[Infowarrior] - US preps cyber outfit to protect national electric grid

[Richard Forno]

US preps cyber outfit to protect national electric grid

DOE group would speed research, bulk up smart grid technologies

By Layer 8 on Thu, 01/14/10 - 10:38am.

http://www.networkworld.com/community/node/54820

The US Department of Energy said it would spend $8.5 million to set up  
a "National Energy Sector Cyber Organization"  that would help protect  
the nation's bulk power electric grid and help integrate smart grid  
technology with the electric grid.

The idea is to set up an independent national energy sector cyber  
security organization that would hopefully speed research, development  
and deployment priorities, including policies and protocols, the DOE  
stated.

Recently the DOE's acting assistant secretary, Patricia Hoffman  
stated: "The scope and nature of security threats and their potential  
impact on our national security require the ability to act quickly to  
protect the bulk power system and to protect sensitive information  
from public disclosure. At the same time, we must continue to build  
long-term programs that improve information sharing and awareness  
between the public and private energy sector.

"The electric system is not the Internet. It is a carefully tended and  
balanced system that is critical to the Nation and the people. We must  
continue to strive towards an electric system that can survive an  
intentional cyber assault with no loss of critical functions," she  
stated.

According to the DOE such an organization could help address a number  
of key challenges, including:

	• Articulating the business case for addressing control system  
vulnerabilities, threats, technologies, and needs.
	• Creating an environment to promote information sharing about real- 
world, cross-sector attacks.
	• Developing and implementing wire encryption technology to protect  
communication links.
	• Continuing funding and use of the National SCADA Test Bed.
	• Developing security solutions for legacy systems.
	• Identifying best practices for connecting legacy systems to  
business networks.
	• Developing a security plan for incident response and recovery.
	• Developing an automated system for managing security events.
	• Agreeing on metrics/standards for measuring security.
	• Identifying effective gateway security tools.
	• Ease of sophisticated attack. Cyber attack tools are becoming more  
sophisticated, while the knowledge required to use them is decreasing.
	• Reliance on commercial software. Many software programs used in  
control systems are produced outside the US and fail to address US  
security concerns.
	• Evolution toward distributed networks. Interconnected, web-enabled  
systems provide multiple points of entry for cyber attacks.
	• Competitive energy market. Competitive pressures can deter private  
industry from investing in more secure control systems.
	• High performance requirements. The high performance and reliability  
required of control systems may deter private industry from trying  
improved software and tools.
	• Uneven, fragmented funding and operation. Resources for defining  
and testing control system vulnerabilities have been limited and  
inconsistent.
It is paramount that smart grid devices and interoperability standards  
include protections against cyber intrusions and have systems that are  
designed from the start (not patches added on) that prevent  
unauthorized persons from gaining entry through the millions of new  
access points created by the deployment of smart grid technologies,  
Hoffman stated.