Electric utilities must and can now find ways to tighten up their networked controls over power generation, distribution and transmission, a government group focused on cybersecurity reported Tuesday.
The National Cybersecurity Center of Excellence has released a practice guide on “Identity and Access Management (idAM)” tools and solutions available for security engineers. It offers what the NCCEE says are ways for utilities to implement a centralized idAM platform which identifies all the system’s users involved in all the company’s control systems.
“Our conversation with utility company employees confirmed that current (idAM) implementations are often decentralized and controlled by numerous departments within a company,” the NCCEE executive summary reads. “Several negative outcomes can result from this: An increased risk of attack and service disruption, inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets.”
The challenge is greater now while the utility industry is trying to enhance older grid infrastructure in response to emerging technologies and new devices, according to the report.
The NCCEE is a part of the U.S. Department of Commerce’s National Institute of Standards and Technology. The report says that these solutions are commercially available to utilities and also released a lengthy “how-to” guide.
“Electric utilities need the ability to provide the right person with the right degree of access to the right resources at the right time, and quickly,” the summary reads.
The NCCEE says the guide does not mean it is endorsing any or all of the commercially available products. It also asked those engineers and other implementers to participate in a forum and contribute feedback to the findings.
For more information on the report, go to https://nccoe.nist.gov/ and see the new energy practice guide.