U.S. power grids need to boost their cyber defenses to find hackers faster to keep them from gaining control over operations, according to the country’s top energy regulator.
The Federal Energy Regulatory Commission is proposing to develop standards to monitor devices or equipment on bulk power systems, according to a notice issued Thursday. The proposed standards would seek to find hackers lurking within networks as opposed to current efforts that use a perimeter defense that focuses on trying to keep attackers out of sensitive networks.
A massive breach using software from Texas-based SolarWinds Corp. in 2020 is one example of how attackers can bypass such defenses through trusted vendors, FERC said.
“We can’t let our guard down on cybersecurity at all and we need to continually monitor whether the standards are appropriate,” FERC Chairman Richard Glick told reporters in a Thursday briefing. Companies need to be vigilant against hackers trying to get in and “if they do get into the system, it’s important to know it as quickly as possible, to have knowledge of it and to be able to take action on it.”
There is a 60-day comment period for the proposal. After that, the commission is expected to order the North American Electric Reliability Corp., the international body charged with reducing risks to energy grids, to revise or submit new rules to address the gap.
