Menu
US agency tells electric utilities to shore up authentication

US agency tells electric utilities to shore up authentication

NIST's new publication focuses on authentication and access control

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, a government agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's industrial control cyber team responded to in 2014 were tied to weak authentication, said the U.S. National Institute of Standards and Technology (NIST). Another four percent of industrial control incidents were related to abuses of access authority, the agency said.

The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.

NIST electric cyber guide Screenshot
A new guide from the U.S. National Insititute of Standards and Technology offers advice to electric utilities on preventing cyberattacks through better access control.

"The electric power industry is upgrading older, outdated infrastructure to take advantage of emerging technologies, but this also means greater numbers of technologies, devices, and systems connecting to the grid that need protection from physical and cybersecurity attacks," the guide says.

Part of the problem is that many energy utilities have decentralized identity and access management systems "controlled by numerous departments," according to the guide. That decentralized approach can lead to an inability to identify sources of a problem or attack and a lack of "overall traceability and accountability regarding who has access to both critical and noncritical assets."

The publication recommends a centralized access-control system, with the NCCoE developing an example system that utilities can use.

The guide offers step-by-step instructions allowing utilities to "reduce their risk and gain efficiencies in identity and access management," Donna Dodson, director of the NCCoE, said in a statement.

A 306-page document shows security engineers how to set up two versions of a centralized access-control system using commercially available products, with a focus on reducing opportunities for a cyberattack and for human error.

Working with security experts from the energy sector, the NCCoE staff also developed a scenario describing a security challenge based on normal day-to-day business operations.

The scenario centers on a utility technician who has access to several physical substations and to remote terminal units connected to the company's network in those substations. When she leaves the company, her privileges should be revoked, but without a centralized identity management system, managing routine events can be time-consuming.

NIST is seeking comments on the draft guide.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments