Network World
Tuesday, February 9, 2010
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools
NetworkWorld.com > Security >

Group defines cyberattack prevention rules for nation's power grid

Federal Energy Regulatory Commission sets infrastructure standards

By Ellen Messmer, Network World, 01/17/08

The Washington-based Federal Energy Regulatory Commission today approved eight "critical infrastructure protection" (CIP) standards intended to protect the electric-power grid operated by the nation's utilities from coming under cyberattack because of poor access control, software vulnerabilities or other weaknesses in their data-control systems.

Why a social networking strategy is needed
02/09/10
When I'm not being a journalist and leaping wide clauses in a single bound or moving faster than a speeding cursor, I adopt my alternate persona: Mark Gibbs, mild-mannered consultant. Well, perhaps not so mild-mannered.

Victoria to tip in $3M to spy on bushfires
02/09/10
Victoria’s troubled bushfire alert system may be bolstered with a fleet of fire-detection cameras after a $3 million government trial announced today is completed.

The 12 most popular newsletters of all time
02/09/10
This week will be the final week of the Network Architecture newsletter as penned by me. Before we say goodbye in Thursday's issue, I'd like to take a fond look back at the biggest hits.

FERC, which has regulatory authority over U.S. electric and gas utilities, decided in a unanimous vote to require that users, owners and operators of what's called the "bulk power system" for electricity, to establish policies and plans to safeguard physical and electronic access to control systems, according to the eight CIP principles. FERC Chairman Joseph Kelliher called the commission's decision a milestone in "adopting the first mandatory and enforceable reliability standards that address cybersecurity concerns on the bulk power system in the United States."

Capacity Management in VMWare Virtualized Infrastructures : Download now

These standards, in summary, are:

* Critical cyberasset identification
* Security management controls
* Personnel and training
* Electronic security perimeters
* Physical security of critical cyberassets
* Systems security management
* Incident reporting and response planning
* Recovery plans for critical cyberassets

The CIP standards were proposed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the organization that will oversee compliance with them.

During the FERC public meeting today, Kelliher said that adoption by the energy industry of the eight CIP measures would work to deter "any organized group that might be intentionally trying to disrupt the grid."

FERC Commissioner Jon Wellinghoff called the decision by the FERC an important one to better secure an interconnected grid system, but Commissioner Philip Moeller raised the question of whether the country would end up with a "more disconnected bulk-power grid as a way to defend against a cyberattack."

In discussing its decision to adopt the CIP standards to regulate the bulk-power grid, FERC acknowledged that it had received many comments from the power companies related to the concern that the older data-control equipment they have in place today is not designed to adhere to strict security guidelines that might entail software patching or running security and management software.

React: Give us your thoughts on the issues here.
Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague).
Log In | Register for an account (Why you should)

Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."

*Anonymous comments will only appear once they are approved by the moderator.

Copyright 2008 Network World Inc.