Cybersecurity: Utility identity management draft guide launched

indentity management
the National Cybersecurity Center of Excellence (NCC0E) has released a draft guide for utilities as part of a drive to move away from decentralized identity management practices.

In the US, the National Cybersecurity Center of Excellence (NCC0E) has released a draft guide for utilities as part of a drive to move away from decentralised identity management practices. 

The guide, Identity and Access Management for Electric Utilities, could help energy companies reduce their risk by showing them how they can control access to facilities and devices from a single console.

The guide, developed in conjunction with the National Institute of Standards and Technology, Maryland and Montgomery County, provides guidance to utility companies wishing to set up a single identity management system, with the aim of strengthening identity management in day-to-day operations at the typical utility facility.

According to the NCC0E, many facilities have fragmented identification and access points, depending on IT, operations and physical access to work sites. However, these different access points leave companies vulnerable to cyberattack at multiple places and make tracing the sources of those attacks difficult.

Cyber incidents tied to weak authentication

In 2014, the US Department of Homeland Security reported that 5% of the cybersecurity incidents its Industrial Control Systems Cyber Emergency Response Team responded to were tied to weak authentication. Abuse of access authority made up another 4%.

“The guide demonstrates how organizations can reduce their risk and gain efficiencies in identity and access management,” said Donna Dodson, director of the NCCoE.
“It provides step-by-step instructions to help organizations as they tackle the challenges of identity and access management.”
The guide was developed in conjunction with utilities across the US and provides detailed examples of solutions and products that achieve the same result.
Instructions for implementers and security engineers make up part of the 300-page guide and includes examples of all the necessary components and installation, configuration and integration.
The guide is modular and suitable for organizations of all sizes, including corporate and regional business offices, power generation plants and substations. They can adopt this solution or one that adheres to these guidelines in whole, or use the guide as a starting point for tailoring and implementing parts of a solution.