Smart grid vulnerability spurs Obama Administration to propose new cybersecurity rules
SUBNET Solutions Inc | Thursday, May 19, 2011
This past week, the Obama Administration proposed changes to current laws governing cybersecurity. With the continued investment in the smart grid, the administration has spent more than two years crafting legislation that could effectively protect critical infrastructure from hacking attempts.
According to a report in Computer World, the proposed cybersecurity laws would effectively levy new regulations on utilities. Unlike the way the electrical grid works now - disconnected from the Internet for the most part - the smart grid connects transmission, distribution and generation networks. While the advancement of smart grid technologies is undoubtedly beneficial, it also presents an array of cybersecurity concerns.
Recent malware attacks have heightened concerns over the security of critical infrastructure from foreign-based computer hacking attempts. The U.S. and Israel were reported to have successfully developed and launched the Stuxnet worm against Iran, wiping out more than 20 percent of the country's computers that run its nuclear power program, and in the aftermath industry watchers have increasingly called for tougher rules governing the U.S. smart grid.
The North American Reliability Corporation (NERC) is tasked with establishing guidelines for cybersecurity in North America, but the organization's recommendations have been assailed by critics who contend they don't go far enough to effectively protect the nation's electricity supply.
Under President Obama's proposal, utilities would be held to tougher standards. Critical infrastructure providers would be responsible for developing cybersecurity protocols that would need to be independently verified by a third party vendor to ensure it is an appropriate course of action. The legislation reads:
"Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans. In the event that the process fails to produce strong frameworks, DHS, working with the National Institute of Standards and Technology (NIST), could modify a framework."
Utilities would therefore have to adopt industry best practices as they invest in new technologies. For example, work on smart grid substations would need to include products that properly guard against cybersecurity threats. At the same time, any antiquated technologies will need to be upgraded to comply with the new legislation.
Industry watchers assert that the proposed rules would benefit both consumers and U.S. national security. Currently, critical infrastructure is exceedingly vulnerable to cyber attacks, but the new legislation could effectively overhaul the U.S. approach to the development of the smart grid, ensuring that electricity flows without interruption from power outages.
Substation Cyber Security
Substation Automation & Remote Access