- Nick Offerman is so down to play every single role in ‘Cats’ 4 Years Ago
- Woman documents how airport staff broke her wheelchair Today 3:04 PM
- Funeral home allegedly posted photos of woman’s dead body on social media Today 1:56 PM
- Alinity Divine is being investigated after throwing her cat during stream Today 12:04 PM
- ‘Comedians In Cars Getting Coffee’ returns with Seinfeld making a racist joke about China Today 10:26 AM
- YouTubers Eugenia Cooney and Shane Dawson make a joint comeback Today 9:06 AM
- The crushing effects of Trump’s abortion ‘gag rule’ on healthcare Today 8:00 AM
- How to live stream Pacquiao vs. Thurman Today 6:20 AM
- Review: Hulu with Live TV ensures you always have something to watch Today 6:00 AM
- How to live stream UFC on ESPN 4: Rafael dos Anjos vs. Leon Edwards Today 5:49 AM
- 2020 Democrats refuse to answer our questions about ‘Cats’ Friday 4:14 PM
- Belle Delphine’s Instagram account removed after mass reporting campaign Friday 4:08 PM
- Mariah Carey refuses old-age FaceApp challenge Friday 3:19 PM
- Journalists horrified by consolidation of Gatehouse, Gannett Friday 3:12 PM
- Facebook and Google could be tracking you on porn sites Friday 1:42 PM
U.S. government releases plan to protect the power grid from cyberattacks
Experts say hackers could wage a devastating attack on the U.S. power grid.
The U.S. government is asking energy experts and the general public to weigh in on a new plan to protect the power grid from cyberattacks.
The draft proposal, titled “Identity and Access Management for Electric Utilities,” is the result of a partnership between energy companies’ security teams and the National Cybersecurity Center of Excellence (NCCoE), a division of the National Institute of Standards and Technology (NIST).
Donna Dodson, the center’s director, said in a statement that the document “demonstrates how organizations can reduce their risk and gain efficiencies in identity and access management.”
These security concerns, which numerous reports have said remain unaddressed, have only gained prominence as cyber intrusion techniques have repeatedly defeated the subpar protections upon which energy companies rely. Of the many doomsday scenarios that cyber experts theorize about, one of the most disturbing is a state-sponsored cyberattack on the U.S. electrical grid that brings America’s technologically dependent society to a halt for months or even years.
Hackers could start a nationwide blackout by disabling just nine of the 55,000 power substations that transmit electricity across the grid.
The Federal Energy Regulatory Commission, one of the lead agencies overseeing the nation’s electric grid, has determined that hackers could start a nationwide blackout by disabling just nine of the 55,000 power substations that transmit electricity across the grid. Multiple power companies reported cyberattacks on their systems to the Department of Energy between the middle of 2013 and the middle of 2014.
Access management is one of the industry’s best hopes of preventing such a calamity. The term refers to controls on what people can do once they log into a system. Improperly configured access controls could let low-level employees at an energy company execute commands that they are not entitled to perform, potentially destabilizing the company’s infrastructure and starting a cascading power failure.
The NIST report does not recommend a particular access-management product. Instead, its recommendations focus on the qualities that a product should have in order to be considered secure.
Although recent large-scale cyberattacks have mostly focused on information theft, such as the massive data breach at the Office of Personnel Management (OPM), a cyberattack that disabled critical energy infrastructure is not unheard of. In 2009 and 2010, the Stuxnet computer worm disabled one thousand of Iran’s nuclear centrifuges. After the virus escaped containment at the Iranian facility and spread to the rest of the world, researchers analyzed it and determined, based on the unprecedented sophistication of the code, that it was the work of the United States and Israel.
NIST’s utility cybersecurity proposal is open for public comment through Oct. 23, 2015.
Photo via Oran Viriyincy/Flickr (CC BY SA 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.