A look at Its new guidelines for secure remote access
Lila Kee is Chief Product Officer at GlobalSign (http://www.globalsign.com), an identity services provider and certificate authority since 1996, and an NAESB-Authorized Certificate Authority (ACA) to the electric utility industry. Ms. Kee also serves as a participant in NIST-NCCoE Energy Sector Identity and Access Management Use Case Consortium, and member of the executive board for NAESB’s Wholesale Electric Quadrant.
Beyond death and taxes, there's another certainty these days - attempts at cybercrime in the energy sector.
Some 41 percent of the cyber incidents that occurred in fiscal year 2012 across all critical infrastructure sectors occurred in the energy sector, particularly electricity.1 From physical attacks on sub-stations,2 to malware-based attacks aimed at industrial control systems,3 threats against the electric grid have increased in frequency and level of sophistication. At the same time utilities increasingly are being asked to bring services online for external customers, partners and regulators, while adjusting their longstanding attitudes about the need to provide more secure remote access to resources.
As a result, several utility regulatory bodies have upped the ante with initiatives tailored to help secure one of the most significant points of exposure - remote access to the electric power grid, whether by employees, partners or customers.
The most notable of these efforts comes from the North American Energy Reliability Corporation (NERC), with the realization of Version 5 of its Critical Infrastructure Protection (CIP) standard, which goes into effect on April 1, 2016.
But don't dare treat this deadline as just one more April Fool's Day joke.