Report question ability of FERC and NERC to establish smart grid cyber security measures
SUBNET Solutions Inc | Tuesday, July 05, 2011
A new Congressional Research Service study found that the current process designated for establishing smart grid cyber security protocols may be subject to a potential conflict of interest, according to a published report.
According to Fierce Government, which reports on government information technology (IT) news, the study was recently posted online and discusses the power of the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) to establish cyber security measures for the smart grid.
While FERC designated NERC as the agency responsible for developing cyber security guidelines in 2006, the report found that because the organization is a private-public entity, the same utilities its rules govern are also helping to craft legislation. "Standards may conceivably result from the option with the lowest costs," the report states of the conflict of interest.
FERC has ultimate approval over any legislation developed by NERC, but FERC-proposed revisions to NERC guidelines are subject to the agency's approval, the report states. Therefore, the report concludes that the current system for developing effective cyber security protocols should be overhauled.
What's more, the investigators affirmed that measures that are ultimately approved could represent merely a minimum threshold for compliance, with some utilities choosing to exceed those and others simply adhering to them. That could leave some utilities vulnerable to hackers, according to industry analysts, which would put their customers' data at risk of being taken and serves as a significant national security threat.
The report also addresses the smart grid cyber security standards that the National Institute of Standards and Technology (NIST) issued in October of 2010. The NIST guidelines took into account five areas that the agency said are ready for regulatory evaluation.
A growing number of cyber security experts have publicly questioned the ability of both FERC and NERC to effectively monitor and protect the nation's power supply network. The growing sophistication of cyber security infiltrations, these analysts contend, as well as the uptick in the number of known hacks are placing undue pressure on regulators to protect the nation's smart grid.
Ultimately, the report concluded that the nation's power supply network must be more actively protected. There are a number of vulnerabilities in current cyber security measures, analysts affirm, that must be addressed to protect its long-term efficacy.
Substation Cyber Security