TRENDING:

NIST Readies Grid Physical-Cyber Security Plan

GAO: Existing Guidance Lacks Physical Security Component Eric Chabrow (GovInfoSecurity) • January 12, 2011    
NIST Readies Grid Physical-Cyber Security Plan
The National Institute of Standards and Technology is preparing guidance to help protect the electric grid from a simultaneous physical and cyber attack.

In August, NIST - part of the Commerce Department - issued the first version of its smart grid cybersecurity guidelines, and a Government Accountability Office audit released Wednesday credited NIST for largely addressing key cybersecurity elements in its guidelines, such as an assessment of the cybersecurity risks associated with smart grid systems and the identification of security requirements such as controls that are essential to securing such systems.

But GAO said in the 50-page report (see Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed) the guidelines failed to address the risk of a combined physical security-cybersecurity attack. NIST also identified other key elements such as cryptography and supply chains vulnerabilities that need to be added to the guidance.

"Until the missing elements are addressed," the GAO audit said, "there is an increased risk that smart grid implementations will not be secure as otherwise possible."

Commerce Secretary Gary Locke, in a written response, said he generally agreed with the GAO's findings, adding that such physical-cyber guidance is being developed.

Previous
On-the-Job Cybersecurity Training
Next
Records Snoops Fired at Tucson Hospital

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.