[5/12/17] President Trump ordered the federal government to prepare for a devastating cyber attack against America’s electric grid amid growing fears foreign states are set to carry out attacks aimed at plunging the nation into darkness.
A presidential order signed Thursday directed key federal agencies to assess preparations for a prolonged power outage resulting from cyber attacks designed to disrupt the power grid.
An assessment of the danger must be carried out by the Energy Department, Homeland Security, DNI and state and local governments to examine the readiness of the United State to manage a shutdown of the power grid. The assessment will also identify gaps and shortcomings in efforts that would be used restore power.
New cyber security measures outlined in the executive order come as the commander of Cyber Command warned two days earlier that America’s critical infrastructure is vulnerable to disruption by foreign cyber attacks.
Cyber command chief Adm. Mike Rogers said several nations, including Iran, have been tied to disruptions and remote intrusions into U.S. critical infrastructures, such as the electric grid, financial networks, and others.
Rogers said destructive cyber attacks on critical infrastructure are one of his two worst case scenarios. The second involves the threat of cyber intrusions aimed at manipulating data within networks.
Iran tried to disrupt the function of a dam in upstate New York in 2013, and Russia has used industrial control malware called BlackEnergy to attack Ukraine’s electric grid, Rogers said.
“Infiltrations in U.S. critical infrastructure—when viewed in the light of incidents like these—can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests,” Rogers said.
The report on electric grid cyber attacks must be provided to the White House by Aug. 9.
The new order is the result of a Trump administration policy review aimed at improving cyber security for both the government and private sector.
The order states that federal agency heads will be held accountable for protecting networks from cyber attack, an apparent reference to China’s cyber attack on the Office of Personnel Management that led to the theft of some 22 million records on federal workers, including very sensitive personal data.
Homeland Security Adviser Tom Bossert told reporters at the White House in announcing the new order that the OPM hack highlighted the need for improved federal government software and hardware that will focus on sharing services and securing data.
“We saw that with the OPM hack and other things,” he said. “We’ve got to move to the cloud and try to protect ourselves, instead of fracturing our security posture.”
The order does not seek to define an act of war in cyberspace.
However, the directive requires the Pentagon and other security agencies to report within 90 days on cyber warfighting capabilities and defending the industrial base from cyber attacks.
Foreign hackers pose threats to the technology and equipment supply chain including U.S. military systems.
Military cyber warfare efforts are mentioned vaguely in the order. It states that security agencies must “assess the scope and sufficiency of United States efforts to ensure that the United States maintains or increases its advantage in national-security-related cyber capabilities.”