US sets up dedicated office for energy infrastructure cybersecurity

The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats.

energy infrastructure cybersecurity

“$96 million in funding for the office was included in President Trump’s FY19 budget request to bolster DOE’s efforts in cybersecurity and energy security,” the Department of Energy announced.

According to that proposal, the CESER office will focus on “early-stage activities that improve cybersecurity and resilience to harden and evolve critical grid infrastructure. These activities include early-stage R&D at national laboratories to develop the next generation of cybersecurity control systems, components, and devices including a greater ability to share time-critical data with industry to detect, prevent, and recover from cyber events.”

Critical infrastructure under attack

Since the December 2015 attack on Ukraine’s power grid, which interrupted power supply to 230,000 people and is considered to be the first known successful cyber attack on a power grid, it has become obvious that critical infrastructure is and will continue to be hit by cyber attackers.

Some of the attacks, like the Triton/Trisis malware attacks, are targeted and result in operation shutdown, which apparently was the goal. Others, like the recent instance of crypto-mining malware hitting the SCADA network of a water utility company located in Europe, are likely just a part of a broader search for online resources and don’t end up affecting the target’s operation.

Industrial and critical infrastructure networks have also been affected by the WannaCry, NotPetya, and similar attacks.

For 2018, Kaspersky Lab ICS CERT’s researchers predict a rise in general and accidental malware infections of industrial information systems, ransomware attacks, and new malware designed to exploit vulnerabilities in industrial automation system components.

ICS/SCADA systems are plagued by insecure development and slow patching, vulnerable apps, and sometimes can’t be updated at all. And the number of Internet-accessible ICS components is increasing every year.

Efforts by European countries

European countries are on the cusp of implementing legislation and have mounted efforts and initiatives for improving the cybersecurity of critical infrastructure.

The EU Network and Information Security (NIS) Directive is one example. Its implementation is already under way in the UK.

The European Union Agency for Network and Information Security (ENISA) has also been offering advice on securing ICS/SCADA systems, ICS attack mitigation, ICS testing and so on for years.

“Most attacks on critical and strategic systems have not succeeded—but the combination of isolated successes with a growing list of attempted attacks suggests that risks are increasing,” World Economic Forum analysts recently pointed out.

“And the world’s increasing interconnectedness and pace heightens our vulnerability to attacks that cause not only isolated and temporary disruptions, but radical and irreversible systemic shocks.”