Those acts include operations to insert malicious software that could be activated to interfere with electricity generation or distribution in the U.S.
Russia is among the adversaries that have already launched such operations, including a sprawling attack in 2017. But other countries targeting the grid include North Korea and Iran, one person familiar with the government’s assessment said.
The issue has gained renewed attention in the wake of a highly sophisticated attack that compromised popular software from Texas-based SolarWinds Corp. The hack, which affected as many as 18,000 SolarWinds customers, has underscored concerns about the vulnerability of the nation’s critical infrastructure amid persistent cyber threats.
The administration plans to produce a so-called operational technology action plan that will begin with the power industry and expand to other critical sectors such as natural gas distribution, chemical refining and municipal water systems, said one person briefed on the plan. Operational technology, also known as OT, includes the specialized controls used to run the nation’s nuclear plants, refineries, pipelines and other infrastructure.
The administration is starting with the electrical sector because of its importance to the economy and following an assessment of the recent activities targeting the grid by foreign hackers, one person said.
Power industry advances in cybersecurity make the sector a good place to start as officials beef up protections for the nation’s critical infrastructure, another person said.
A National Security Council spokeswoman didn’t immediately comment.
The federal government and utilities have a long history of coordination on cybersecurity, with power companies required to report not just successful breaches of their control systems but attempted intrusions. The sector is a chief target of U.S. foes, with security analysts and utility executives warning of a barrage of constant attempts on their systems.
Companies, however, have long complained that the government hasn’t spoken with one voice about how to address vulnerabilities, and that its recommendations haven’t always been synchronized — concerns that were raised in this month’s meeting. The National Commission on Grid Resilience last year said the industry still needs more information on threats.
President Joe Biden intends to put the full weight of the government into the effort, with agencies including the State and Energy departments along with the National Security Agency enlisted to harden defenses and respond to breaches.
The Biden administration’s plan will include efforts to get greater visibility on private sector risks, and to clarify the role of key agencies, including the Homeland Security and Energy departments. The administration also wants to better plot responses to incidents — including who’s involved and what resources are deployed after a company is compromised.
Although similar blueprints have been developed in the past, the involvement of top administration officials and their holistic approach is new, according to one person familiar with the matter.
A chief concern is deciding the shape of collective defense and response efforts. Administration officials at the March 16 meeting made clear they were seeking to enhance coordination, communication, reporting and response between the industry and government.
The virtual session was the first broad meeting between top Biden administration officials and executives in the Electricity Subsector Coordinating Council, a group designed to further industry-government coordination on protecting the grid.