The U.S. Energy Department's landmark Quadrennial Energy Review warned that a widespread power outage caused by a cyber-attack could undermine "critical defense infrastructure" as well as much of the economy and place at risk the health and safety of millions of citizens. "Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency," it said in the 494-page report. "The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures."
With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. So, ensuring the cybersecurity of power and electric grids is imperative.
The Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) have worked together to create and implement enforceable standards that ensure the security of cyber assets that are critical to the operation of the North American electricity grid.
Many U.S. electric utilities are now federally mandated to comply with the NERC CIP requirements that dictate industrial security and remediation technology. Version 6 requires compliance by July 2016 (high and medium impact BES) or July 2017 (low impact BES).
The recent global ransom-ware attack that infected more than 250,000 computers in 150 countries, forcing European schools, hospitals and factories to curtail operations should be a wake-up call for critical infrastructure organizations to start taking action to better protect themselves.