Vulnerabilities in Power Industry Supply Chain Increase Risk of Successful Cyber Attack on the Grid

[Geee]

Real Clear Poliktics

 

 

As Congress considers taking action on infrastructure and energy legislation in 2020, one cross-cutting issue still must receive priority attention at the national level – ensuring the security and resilience of our electric grid.

Securing the electric grid is an issue I have been elevating since 2014, and the latest study just performed by Ridge Global for the non-profit organization Protect Our Power reveals yet another chink in our national armor: The supply chain that feeds hardware, critical equipment and cyber assets into our electric grid has become global in nature, and highly vulnerable to infiltration.

And while some utility industry regulators, organizations and individual companies are taking action, including implementation of best practices, gaps in the overall system present a clear and present danger to our national security.

Driving this phenomenon is the increasing sophistication of the grid, where information technology (IT) and operational technology (OT) products and services are converging to make the grid more automated and efficient, but also opening up new cyber vulnerabilities and threats.

On the OT side, for example, equipment that could contain cyber threats are part of transmission and distribution control centers, smart grid devices and smart meters, protective relays, outage and restoration software and more.

On the IT side, supply chain items that could contain a cyber threat are vital to corporate operations, including customer service, telephone and electronic communications, security, interface with operations systems and many other general corporate functions.