In an earlier blog article titled “Energy Sector at risk of Cyber Attacks”, we described an attack at a Western Utility company and how the attack leveraged a known software vulnerability for which a patch was available but not applied. The energy sector needs to pull up its socks as is evident from recent NIST Cybersecurity Guide for Energy Sector Asset Management [ESAM], which we blogged about recently and now this assessment report from US Government Accountability Office (GAO) titled: Critical Infrastructure Protection – Actions needed to address significant cybersecurity risks facing the Electric Grid. Let us look at the key findings from this assessment report by US GAO.

GAO was asked to review the cybersecurity of the grid, as the nation’s electric grid delivers the electricity that is essential for modern life. Specific objectives were to:

GAO developed a list of cyber actors that could pose a threat to the grid; identified key vulnerable components and processes that could be exploited; and reviewed studies on the potential impact of cyberattacks on the grid. GAO also analyzed Department Of Energy’s (DOE) approaches to implementing a federal cybersecurity strategy for the energy sector as it relates to the grid and assessed Federal Energy Regulatory Commission (FERC) oversight of cybersecurity standards for the grid.

During the assessment, GAO found that the electric grid faces significant cybersecurity risks:

GAO makes 3 recommendations as part of the assessment report as below:

It is key to note that DOE and FERC agreed with GAO’s recommendations. The risk of cyberattacks to electric grid is real!

In a subsequent blog, we will take a deeper dive in the US GAO assessment report.

We are participating in the CyberCon at Anaheim Convention Center [November 19th – 21st 2019]. Drop us a note for a meeting.

Leave a Reply

Your email address will not be published. Required fields are marked *