On Monday, Energy Secretary Rick Perry unveiled his department's comprehensive cybersecurity strategy, which he said was desperately needed because our energy grid is more vulnerable than ever to cyber threats, including from Iran, the leading state sponsor of terrorism.
"The frequency, scale and sophistication of cyber threats have increased, and attacks have become easier to launch," the Energy Department plan explains. "Nation-states, criminals, and terrorists regularly probe energy systems to actively exploit cyber vulnerabilities in order to compromise, disrupt, or destroy energy systems."
The Washington Examiner notes that the new cybersecurity plan was released "as federal and industry experts say Iran could target U.S. infrastructure in response to Trump's scuttling of the nuclear deal." According to The New York Times, the Pentagon's cyberwarfare unit has ramped up its monitoring of online activity in Iran since Trump pulled out of the nuclear deal last week.
The Energy Department underscores the threat posed by the increasing "interdependence among the nation’s energy systems," which makes a wide-scale attack increasingly easier.
The plan outlines a series of proactive steps the department will take to reduce the risk of attack, including creating a new cybersecurity office that will centralize federal security efforts, pursuing "disruptive changes in cyber risk management practices," and working closely with the energy industry as well as non-federal partners to improve preventative measures.
"As nation-states and criminals increasingly target energy networks, the federal government must help reduce cyber risks that could trigger a large-scale or prolonged energy disruption," the plan reads.
But the Examiner notes that while cybersecurity experts agree with the department's assessment of the threat level and key vulnerabilities, the plan does not provide enough specifics to gauge how effective it might be.
"Are there strategies to basically detach our critical functions from the Internet altogether, so as to be islanded off and thus not possible to have any cyber control or threat?" cybersecurity consultant and Stella Group President Scott Sklar asked in an email to the Examiner. "If so, what are they and what is the approach to implement?"