NIST looks to open discussion on improving cyber security
SUBNET Solutions Inc | Saturday, July 06, 2013
In an effort to create a greater dialog about the country's critical infrastructure protection (CIP), the National Institute of Standards and Technology (NIST) published a draft outlining the state of the security of the national grid infrastructure.
Security is a large risk confronting the United States electric grid infrastructure. Built before digital security was fully realized, the country's electric grid is becoming increasingly susceptible to cyber risks. Cyber attacks from hackers are fast becoming regular occurrences as the energy sector saw 111 security incidents to critical infrastructure in the first half of the 2013 fiscal year. As a result of these growing risks, the federal government is making efforts to prepare both the public and private sectors against cyber security threats to the country's energy infrastructure.
Opening up the discussion
President Barack Obama issued an Executive Order in February of 2013, calling for the NIST to create a voluntary framework for private companies and public organizations so as to develop a method of identifying and protecting against cyber threats. Since then, the NIST has listened to comments from a variety of stakeholders involved in the security of critical infrastructure and formulated a draft that addresses these concerns.
Commenting on the formation of this new draft was NIST Senior Information Technology Policy Advisor Adam Sedgewick. "We are pleased that many private-sector organizations have put significant time and resources into the framework development process," he said. "We believe that both large and small organizations will be able use the final framework to reduce cyber risks to critical infrastructure by aligning and integrating cyber security-related policies and plans, functions and investments into their overall risk management."
The draft draws insights from stakeholders in government, private industry, and academia and offers a wide ranging view of how to manage cyber security issues within a company. It addresses what it sees as the five major functions of cyber security and the three implementation levels for this policy.
Certain measures have already been taken by some organizations to solidify CIP implementation. The North American Electric Reliability Corporation (NERC) has set up a set of standards that utilities must adhere with to ensure that their grid is reliable and well protected against these threats. With the growing number of risks to the nation's grid infrastructure, utilities must be able to comply with these stringent standards so as to ensure the safe transmission of electricity.
SUBNET is prepared to help protect grid infrastructure by offering cyber security solutions employing smart grid technology for utilities. Through leveraging their existing infrastructure and corporate IT policies SUBNET is able to help utilities meet the strict NERC CIP standards.
Substation Cyber Security