A new report from the United States Government Accountability Office (GAO) shows that the Department of Energy (DOE) has yet to fully analyze the electric grid cybersecurity risks.
The report includes the findings of a recently conducted review of the cybersecurity of the national electric grid, which includes “the commercial electric power generation, transmission, and distribution system comprising power lines and other infrastructure.”
The grid, GAO says, faces significant cybersecurity risks, including those posed by threat actors and vulnerabilities, which could result in power outages, although no such incidents have been observed domestically.
According to the report, nations, criminal groups, terrorists, and others are increasingly capable of targeting the grid, which is also becoming vulnerable to attacks on industrial control systems (ICS) that support grid operations, consumer Internet of Things (IoT) devices, and the global positioning system (GPS).
DOE has developed plans and an assessment to address grid cybersecurity risks, but GAO’s report (PDF) reveals that the assessment “had significant methodological limitations and did not fully analyze grid cybersecurity risks.”
The main limitation was that the assessment covered only a portion of the grid and reflected how that portion existed around 1980.
“Until DOE has a complete grid cybersecurity plan, the guidance the plan provides decision makers in allocating resources to address those risks will likely be limited,” the report reads.
Moreover, GAO explains that while the Federal Energy Regulatory Commission (FERC) approved mandatory grid cybersecurity standards, it did not ensure that those comply with the National Institute of Standards and ..
Support the originator by clicking the read the rest link below.
