The U.S. electric grid has been made more vulnerable to hacking risks by inverter-based technologies used in renewable solar and wind energy storage systems, CyberScoop reports.
In a hearing before the House Committee on Energy and Commerce, former Assistant Secretary of Defense Paul Stockton attributed the cybersecurity risks of power inverters to their digitally native nature and their China-based manufacturing.
"Manufacturers in China are important producers of inverters being deployed nationwide across the United States and I think looking at supply chain risks not just availability of critical products but the risks that China will exploit these products in order to conduct attacks on the grid," said Stockton, who noted that strengthening the devices of inverter equipment would enable stronger electric grid cyber resilience and better combat adversaries' threats.
Meanwhile, the Energy Department said that it will consider adding inverters to the newly introduced cybersecurity labeling initiative for smart devices.
"We look forward to partnering with the Federal Communications Commission, the Cybersecurity and Infrastructure Security Agency, DOE National Laboratories, and our industry partners to advance the cybersecurity of energy systems," said Director of the DOE Office of Cybersecurity, Energy Security, and Emergency Response Puesh Kumar.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.