Protecting Grid from Malware Spread Through Laptops
The Federal Energy Regulatory Commission proposed new cyber security measures to protect the utility system from malicious software via laptops and other devices.
According to Grid statement, The standards are meant to “further enhance the reliability and resilience of the nation’s bulk electric system” by preventing malware from infecting utility networks and bringing down the power grid”.
The new standards were proposed taking into light the recent threat of a possible North Korea cyber attack, where it reiterated to use malware on the US power system.
The new proposal standard comes with a ‘mandatory control’ to address the risk that any malware poses from transient from a laptop, computer, mobile and other devices. The agencies said this in a public meeting.
Low impact systems are actually a broad strip of smaller grid control centers, like substations and even generators and power plants. These facilities are typically considered less hazardous to the electrical system, but are nonetheless vulnerable to intrusion software.
NERC (The North American Electricity Reliability Corporation) the commission reliability organization drafted the FERC proposal to keep the grid from malware attack.
According to the commission “The NERC proposal is designed to mitigate the cyber security risks to bulk electric system facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable as a result of a cyber security incident, would affect the reliable operation of the bulk electric system.”
It is mandatory for the industry to comply with this standard failing which will invite fines up to $1 million/day, per violation.
The commission said, “it is proposed to determine that proposed Reliability Standard CIP-003-7 is just, reasonable, not unduly discriminatory or preferential, and in the public interest.”
A separate plan was also ratified by the commission to protect the grid from geomagnetic disturbances, including solar flares which can affect the grid’s functionality. The NERC was asked to conduct a research and come out with a report within six months.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.