Security News > 2021 > April > New Initiative to Protect U.S. Electrical Grid From Cyberattacks: Feedback Friday
"It's always good to have more attention on embedded systems security, especially when it involves critical infrastructure. However, focusing entirely on Chinese-manufactured or supplied equipment used in U.S. infrastructure does not take into account that equipment manufactured in the U.S. and Europe also contains significant vulnerabilities. In this year alone, we've seen vulnerability disclosures from CISA from companies like Siemens, GE, and Schneider Electric. There's clear evidence that vulnerabilities from manufacturers around the world - not just China - and they need to be mitigated before threat actors take advantage with devastating consequences."
Governments need to take an active role in assisting utilities and other parts of critical infrastructure in their push for manufacturers to make meaningful improvements in the grid equipment security, before the equipment is deployed.
"While it's nice to see ICS cybersecurity garnering much national focus and attention, I find it disappointing that the US government continues to focus almost exclusively on the electric power sector in its efforts to secure ICS. They seem to fail to recognize that ICS are used in nearly every critical infrastructure sector.
The critical infrastructure sectors discussed are vulnerable to ICS attacks and are well behind in implementing the appropriate countermeasures to secure their infrastructure.
"The aging critical infrastructure of the electric grid represents an existential cyber risk to U.S. national security.
The Biden administration's efforts to address the industrial sector's obsolescent infrastructure through the American Jobs Plan, coupled with the Department of Energy's 100-day sprint represent important initiatives to secure the nation's cyber defenses.