with Aaron Schaffer

The Biden administration is launching a 100-day plan to shore up the cybersecurity of the nation's electricity infrastructure, it is announcing today. 

The plan, a joint effort between the Energy Department and the Cybersecurity and Infrastructure Security Agency, focuses on helping operators in the electricity industry modernize their security systems and implement new technologies to detect and mitigate threats. 

“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” Secretary of Energy Jennifer M. Granholm said in a statement. “It’s up to both government and industry to prevent possible harms that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.” 

The electric industry faces a daily onslaught of attacks by cybercriminals. Those attacks have only increased during the pandemic when a shift to remote work created even more opportunities for hackers, researchers and government officials.

Recent attacks on SolarWinds and Microsoft Exchange software, both of which ensnared the electric industry, have renewed the urgency to modernize and secure America's electric grid. Some owners and operators still rely on decades-old equipment that was not designed with modern cybersecurity risks in mind.

“That's something that really has our attention as we think about the potential for a coordinated attack against the against the electric sector,” Jim Robb, president and chief executive officer of North American Electric Reliability Corporation (NERC), said in a call with reporters last week.

Officials and industry experts have long warned about the potential devastation that could result from a coordinated attack on America's grid by foreign adversaries. A 2015 attack by Russia on Ukraine's power grid caused caused a mass blackout and significant economic losses.

The administration initiative could be a step toward greater coordination between the electric industry and the government.

The industry currently shares threats through NERC’s Electricity Information Sharing and Analysis Center. But some members of the electric industry have voiced concerns the federal government does provide enough guidance on critical vulnerabilities.

The National Commission on Grid Resilience, a bipartisan group of former government officials and electricity sector experts, called last year for greater declassification of threat intelligence as well as real-time threat notification center for owners and operators.

"The new initiative addresses some of those concerns. The voluntary initiative will allow for "sharing of insights and detections rapidly with participants, the federal government, participants, and trusted organizations such as relevant information sharing and analysis centers," an Energy Department spokesperson said in an email.

Members of the electric industry have also called for greater guidance around security requirements for third-party software and hardware vendors. While grid operators have to submit to strict federal regulations, owners and operators are responsible for vetting the cybersecurity of the equipment and software they use. 

The Biden administration will also lift a temporary ban on acquiring and installing bulk-power systems that serve critical defense systems. The Energy Department is seeking industry input for a new executive order on guidelines for purchasing equipment. 

The new initiative follows criticism from some industry members that funding for grid security was snubbed in Biden's recent infrastructure package.

The plan is a pilot for similar action across other critical infrastructure sectors, the release says.

“The safety and security of the American people depend on the resilience of our nation's critical infrastructure,” acting CISA director Brandon Wales said in a statement. “This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors.”

The keys

The DNC added TikTok and Reddit to its ongoing analysis comparing how social media companies handle political disinformation. 

The so-called “scorecard, released today and shared first with The Cybersecurity 202, is the first update to the Democratic National Committee's report on social media companies since the election.  

The pair score relatively well on our measures of information quality, with Reddit’s distributed moderation model and downvote functionality and TikTok’s fact-checking regime reducing the reach of some misinformation, the DNC notes in the new scorecard. However, both companies have failed to adequately take on hate on their sites and trail their peers in addressing state-controlled media." 

While Reddit and TikTok draw far fewer users looking for political coverage, both have gotten attention in recent elections. Reddit has had to purge Russian trolls from using the platform to spread political chaos. And TikTok became a conduit for voter fraud conspiracy theories in the days after the election.

“Political misinformation on social media is a constant,” says Tim Durigan, a security analyst for the Democratic National Committee says. None of this stops outside of an election period," he said, pointing to the onslaught of misinformation following the election and leading up to the Jan. 6 attack on the Capitol. Durigan hopes urging companies to tackl concerns now will prevent ad-hoc approaches to problems that crop up in the future.

The White House will stand down its task forces to respond to Microsoft Exchange vulnerabilities.

The Biden administration is moving away from its “surge efforts” to respond to and mitigate the Microsoft Exchange server hacks because of increased patching and a reduction in victims, deputy national security adviser Anne Neuberger said in a statement. Further responses, Neuberger added, will be managed through “standard incident management procedures.”

The move comes as Microsoft faces a reckoning in Washington, where it has been criticized for its failure to detect the attack and the government’s reliance on its software. 

British citizens need to be more aware of nefarious users on sites such as LinkedIn, MI5 said.

The “think before you link” is being coordinated by an arm of MI5, the Financial Times’s Helen Warrell reports. It’s designed to raise awareness among 450,000 civil servants, academics and industry partners of fake online accounts targeting people with classified information.

The move comes as the spy agency, describing online intelligence efforts, said it was a “conservative estimate” to say that 10,000 British nationals had been approached by foreign spies in the past five years, with “a considerable volume” initially engaging with the spies.

 “This campaign, which harnesses the insight derived from our intelligence, behavioral science experts and cooperation of Five Eyes partners, will strengthen the U.K.’s collective defenses against this activity,” MI5 Director General Ken McCallum said, noting that fake profiles were being used on business networking sites on an “industrial scale.”

The United Kingdom tested the campaign three years ago but is only now publicly launching it. The other members of the Five Eyes intelligence alliance, including the United States, have set up versions of the campaign.

Researchers say hackers have infiltrated more than 100 advertising servers.

The reach of the malicious advertising network is “easily in the tens if not hundreds of millions of devices,” Confiant said. The report comes a year after the cybersecurity firm first reported on the campaign, which it called “Tag Barnakle” and at the time said had affected tens of thousands of websites.

Over the past year, the campaign “all but doubled down,” according to Confiant, which found 120 hacked advertising servers. It also detected that the campaign had pivoted to mobile advertising campaigns, whereas a year ago it focused on hitting desktop computers. The researchers say the group’s goal appears to be to get victims to download obscure apps or route them elsewhere.

Chat room

The advertising network drew attention for its scope and methods. Quentyn Taylor, the director of information security at Canon for Europe, the Middle East and Africa:

Cybersecurity and ad fraud researcher Augustine Fou:

Consultant, researcher and writer Martijn Grooten:

Cyber insecurity

Daybook

  • CISA executive assistant director for cybersecurity Eric Goldstein speaks at the Industrial Control Systems Joint Working Group’s spring virtual meeting today at 8:30 a.m.
  • Senate Majority Leader Charles E. Schumer (D-N.Y.); Rep. Michael McCaul (R-Texas); acting National Counterintelligence and Security Center director Mike Orlando; and Carl McCants, the technical director of NCSC’s supply chain and cyber directorate, speak at an Intelligence and National Security Alliance event on microelectronics supply chains today at noon.
  • A House Energy and Commerce Committee panel holds a hearing on securing U.S. wireless network technology on Wednesday at 10:30 a.m.
  • The Senate Armed Services Committee holds two hearings on the military’s cyber workforce and technology on Wednesday at 2:30 p.m.
  • Former undersecretary of state Keith Krach and retired four-star Gen. Stanley McChrystal discuss how the United States and its allies can create a global cyber-trust network at a Washington Post Live event on Thursday at 11 a.m.
  • Former acting Defense Intelligence Agency director David Shedd and former Undersecretary of Defense for Intelligence Steve Cambone speak at a Heritage Foundation event on the intelligence community on Friday at noon.

Secure log off