Three agencies team on cyber defense of energy infrastructure
- By Mark Rockwell
- Feb 05, 2020
The Departments of Energy, Homeland Security and Defense have extended their joint effort to develop common cyber threat indicators and cyber defense capabilities to protect critical infrastructure in the energy sector.
The agencies signed a new memorandum of understanding to develop common, cross-agency threat data and to collaborate on cyberattack response playbooks for energy infrastructure stakeholders. The MOU extends the Pathfinder information sharing effort for critical infrastructure sectors among the agencies begun in 2018.
"Through this agreement, we will strengthen the partnership between DOE, DHS, and DOD to enable intergovernmental cooperation and bolster our ability to proactively address cyber threats to critical energy infrastructure, and to respond effectively should those threats materialize," Karen Evans, DOE's assistant secretary of cybersecurity, energy security and emergency response, said in a Feb. 3 statement.
Bryan Ware, assistant director for cybersecurity at DHS' Cybersecurity and Infrastructure Security Agency, said the agreement will help develop threat indicators and warnings that can cross multiple national critical functions, enhance cyber threat information sharing and expedite response.
Kenneth Rapuano, assistant secretary of defense for homeland defense and global security, said the energy sector Pathfinder effort "is a priority initiative" at DOD.
Sharing threat information among government agencies and critical infrastructure providers has become urgent in the wake of recent military confrontations and cyber threats from not only Russia and China, according to experts, but particularly from Iran. The U.S. government is a keystone in defense of the mostly commercially owned energy sector infrastructure.
In an increasingly dangerous global cyber environment, privately owned U.S. energy infrastructure could bear the brunt of a possible Iran-backed retaliatory cyberattack in the wake of the U.S. killing of Iranian Gen. Qassem Soleimani in January, according to a top military cyberspace officer.
U.S. military strikes against nation-state officials in retaliation for cyberattacks on U.S. infrastructure, said Gregg Kendrick, executive director, Marine Corps Forces Cyberspace Command, could bring consequences to private-sector energy infrastructure networks.
Kendrick and others on the panel at a Feb. 4 critical infrastructure conference agreed that Iran has historically taken a long view of retaliation and that the U.S. energy critical infrastructure remains in the country's crosshairs.
"The U.S. government networks are actually pretty well defended" against those attacks, he said. "It would really go against the business side."
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.