President Barack Obama in his State of the Union address Feb. 12 issued an executive order to safeguard U.S. power plants against cyber attacks.
The framework is expected to provide a prioritized, flexible and cost-effective approach to help owners and operators identify, assess and manage cyber risk.
“We know hackers steal people’s identities and infiltrate private email. We know foreign countries and companies swipe our corporate secrets,” Obama said in his speech. “Now, our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
Two power plants recently fell victim to cyber attacks after viruses and malware were downloaded on to computers during software upgrades. The U.S. Department of Homeland Security said up-to-date software on the computers would have caught the malware.
The order tasks the federal government with working alongside private companies to develop cybersecurity best practices, collectively referred to as the Cybersecurity Framework, that industry could choose to implement. The government would be required to issue a preliminary version of the framework within 240 days of the order, and the Department of Homeland Security would lead the drive to encourage implementation. A final version of the framework is expected to be published within a year.
The Edison Electric Institute said in a statement “The electric power industry has already taken significant steps to protest the power grid and work closely with government to prevent, detect and respond to cyber threats.” EEI also said they look forward to continuing work with the government to address national security.
Anthony Pietrangelo, chief nuclear officer and senior vice president of the Nuclear Energy Institute, said in a statement that U.S. nuclear power plants are already protected against cyber threats and that the order is “counterproductive” since the Nuclear Regulatory Commission already oversees safety at nuclear power plants.
“The nuclear energy industry has been implementing and improving cyber security controls since 2002, and the federal agency that oversees the nation’s nuclear energy facilities—the Nuclear Regulatory Commission—has established regulations that thoroughly monitor and inspect cyber security at all U.S. reactors.”
To read the full order, click here.
Read more safety & protection news