Transaction Search Form: please type in any of the fields below.
Date: April 30, 2024 Tue
Time: 12:56 am
Time: 12:56 am
Results for cybersecurity (u.s.)
2 results foundAuthor: Campbell, Richard J. Title: The Smart Grid and Cybersecurity — Regulatory Policy and Issues Summary: Electricity is vital to the commerce and daily functioning of United States. The modernization of the grid to accommodate today’s uses is leading to the incorporation of information processing capabilities for power system controls and operations monitoring. The “Smart Grid” is the name given to the evolving electric power network as new information technology systems and capabilities are incorporated. While these new components may add to the ability to control power flows and enhance the efficiency of grid operations, they also potentially increase the susceptibility of the grid to cyber (i.e., computer-related) attack since they are built around microprocessor devices whose basic functions are controlled by software programming. The potential for a major disruption or widespread damage to the nation’s power system from a large scale cyberattack has increased focus on the cybersecurity of the Smart Grid. Federal efforts to enhance the cybersecurity of the electrical grid were emphasized with the recognition of cybersecurity as a critical issue for electric utilities in developing the Smart Grid. The Federal Energy Regulatory Commission (FERC) received primary responsibility for the reliability of the bulk power system from the Energy Policy Act of 2005. FERC subsequently designated the North American Electric Reliability Corporation (NERC) as the “Electric Reliability Organization” (ERO) with the responsibility of establishing and enforcing reliability standards. Compliance with reliability standards for electric utilities thus changed from a voluntary, peer-driven undertaking to a mandatory function. The Energy Independence and Security Act of 2007 (EISA) later added requirements for “a reliable and secure electricity infrastructure” with regard to Smart Grid development. NERC is also responsible for standards for critical infrastructure protection (CIP) which focus on planning and procedures for the physical security of the grid. Self-determination is a key part of the CIP reliability process. Utilities are allowed to self-identify what they see as “critical assets” under NERC regulations. Only “critical cyber assets” (i.e., as essential to the reliable operation of critical assets) are subject to CIP standards. FERC has directed NERC to revise the standards so that some oversight of the identification process for critical cyber assets was provided, but any revision is again subject to stakeholder approval. While reliability standards are mandatory, the ERO process for developing regulations is somewhat unusual in that the regulations are essentially being established by the entities who are being regulated. This may potentially be a conflict of interest, especially when cost of compliance is a concern, and acceptable standards may conceivably result from the option with the lowest costs. Since utility systems are interconnected in many ways, the system with the least protected network potentially provides the weakest point of access. Cybersecurity threats represent a constantly moving and increasing target for mitigation activities and mitigation efforts could likewise spiral upward in costs. Recovery of costs may present a major challenge especially to distribution utilities and state commissions charged with overseeing utility costs. EISA only requires states to consider recovery of costs related to Smart Grid systems. FERC has jurisdiction over the bulk power grid, and cannot compel entities involved in distribution to comply with its regulations. Recoverability from a cyber attack on the scale of something which could take down a significant portion of the grid will likely be very difficult, but maintaining a ready inventory of critical spare parts in close proximity to key installations could quicken recovery efforts from some types of attack. The electricity grid is connected to (and largely dependent on) the natural gas pipeline, water supply, and telecommunications systems. Technologies being developed for use by the Smart Grid could also be used by these industries. Consideration could be given to applying similar control system device and system safeguards to these other critical utility systems. Details: Washington, DC: Congressional Research Services, 2011. 25p. Source: Internet Resource: R41886: Accessed July 21, 2011 at: http://www.fas.org/sgp/crs/misc/R41886.pdf Year: 2011 Country: United States URL: http://www.fas.org/sgp/crs/misc/R41886.pdf Shelf Number: 122138 Keywords: Computer CrimesCybercrimeCybersecurity (U.S.)Electrical Power |
Author: Wilshusen, Gregory C. Title: Cybersecurity: Challenges in Securing the Modernized Electricity Grid Summary: The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure as part of nationwide efforts—commonly referred to as the “smart grid”—aimed at improving reliability and efficiency and facilitating the use of alternative energy sources such as wind and solar. Smart grid technologies include metering infrastructure (“smart meters”) that enable two-way communication between customers and electricity utilities, smart components that provide system operators with detailed data on the conditions of transmission and distribution systems, and advanced methods for controlling equipment. The use of these systems can bring a number of benefits, such as fewer and shorter outages, lower electricity rates, and an improved ability to respond to attacks on the electric grid. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers. Moreover, for nearly a decade, GAO has identified the protection of systems supporting our nation’s critical infrastructure—which include the electric grid—as a governmentwide high-risk area. GAO is providing a statement describing (1) cyber threats facing cyber-reliant critical infrastructures and (2) key challenges to securing smart grid systems and networks. In preparing this statement, GAO relied on its previously published work in this area. Details: Washington, DC: United States Government Accountability Office (GAO), 2012. 19p. Source: GAO-12-507T: Internet Resource: Accessed March 11, 2012 at http://www.gao.gov/assets/590/588913.pdf Year: 2012 Country: United States URL: http://www.gao.gov/assets/590/588913.pdf Shelf Number: 124441 Keywords: Computer CrimesCybercrimeCybersecurity (U.S.)Electrical Power |