritized addressing risks to the grid’s generation and transmission systems, the watchdog said.
According to GAO, the department’s decision would be of limited use in prioritizing federal support to states and industry to improve grid distribution systems’ cybersecurity.
GAO recommended that the Energy Department fully address the said risks in its plans to implement the national cybersecurity strategy.
Earlier in March, lawmakers introduced legislation that would mobilize the Cybersecurity and Infrastructure Security Agency to help the private sector and other government agencies protect industrial control systems.
The bipartisan Department of Homeland Security Industrial Control Systems Enhancement Act of 2021 would require CISA to provide vulnerability information to appropriate private-sector and government organizations that use industrial control systems.
Tags: CISA cybersecurity Department of Energy electricity GAO Government Accountability Office Homeland Security Today industrial control systems national cybersecurity plan national security TechTarget