NERC president discusses cyber security challenges, processes
SUBNET Solutions Inc | Friday, April 22, 2011
Gerry Cauley, president of the North American Electric Reliability Corporation (NERC), recently addressed the House Homeland Security Subcommittee about the rising importance of cyber security in relation to smart grid technologies.
As these technologies have become more commonly used in the energy sector, the threat of illegal cyber activities now pose a legitimate threat. Cauley told the subcommittee that "due to increasing efficiencies and globalization of vendors, the universe of suppliers for industrial control systems is limited;" thus, this creates a center that cyber criminals can attack if their technology becomes outdated or presents vulnerabilities.
"As illustrated by the Stuxnet malware, industrial control system software can be changed and a loss of process control can occur without intrusions even being detected," Cauley explained. "The Stuxnet intrusion methods may serve as a blueprint for future attackers who wish to access controllers, safety systems and protection devices to insert malicious code that could result in changes to set points and switches, as well as the alteration or suppression of measurements."
In response, NERC has issued alerts regarding the malware and has begun offering enterprise risk-based programs, policies and processes for these suppliers to prepare for, react to and recover from any potential attacks.
Furthermore, NERC has also established its own set of rules, the NERC CIP standards, which require all those in the electric sector to develop risk-based security policies regarding their specific assets, architecture and exposure.
Substation Cyber Security