White House strategy promises built-in cybersecurity measures for grid

The White House unveiled a strategy March 2 to shore up US cybersecurity that calls for proactive measures to protect new electric infrastructure from attacks. The national cybersecurity strategy comes as the Biden administration races to decarbonize the US power grid by 2035, increasing the country's dependence on digital and automated systems.

While such technologies -- including "smart" devices, cloud-based grid management platforms and distributed energy resources -- are intended to make the grid more efficient, they also provide hackers a new opportunity to cause havoc.

"We need to ensure that we're not inadvertently creating a cyberrisk," Puesh Kumar, director of the Department of Energy's cybersecurity office, told utility regulators in February.

The strategy regards efforts to rebuild the country's energy infrastructure as an opportunity to implement cybersecurity measures in advance, "rather than developing a patchwork of security controls after these connected devices are widely deployed."

As for what those measures may entail, the plan cited actions outlined in the DOE's National Cyber-Informed Engineering Strategy released in June 2022.

The administration also vowed to work with industry and local governments to secure electric vehicle charging networks and zero-emission transit and school buses.

Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security, said the strategy is intended to shift the burden of cybersecurity preparedness from end users to manufacturers.

"Building security into the product from the beginning, rather than a bolt-on after the fact, is a more secure and cost-conscious approach," Harrell said in a statement. "Of course, it's not possible to eliminate all defects, but right now there's little incentive -- beyond just general market reputation -- to invest in a dramatic reduction of cyber vulnerabilities. Harmonizing the regulatory landscape to encourage security over compliance is a must."

However, the 35-page document is "only as good as the implementation plan, which is presumably forthcoming," Harrell added. "My hope is the strategy urges conversation at the industry board level and emphasizes cybersecurity as a critical business risk."

S&P Global Commodity Insights reporter Siri Hedreen produces content for distribution on Capital IQ Pro.