Cybersecurity group pushes utilities to step up their identity security game


Electric utilities must and can now find ways to tighten up their networked controls over power generation, distribution and transmission, a government group focused on cybersecurity reported Tuesday.

The National Cybersecurity Center of Excellence has released a practice guide on “Identity and Access Management (idAM)” tools and solutions available for security engineers. It offers what the NCCEE says are ways for utilities to implement a centralized idAM platform which identifies all the system’s users involved in all the company’s control systems.

“Our conversation with utility company employees confirmed that current (idAM) implementations are often decentralized and controlled by numerous departments within a company,” the NCCEE executive summary reads. “Several negative outcomes can result from this: An increased risk of attack and service disruption, inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets.”

The challenge is greater now while the utility industry is trying to enhance older grid infrastructure in response to emerging technologies and new devices, according to the report.

The NCCEE is a part of the U.S. Department of Commerce’s National Institute of Standards and Technology. The report says that these solutions are commercially available to utilities and also released a lengthy “how-to” guide.

“Electric utilities need the ability to provide the right person with the right degree of access to the right resources at the right time, and quickly,” the summary reads.

The NCCEE says the guide does not mean it is endorsing any or all of the commercially available products. It also asked those engineers and other implementers to participate in a forum and contribute feedback to the findings.

For more information on the report, go to and see the new energy practice guide.

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Making DDoS Mitigation Part of Your Incident Response Plan: Critical Steps and Best Practices

Like a new virulent strain of flu, the impact of a distributed denial of service (DDoS) attack is...

The Multi-Tax Challenge of Managing Excise Tax and Sales Tax

To be able to accurately calculate multiple tax types, companies must be prepared to continually ...

Operational Analytics in the Power Industry

Cloud computing, smart grids, and other technologies are changing transmission and distribution. ...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...

Latest Energy Jobs

View more Job Listings >>

Archived Articles

PennEnergy Articles
2008 | 2009 | 2010 | 2011 | 2012 | 2013

OGJ Articles
2011 | 2012 | 2013

OGFJ Articles
2011 | 2012 | 2013

Power Engineering Articles
2011 | 2012 | 2013

Power Engineering Intl Articles
2011 | 2012 | 2013

Utility Products Articles
2011 | 2012 | 2013

HydroWorld Articles
2011 | 2012 | 2013

COSPP Articles
2011 | 2012 | 2013

ELP Articles
2011 | 2012 | 2013