Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Energy Regulator Acts to Improve Power Grid Security

With growing concern over nation-state cyber attacks comes an increasing need to secure the critical infrastructure. In the Quadrennial Energy Review published in January 2017, the U.S. Energy Department wrote, “Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency.” The reliability of the electric system underpins virtually every sector of the modern U.S. economy, it warned.

With growing concern over nation-state cyber attacks comes an increasing need to secure the critical infrastructure. In the Quadrennial Energy Review published in January 2017, the U.S. Energy Department wrote, “Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency.” The reliability of the electric system underpins virtually every sector of the modern U.S. economy, it warned.

In response to such concerns, the Federal Energy Regulatory Commission (FERC) yesterday proposed new cyber security management controls to enhance the reliability and resilience of the nation’s bulk electric system.Energy Regulator Acts to Improve Power Grid Security

“FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security ñ Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable operation of the Bulk-Power System,” it announced.

The new standard will particularly improve on existing standards for access control, “by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems.”

The FERC statement also proposes that the North American Electric Reliability Corp (NERC) should develop criteria for mitigations against the risks resulting from any malware that could come from third-party transient devices. “These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the CIP standards,” said FERC.

While there have been few known successful attacks against the U.S. critical infrastructure, concern has grown dramatically with increasing geopolitical tensions, and the more open attribution of specific cyber attacks to specific foreign nations. The activities of Russia, Iran and North Korea are concerning. Russia is openly blamed for the DNC breaches, NotPetya and the attacks against the Ukrainian power systems; North Korea has been blamed for the Sony breach and numerous attacks against South Korea; and Iran has been accused of attacks against aerospace and energy companies.

Related: U.S. Energy Department Invests $20 Million in Cybersecurity

Related: ‘Industroyer’ ICS Malware Linked to Ukraine Power Grid Attack

Related: U.S. Electric Grid – America the Vulnerable

Advertisement. Scroll to continue reading.
Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...