News

US NIST publishes guide to smart grid cybersecurity

Warwick Ashford

The US has released a 537-page guide on how to protect the country's electrical power grid from cyber attack.

The guidelines on security requirements and a risk assessment framework were published by the US National Institute of Standards and Technology (NIST).

The guidelines also include an evaluation of privacy concerns, guides to mitigating vulnerabilities, and a summary of research needs.

In 2007, Congress tasked NIST with developing a framework for secure, interoperable smart grid technology.

The urgency of the project was highlighted in July by appearance of the first publicly-known malware to target software that manages critical infrastructure, according to US reports.

The Stuxnet Trojan, which targeted supervisory control and data acquisition (Scada) software by Siemens, is believed to have infected at least a dozen systems worldwide.

"These guidelines are a starting point for the sustained national effort that will be required to build a safe, secure and reliable smart grid," said George Arnold, NIST's national coordinator for smart grid interoperability.

"They provide a technical foundation for utilities, hardware and software manufacturers, energy management service providers, and others to build upon."

Utility companies worldwide will spend $21bn by 2015 on smart grid cybersecurity, according to a report by Pike Research published in February.

The concern over grid vulnerability is driving utility technologists to work closely with systems integrators, infrastructure suppliers, and standards bodies to develop a robust framework for smart grid cyber security across multiple domains, the research firm said.

In January, a survey by the Center for Strategic and International Studies revealed that 54% of the world's critical infrastructure organisations have been hit by cyber attacks, and 29% said they were facing multiple attacks every month.


 

COMMENTS powered by Disqus  //  Commenting policy