The North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that seeks to assure the effective and efficient reduction of risks to the reliability and security of the electrical grid, recently released the 2018 edition of its annual “State of Reliability Report.” The report provides an independent assessment of bulk power system performance throughout 2017, measuring performance of key indicators, identifying reliability issues and providing risk-informed recommendations for regulators, policymakers, and executives alike.
One of the key findings from the report was that no loss-of-load occurred due to cyber or physical security events, despite continually evolving threats.
While no loss-of-load was reported in 2017, continued innovation and development of enhanced security standards is essential to long-term grid reliability. As components of the bulk power system become increasingly connected and networked, unprotected by traditional, centralized security systems, threats by malicious actors continue to rapidly evolve and expand in scope.
The report noted specific concern around advancements in malware design targeting major hardware vendors that represent more than half of the market share, the advancement of persistent threat actors targeting the electrical industry, and phishing activities with the potential to compromise trusted business partners.
In order to combat such continually evolving threats, NERC recommends that industry must drive improvements in its own security posture by way of technological hardening, fostering a culture of security, and facilitating effective information exchange between entities.
In line with NERC’s recommendations, The Xage Security Suite distributes authentication and private data across a network of devices, creating a tamper-proof, any-to-any security fabric for communication, authentication, and trust that ensures security at scale. Helping energy operators to meet standards and increase operational awareness, Xage furthermore offers SCADA protection to detect malware and prevent zero-day attacks, as well as security for RBAC to eliminate unmanaged passwords, legacy protocols, and only allow authorized access based on role based permissions.