The utility industry and U.S. regulators need to boost computer-security standards to fend off a cyberattack on the power grid, says a tough new report from the Energy Department.

Grid-at-SunsetAmerica’s power grid remains vulnerable to cyberattack, a result of sluggish implementation of weak computer security standards and insufficient federal oversight, says a tough new report from the US Department of Energy Inspector General.

The North American Electric Reliability Corp. (NERC), the lead grid-reliability organization for the power industry, has had approved standards in place since January 2008. Power companies were to have fully implemented those “critical infrastructure protection” (CIP) cyberstandards a year ago, but the standards still aren’t doing an effective job, the inspector general’s audit found.

“Our testing revealed that such standards did not always include controls commonly recommended for protecting critical information systems,” including tough password and log-in protections, the report said. The plodding implementation is “not adequate to ensure that systems-related risks to the Nation’s power grid were mitigated or addressed in a timely manner.”

Click here to read the full article.

Source: Mark Clayton | The Christian Science Monitor
Photo: Michael Interisano | Design Pics | Newscom | The Christian Science Monitor