In a post-Stuxnet world, growing concerns over NERC's ability to protect smart grid
SUBNET Solutions Inc | Wednesday, May 11, 2011
The North American Electric Reliability Corporation (NERC) is tasked with overseeing the reliability and security of the U.S. electric power grid, but a growing number of industry watchers have begun to question whether the organization is doing enough to protect the grid from cybersecurity threats, according to a newly published report.
Automation World reports that NERC was given expanded powers following September 11 and the Northeast U.S. blackout in 2003. However, some analysts are publicly questioning whether NERC's initiatives can adequately guard the electricity supply given the growing complexity and number of cybersecurity threats.
Critics have assailed NERC for being comprised primarily of the companies that it regulates - a situation they call a conflict of interest. Further, some analysts like Joe Weiss, a security specialist and managing partner at Applied Control Solutions, affirm that NERC's network security protocols do not protect against the threat of cybersecurity threats that differ from more conventional attacks, like the Stuxnet worm that took out 20 percent of Iran's nuclear reactors.
"Stuxnet would be excluded from consideration and protection because it directly attacked a PLC with a non-routable protocol," Weiss wrote in his "Unfettered" blog. "Components that fall under the standard are defined as those that have an IP routable protocol. Stuxnet was spread through thumb drives. In addition, modems are still in use in some utilities. These are cyber-hackable, but are not covered because these also are non-routable protocols."
Substation Cyber Security