-Assistant Secretary Andy Ozment and Deputy Assistant Secretary Greg Touhill
The Department of Homeland Security (DHS) works closely with the Department of Energy (DOE) and the electric sector to ensure the security, resilience, and reliability of the U.S. power grid. Additionally, many American utility providers have invested heavily in both cyber and physical security. While the U.S. power grid is highly resilient, it’s important for owners and operators of electric and other critical infrastructure sector assets to be aware of this particular threat and to implement mitigation steps that will reduce their vulnerabilities to similar cyber-attacks and other malicious activity employing these tactics, techniques, and procedures. To be clear, this threat applies to any sector that uses industrial control systems, not just the electric sector.
Last December, several Ukrainian power companies experienced an apparent cyber-attack that resulted in unscheduled power outages lasting up to six hours that impacted over 200,000 customers. At the request of the Ukrainian government, an U.S. interagency team comprised of representatives from DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and United States Computer Emergency Readiness Team (US-CERT) as well as the DOE, Federal Bureau of Investigation, and the North American Electric Reliability Corporation, traveled to Ukraine to gather information about the incident and identify potential mitigations.
At this time, there is no evidence of similar malicious activity affecting U.S. critical infrastructure. However, U.S. critical infrastructure entities have been affected by targeted intrusions in recent years, and it is imperative that critical infrastructure owners and operators across all sectors are aware and up-to-date on the cyber threat landscape and the measures they can take to protect their assets.
As part of our ongoing mission to share information, DHS has posted a public alert on the ICS-CERT website, in addition to a technical alert to a secure portal for critical infrastructure partners. The Department has also provided briefings to critical infrastructure partners and international allies. DHS has already provided a briefing to the electric sector, and we have upcoming briefings with the chemical, nuclear, transportation, natural gas, and water sectors via Sector Coordinating Councils and Information Sharing and Analysis Centers.
Critical infrastructure owners and operators need to be aware of malicious cyber activity and take measures to protect their assets. They should read the ICS-CERT Incident Alert regarding this incident and implement mitigation practices outlined in the alert. Those recommended mitigation actions will reduce their exposure to many types of cyber threats. More detailed technical information is available on the secure ICS-CERT portal. To join this portal, critical infrastructure owners and operators should email firstname.lastname@example.org. For more general recommendations, critical infrastructure owners and operators should review the “Seven Steps to Effectively Defend Industrial Control Systems.”
Our work does not stop here. DHS is planning an expanded outreach campaign to all critical infrastructure sector asset owners and operators to discuss the Ukraine incident and provide detection and mitigation strategies to prevent cyber-attacks using these malicious techniques and tactics. Information sharing is a key part of our cybersecurity mission and we will continue to do so in the interest of public safety.