Physical Security

NIST Readies Grid Physical-Cyber Security Plan

GAO: Existing Guidance Lacks Physical Security Component
NIST Readies Grid Physical-Cyber Security Plan
The National Institute of Standards and Technology is preparing guidance to help protect the electric grid from a simultaneous physical and cyber attack.

In August, NIST - part of the Commerce Department - issued the first version of its smart grid cybersecurity guidelines, and a Government Accountability Office audit released Wednesday credited NIST for largely addressing key cybersecurity elements in its guidelines, such as an assessment of the cybersecurity risks associated with smart grid systems and the identification of security requirements such as controls that are essential to securing such systems.

But GAO said in the 50-page report (see Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed) the guidelines failed to address the risk of a combined physical security-cybersecurity attack. NIST also identified other key elements such as cryptography and supply chains vulnerabilities that need to be added to the guidance.

"Until the missing elements are addressed," the GAO audit said, "there is an increased risk that smart grid implementations will not be secure as otherwise possible."

Commerce Secretary Gary Locke, in a written response, said he generally agreed with the GAO's findings, adding that such physical-cyber guidance is being developed.


About the Author

Eric Chabrow

Eric Chabrow

Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow, who oversees ISMG's GovInfoSecurity and InfoRiskToday, is a veteran multimedia journalist who has covered information technology, government and business. He's the former top editor at the award-winning business journal CIO Insight and a long-time editor and writer at InformationWeek.




Around the Network