With growing concern over nation-state cyber attacks comes an increasing need to secure the critical infrastructure. In the Quadrennial Energy Review published in January 2017, the U.S. Energy Department wrote, “Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency.” The reliability of the electric system underpins virtually every sector of the modern U.S. economy, it warned.
In response to such concerns, the Federal Energy Regulatory Commission (FERC) yesterday proposed new cyber security management controls to enhance the reliability and resilience of the nation’s bulk electric system.
“FERC proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-7 (Cyber Security ñ Security Management Controls), which is designed to mitigate cyber security risks that could affect the reliable operation of the Bulk-Power System,” it announced.
The new standard will particularly improve on existing standards for access control, “by clarifying the obligations that pertain to electronic access control for low-impact cyber systems; adopting mandatory security controls for transient electronic devices, such as thumb drives and laptop computers; and requiring responsible entities to have a policy for declaring and responding to CIP exceptional circumstances related to low-impact cyber systems.”
The FERC statement also proposes that the North American Electric Reliability Corp (NERC) should develop criteria for mitigations against the risks resulting from any malware that could come from third-party transient devices. “These modifications will address potential gaps and improve the cyber security posture of entities that must comply with the CIP standards,” said FERC.
While there have been few known successful attacks against the U.S. critical infrastructure, concern has grown dramatically with increasing geopolitical tensions, and the more open attribution of specific cyber attacks to specific foreign nations. The activities of Russia, Iran and North Korea are concerning. Russia is openly blamed for the DNC breaches, NotPetya and the attacks against the Ukrainian power systems; North Korea has been blamed for the Sony breach and numerous attacks against South Korea; and Iran has been accused of attacks against aerospace and energy companies.
Related: U.S. Energy Department Invests $20 Million in Cybersecurity
Related: ‘Industroyer’ ICS Malware Linked to Ukraine Power Grid Attack
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
