NIST Readies Grid Physical-Cyber Security Plan

GAO: Existing Guidance Lacks Physical Security Component
NIST Readies Grid Physical-Cyber Security Plan
The National Institute of Standards and Technology is preparing guidance to help protect the electric grid from a simultaneous physical and cyber attack.

In August, NIST - part of the Commerce Department - issued the first version of its smart grid cybersecurity guidelines, and a Government Accountability Office audit released Wednesday credited NIST for largely addressing key cybersecurity elements in its guidelines, such as an assessment of the cybersecurity risks associated with smart grid systems and the identification of security requirements such as controls that are essential to securing such systems.

But GAO said in the 50-page report (see Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed) the guidelines failed to address the risk of a combined physical security-cybersecurity attack. NIST also identified other key elements such as cryptography and supply chains vulnerabilities that need to be added to the guidance.

"Until the missing elements are addressed," the GAO audit said, "there is an increased risk that smart grid implementations will not be secure as otherwise possible."

Commerce Secretary Gary Locke, in a written response, said he generally agreed with the GAO's findings, adding that such physical-cyber guidance is being developed.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.