NIST unveils new smart grid security measures
SUBNET Solutions Inc | Monday, June 27, 2011
The ongoing development and upgrades to the U.S. power supply network requires that utilities overhaul their dated cyber security protocols. Critical infrastructure protection (CIP) regulations are quickly being amended as the government prepares for the next phase in the grid's development, and this week the government released its latest cyber security guide.
The National Institute of Standards and Technology (NIST) issued the final version of its Guide to Industrial Control Systems (ICS) Security (SP 800-82) this week, according to the agency. The manual is intended to help utilities and other organizations that are involved in the management of critical infrastructures to protect such systems from cyber security infiltrations.
What's more, the new guide from NIST was developed to address the unique issues that different sectors face over the coming years in terms of performance, reliability and safety requirements. Specifically, the guide is intended for industrial control systems (ICS) that are federally owned or operated, NIST said in a statement.
Some power generators, distributors and transmitters are a part of that group, according to officials. Still, with roughly 90 percent of the nation's critical infrastructure privately owned, the manual could have far-reaching consequences in ongoing security initiatives at private companies, industry analysts assert.
The Federal Information Security Management Act (FISMA) mandated that NIST develop a revised cyber security guide, and the recent spate of high-profile cyber attacks on important global businesses has made the report's release all the more prescient. Industrial control systems that include supervisory control and data acquisition (SCADA) systems fall under the agency's jurisdiction, and industry analysts assert that many utilities have been awaiting the new report as they look to develop long-term cyber security protocols.
NIST officials affirm that the development of the smart grid has and will benefit U.S. consumers in a number of ways and could result in lower electricity rates and shorter power outages. Still, the smart grid is exceedingly vulnerable to cyber security attacks as hackers from around the globe work to take out critical infrastructures. The Stuxnet worm, which destroyed roughly 20 percent of Iran's nuclear computing system, exemplifies such an attack, analysts assert.
As a result of the importance of the smart grid, industry officials affirm that cyber security measures must be in place to protect against attacks.
"Securing an industrial control system requires a proactive, collaborative effort that engages cyber security experts, control engineers and operators and other experts and experienced workers," NIST mechanical engineer and lead author of the report Keith Stouffer said. "It also requires factoring in - and addressing - new risks introduced by the evolving 'smart' electric power grid."
NIST officials and industry watchers recommend that utilities move to adopt the new cyber security protocols, using them in conjunction with recommendations that NIST issued in September. The new guides are available on NIST's website.
Substation Cyber Security
Substation Automation & Remote Access