US standards 'not adequate' to ensure grid security
An audit by the US Department of Energy’s inspector general has found that the critical infrastructure protection (CIP) standards developed by the Federal Energy Regulatory Commission (FERC) are “not adequate to ensure that systems-related risks to the Nation’s power grid were mitigated or addressed in a timely manner.”
The audit reports, among other things, that “the CIP standards did not include a number of security controls commonly recommended for government and industry systems” and that FERC’s approach “did not adequately consider risks to information systems.”
“Without improvements, the Commission may not be able to provide adequate oversight to ensure that cyber security vulnerabilities within the power grid are identified and mitigated,” the audit concluded. The report makes several recommendations that, “if fully implemented, should help improve the overall effectiveness of the Commission’s ability to monitor security over the Nation’s power grid.”
Read more here …