- Reddit wants to stop its pro-Trump forum from outing the alleged whistleblower 4 Years Ago
- White woman calls cops on man who said he was visiting aunt with his kids Today 3:12 PM
- ‘The Stranded’ is a flawed yet addictive blend of ‘Degrassi’ and ‘Lost’ Today 2:45 PM
- The ‘gonna tell my kids’ meme is revisionist history at its most absurd Today 2:24 PM
- Redditor asks former burglars to give home security tips Today 2:18 PM
- Facebook-Breitbart partnership under fire in wake of new Stephen Miller emails Today 2:00 PM
- John Krasinski under fire after praising the CIA Today 1:46 PM
- Conservatives melt down after Chick-fil-A says it will stop donating to anti-LGBTQ orgs Today 1:33 PM
- ‘Honey Boy’ is an experimental look at channeling trauma Today 1:28 PM
- Disney+ now allows users to resume and restart content Today 11:42 AM
- New York sues JUUL for marketing to teenagers Today 11:34 AM
- The new ‘Discworld’ TV series just gender-flipped several major characters Today 10:54 AM
- David Fincher is doing a ‘Chinatown’ prequel series, naturally Today 10:43 AM
- Congress thinks Facebook is misleading you about its location tracking Today 10:36 AM
- The cast and crew of ‘The Rise of Skywalker’ offer more teases on ‘Star Wars’ conclusion Today 10:34 AM
U.S. government releases plan to protect the power grid from cyberattacks
Experts say hackers could wage a devastating attack on the U.S. power grid.
The U.S. government is asking energy experts and the general public to weigh in on a new plan to protect the power grid from cyberattacks.
The draft proposal, titled “Identity and Access Management for Electric Utilities,” is the result of a partnership between energy companies’ security teams and the National Cybersecurity Center of Excellence (NCCoE), a division of the National Institute of Standards and Technology (NIST).
Donna Dodson, the center’s director, said in a statement that the document “demonstrates how organizations can reduce their risk and gain efficiencies in identity and access management.”
These security concerns, which numerous reports have said remain unaddressed, have only gained prominence as cyber intrusion techniques have repeatedly defeated the subpar protections upon which energy companies rely. Of the many doomsday scenarios that cyber experts theorize about, one of the most disturbing is a state-sponsored cyberattack on the U.S. electrical grid that brings America’s technologically dependent society to a halt for months or even years.
Hackers could start a nationwide blackout by disabling just nine of the 55,000 power substations that transmit electricity across the grid.
The Federal Energy Regulatory Commission, one of the lead agencies overseeing the nation’s electric grid, has determined that hackers could start a nationwide blackout by disabling just nine of the 55,000 power substations that transmit electricity across the grid. Multiple power companies reported cyberattacks on their systems to the Department of Energy between the middle of 2013 and the middle of 2014.
Access management is one of the industry’s best hopes of preventing such a calamity. The term refers to controls on what people can do once they log into a system. Improperly configured access controls could let low-level employees at an energy company execute commands that they are not entitled to perform, potentially destabilizing the company’s infrastructure and starting a cascading power failure.
The NIST report does not recommend a particular access-management product. Instead, its recommendations focus on the qualities that a product should have in order to be considered secure.
Although recent large-scale cyberattacks have mostly focused on information theft, such as the massive data breach at the Office of Personnel Management (OPM), a cyberattack that disabled critical energy infrastructure is not unheard of. In 2009 and 2010, the Stuxnet computer worm disabled one thousand of Iran’s nuclear centrifuges. After the virus escaped containment at the Iranian facility and spread to the rest of the world, researchers analyzed it and determined, based on the unprecedented sophistication of the code, that it was the work of the United States and Israel.
NIST’s utility cybersecurity proposal is open for public comment through Oct. 23, 2015.
Photo via Oran Viriyincy/Flickr (CC BY SA 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.