Menu
US agency tells electric utilities to shore up authentication

US agency tells electric utilities to shore up authentication

NIST's new publication focuses on authentication and access control

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

NIST electric cyber guide Screenshot
A new guide from the U.S. National Insititute of Standards and Technology offers advice to electric utilities on preventing cyberattacks through better access control.

"The electric power industry is upgrading older, outdated infrastructure to take advantage of emerging technologies, but this also means greater numbers of technologies, devices, and systems connecting to the grid that need protection from physical and cybersecurity attacks," the guide says.

Part of the problem is that many energy utilities have decentralized identity and access management systems "controlled by numerous departments," according to the guide. That decentralized approach can lead to an inability to identify sources of a problem or attack and a lack of "overall traceability and accountability regarding who has access to both critical and noncritical assets."

The publication recommends a centralized access-control system, with the NCCoE developing an example system that utilities can use.

The guide offers step-by-step instructions allowing utilities to "reduce their risk and gain efficiencies in identity and access management," Donna Dodson, director of the NCCoE, said in a statement.

A 306-page document shows security engineers how to set up two versions of a centralized access-control system using commercially available products, with a focus on reducing opportunities for a cyberattack and for human error.

Working with security experts from the energy sector, the NCCoE staff also developed a scenario describing a security challenge based on normal day-to-day business operations.

The scenario centers on a utility technician who has access to several physical substations and to remote terminal units connected to the company's network in those substations. When she leaves the company, her privileges should be revoked, but without a centralized identity management system, managing routine events can be time-consuming.

NIST is seeking comments on the draft guide.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments