Menu
US agency tells electric utilities to shore up authentication

US agency tells electric utilities to shore up authentication

NIST's new publication focuses on authentication and access control

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

NIST electric cyber guide Screenshot
A new guide from the U.S. National Insititute of Standards and Technology offers advice to electric utilities on preventing cyberattacks through better access control.

"The electric power industry is upgrading older, outdated infrastructure to take advantage of emerging technologies, but this also means greater numbers of technologies, devices, and systems connecting to the grid that need protection from physical and cybersecurity attacks," the guide says.

Part of the problem is that many energy utilities have decentralized identity and access management systems "controlled by numerous departments," according to the guide. That decentralized approach can lead to an inability to identify sources of a problem or attack and a lack of "overall traceability and accountability regarding who has access to both critical and noncritical assets."

The publication recommends a centralized access-control system, with the NCCoE developing an example system that utilities can use.

The guide offers step-by-step instructions allowing utilities to "reduce their risk and gain efficiencies in identity and access management," Donna Dodson, director of the NCCoE, said in a statement.

A 306-page document shows security engineers how to set up two versions of a centralized access-control system using commercially available products, with a focus on reducing opportunities for a cyberattack and for human error.

Working with security experts from the energy sector, the NCCoE staff also developed a scenario describing a security challenge based on normal day-to-day business operations.

The scenario centers on a utility technician who has access to several physical substations and to remote terminal units connected to the company's network in those substations. When she leaves the company, her privileges should be revoked, but without a centralized identity management system, managing routine events can be time-consuming.

NIST is seeking comments on the draft guide.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments