Cyberattacks on energy infrastructure are more prevalent and sophisticated than ever, and electric cooperatives should use services offered by the federal government to defend the grid, a top U.S. cybersecurity official told attendees at NRECA’s Co-op Cyber Tech Conference.

Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, joined NRECA Cybersecurity Director Carter Manucy in a June 13 discussion on building resilience against cyberthreats.

“The real challenge is our adversaries are upping their game,” said Wales. “They continue to improve the sophistication and technical capabilities that they are employing against us. This continues to be a cat and mouse game.”

Wales recommended co-ops sign up for CISA’s free, scalable technical services and tools, including vulnerability scanning, then work with the agency’s regional advisers to develop a solid cybersecurity baseline to take on in-depth practices and assessments.

Co-ops that enlist receive a weekly report on potential vulnerabilities. CISA also produces reports identifying a sector’s exposures that co-ops can use as a roadmap to bolster their cyber posture, Wales said.

The agency’s “known exploited vulnerabilities” or KEV tool also identifies where cyberattacks repeatedly occur. “If you must patch vulnerabilities, start with these,” he said. “Adversaries are looking to exploit your network.”

Wales placed heightened cybersecurity concerns for critical infrastructure in two buckets: day-to-day threats from cybercriminals and threats from nation-states, in particular China.

As cybercriminals specialize in components of an attack, such as developing or using tool sets or negotiating ransoms, daily threats have “really exploded over the past three to four years and energy assets, municipal assets, have been on the frontlines of the ransomware challenge,” he said.

State-sponsored actors, such as Volt Typhoon in China, are deploying malware and challenging detection by using legitimate credentials to get on networks and wreak havoc on critical infrastructure.

“The specific targets are less important,” said Wales. “They are happy to go after a large number of medium-sized entities and cause societal panic in the U.S. and achieve their aim—to try to affect our geopolitical decision-making. Those threats are very real and, in many cases, particularly with nation-states, very targeted against the energy sector.”

Co-ops take cyberthreats “extraordinarily seriously,” especially after the May 2021 Colonial Pipeline ransomware attack, Manucy said. The country’s largest oil pipeline was forced to shut down operations for several days.

“The Chinese have taken note of the reaction to Colonial Pipeline,” Wales said. “They saw the effect of a relatively minor attack on the American psyche. They want to cause that impact and will look for opportunities and the best places to do that.”

The message for co-ops, Manucy said, is that “you may be a small utility, but it is not your size that they care about; it’s the amplified effect [of a cyberbreach] that you have no control over.”

Wales noted that the electric power sector “is among the most engaged in cybersecurity from large investor-owned utilities to munis and co-ops.”

“We’ve got tremendous engagement in that community and all entities that work in that space,” he said. “The challenge here is the nature of the tactics they are using in this space.”