New cybersecurity standards

Share this article:

So just last month, the North American Electric Reliability Council (NERC) adopted eight permanent cybersecurity standards that extend to all bodies connected to the nation's electric grid. This includes transmission and generator owners and operators, reliability coordinators, balancing authorities and load-serving entities.

"The electric grid is interconnected so that all entities affect each other," says Regis Binder, group manager of logistics and security at the Federal Energy Regulatory Commission (FERC).

While most industry experts admit physically protecting the power infrastructure remains the top priority, the threat of cyberterrorism is real, says Gerry Cauley, vice president at NERC.

"A cyberattack would make it possible to take down parts of the grid or cause outages that could affect customers," he says. "It's sort of an indirect weapon to cause confusion."

The U.S. electric grid has become more vulnerable in recent years as Supervisory Control and Data Acquisition (SCADA) systems transitioned from hard-to-figure-out "air-gapped" platforms to modern, interconnected Windows and Linux platforms, says Dave Norton, program manager of transmission IT energy at Entergy, North America's fifth largest electric utility.

"Security by obscurity has worked relatively well," he says. "We're moving away from obscure systems to systems that everybody understands."

The standards, which took effect in June, will become mandatory January 1, 2007 if, as expected, FERC names NERC the nation's Electric Reliability Organization.

Financially hamstrung utilities may meet the new standards with some resistance, Norton predicts. Federal funding would help. "There's no miracles," he says. "Somebody has to foot the bill."

— Dan Kaplan

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.