US agency tells electric utilities to shore up authentication - dotsonposelver

U.S. electric utilities should bear close aid to their assay-mark systems and access controls to reduce information breaches, a government federal agency says in a new cybersecurity guide.

About 5 percent of all cybersecurity incidents that the U.S. Department of Homeland Security's business enterprise control cyber team responded to in 2022 were united to weak authentication, same the U.S. National Institute of Standards and Engineering science (NIST). Another four percent of industrial control incidents were attached to abuses of access authority, the agency said.

The red-hot cybersecurity point, free in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE) Tuesday, focuses on helping energy companies reduce their cybersecurity risks by exhibit them how they stern control access to facilities and devices from a uninominal console.

Screen shot

A new guide from the U.S. National Insititute of Standards and Applied science offers advice to electric utilities on preventing cyberattacks through advisable access control.

"The electric power industry is upgrading older, obsolete infrastructure to take advantage of emerging technologies, but this also means greater numbers of technologies, devices, and systems connecting to the grid that need protection from physical and cybersecurity attacks," the guide says.

Part of the problem is that many Energy Department utilities have decentralized identity and memory access management systems "restrained by many departments," according to the steer. That suburbanized approach can lead to an inability to identify sources of a problem or attack and a deficiency of "overall traceability and answerability regarding WHO has access to some vituperative and noncritical assets."

The publication recommends a concentrated access-control system, with the NCCoE underdeveloped an example system that utilities can utilise.

The templet offers step-by-dance step instructions allowing utilities to "trim their risk and gain efficiencies in identity and entree direction," Donna Dodson, director of the NCCoE, said in a statement.

A 306-page papers shows security engineers how to dictated up deuce versions of a centralized access-control system exploitation commercially usable products, with a focus on reducing opportunities for a cyberattack and for human computer error.

Working with security experts from the energy sphere, the NCCoE faculty also developed a scenario describing a security challenge based happening normal day-to-day business sector operations.

The scenario centers on a utility technician World Health Organization has access to different physical substations and to link-attached station units abutting to the company's network in those substations. When she leaves the company, her privileges should be revoked, but without a centralized identity management system, managing routine events john be time-consuming.

NIST is seeking comments on the draft guide.

Source: https://www.pcworld.com/article/423233/us-agency-tells-electric-utilities-to-shore-up-authentication.html

Posted by: dotsonposelver.blogspot.com

Share this post