I am happy to see ICS cyber security specifically being addressed by the US Secretary of Energy. It is “unobtainium” to secure the electric system, or any other industry which uses the same equipment, within 100 days even though there can be a good start. Network cyber threat prevention and situational awareness can be employed now. However, ICS device security and the culture gap between networking and engineering will require a long-term effort and there doesn’t appear to be a concerted effort by the electric or nuclear sectors to address these issues. As far as supply chain and the DOE RFI, the Chinese are in our supply chains which is the reason for EO 13920. Moreover, supply chain cyber security is more than a transformer or a grid issue as China has supplied pumps, valves, motors, relays, and other equipment world-wide and Russia has also compromised the ICS supply chain.
URL: A Reality Check of the DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System
