Tech

How NIST wants energy companies to reduce cyber risk

The National Institute of Standards and Technology is requesting comments on a draft guide to help energy companies better control who has access to their networked resources, including buildings, equipment, information technology and industrial control systems.

By Greg Otto

August 26, 2015

The National Institute of Standards and Technology released a guide that will help energy companies protect their industrial control systems, which have long been vulnerable to cyberattacks.

The draft guide focuses on identity and access management, showing people an example of how utilities can securely and efficiently manage access to systems that deal with power generation, transmission and distribution.

The guide presents practice situations that often mirror possible real-life scenarios: In one, a utility technician with physical access to substations and remote access to control units leaves a company and needs to have credentials revoked. The guide walks readers through a few scenarios where a centralized access control system would make changing or revoking his or her privileges simple and quick.

Identity management is a big security issue when it comes to these systems. A recent report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team found that access control was tied to three of the six biggest vulnerability points in utilities’ systems during fiscal year 2014.

Both the government and energy companies are concerned about the safety of their control systems. Seventy percent of respondents to a 2013 SANS survey believed their supervisory control and data acquisition, or SCADA, systems are highly aware of the risks their systems present, while a third believe their systems have already been infiltrated.

Visit the National Cybersecurity Center of Excellence’s website for more information on the guide. Comments on the draft guide are open until Oct. 23.

How NIST wants energy companies to reduce cyber risk

More Like This

Federal CIO calls on Congress to fund Technology Modernization Fund

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

Commerce adds five members to AI Safety Institute leadership

Top Stories

State Department encouraging workers to use ChatGPT

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

Department of Commerce announces US, UK AI safety partnership

MITRE launches lab to test federal government AI risks

Senate bill calls on NIST to boost work on emerging tech standards

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

Bipartisan Senate proposal calls for AI workforce framework from NIST

Leading AI-focused congressman on legislative prospects for the tech and the risks it presents

Child sexual abuse material found on popular dataset shows risks for federal AI research

Latest Podcasts

How NIST wants energy companies to reduce cyber risk

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition