Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

NetworkWorld.com > Security >

Group defines cyberattack prevention rules for nation's power grid

Federal Energy Regulatory Commission sets infrastructure standards

By Ellen Messmer, Network World, 01/17/08

The Washington-based Federal Energy Regulatory Commission today approved eight "critical infrastructure protection" (CIP) standards intended to protect the electric-power grid operated by the nation's utilities from coming under cyberattack because of poor access control, software vulnerabilities or other weaknesses in their data-control systems.

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

FERC, which has regulatory authority over U.S. electric and gas utilities, decided in a unanimous vote to require that users, owners and operators of what's called the "bulk power system" for electricity, to establish policies and plans to safeguard physical and electronic access to control systems, according to the eight CIP principles. FERC Chairman Joseph Kelliher called the commission's decision a milestone in "adopting the first mandatory and enforceable reliability standards that address cybersecurity concerns on the bulk power system in the United States."

These standards, in summary, are:

* Critical cyberasset identification
* Security management controls
* Personnel and training
* Electronic security perimeters
* Physical security of critical cyberassets
* Systems security management
* Incident reporting and response planning
* Recovery plans for critical cyberassets

The CIP standards were proposed by the North American Electric Reliability Corporation (NERC), which FERC has designated as the organization that will oversee compliance with them.

During the FERC public meeting today, Kelliher said that adoption by the energy industry of the eight CIP measures would work to deter "any organized group that might be intentionally trying to disrupt the grid."

FERC Commissioner Jon Wellinghoff called the decision by the FERC an important one to better secure an interconnected grid system, but Commissioner Philip Moeller raised the question of whether the country would end up with a "more disconnected bulk-power grid as a way to defend against a cyberattack."

In discussing its decision to adopt the CIP standards to regulate the bulk-power grid, FERC acknowledged that it had received many comments from the power companies related to the concern that the older data-control equipment they have in place today is not designed to adhere to strict security guidelines that might entail software patching or running security and management software.

React: Give us your thoughts on the issues here.

Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague).
| Register for an account (Why you should)

Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."

*Anonymous comments will only appear once they are approved by the moderator.

Sign up for the Video & Podcast Alert Newsletter

Does Verizon's Voyager stack up to the iPhone?
Keith checks out the Verizon Wireless Voyager multimedia phone, and compares it to Apple's iPhone. Watch now

TOP STORIES

The title and comments fields must be filled out to continue.
Your name:	Your e-mail address:
*Subject
*Comments

Username:	Password:

Security