The Washington-based Federal Energy Regulatory Commission today approved eight "critical infrastructure protection" (CIP) standards intended to protect the electric-power grid operated by the nation's utilities from coming under cyberattack because of poor access control, software vulnerabilities or other weaknesses in their data-control systems.
Energy companies worried about cost of upcoming cybersecurity standards
12/10/07
Unix admin tried to ax power grid
12/14/07
Insider charged with hacking California canal system
11/29/07
New attack fells Internet Explorer
11/22/09
A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser.
Google Chrome OS on the PC World Podcast
11/21/09
In this week's special (and slightly long) episode of the PC World podcast, editors Robert Strohmeyer, Tim Moynihan, Melissa Perenson, and Nick Mediati discuss the just-announced Google Chrome OS.
LG NAS Adds Blu-ray Drive
11/21/09
LG's N4B1 NAS box is neither a comprehensive media server nor a particularly fast performer, but as a network-attached storage device, it's quick enough for home/small-business file serving. The unit--available at this writing for around $700--is also the sturdiest and quite possibly the best-looking such box I've had my hands on. You also can't beat it's HTML configuration interface for looks or ease of learning and use. But none of that compares to the N4B1's most outstanding feature: an integrated Blu-ray burner, unique among NAS products in the SMB/SOHO market.
E-Mail article
|
|
Print article
|
|
Contact author
|
Reprint
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
FERC, which has regulatory authority over U.S. electric and gas utilities, decided in a unanimous vote to require that users, owners and operators of what's called the "bulk power system" for electricity, to establish policies and plans to safeguard physical and electronic access to control systems, according to the eight CIP principles. FERC Chairman Joseph Kelliher called the commission's decision a milestone in "adopting the first mandatory and enforceable reliability standards that address cybersecurity concerns on the bulk power system in the United States."
These standards, in summary, are:
* Critical cyberasset identification
* Security management controls
* Personnel and training
* Electronic security perimeters
* Physical security of critical cyberassets
* Systems security management
* Incident reporting and response planning
* Recovery plans for critical cyberassets
The CIP standards were proposed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the organization that will oversee compliance with them.
During the FERC public meeting today, Kelliher said that adoption by the energy industry of the eight CIP measures would work to deter "any organized group that might be intentionally trying to disrupt the grid."
FERC Commissioner Jon Wellinghoff called the decision by the FERC an important one to better secure an interconnected grid system, but Commissioner Philip Moeller raised the question of whether the country would end up with a "more disconnected bulk-power grid as a way to defend against a cyberattack."
In discussing its decision to adopt the CIP standards to regulate the bulk-power grid, FERC acknowledged that it had received many comments from the power companies related to the concern that the older data-control equipment they have in place today is not designed to adhere to strict security guidelines that might entail software patching or running security and management software.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary [1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Network World on Twitter: Get our tweets and stay plugged in to networking news