New Energy Bill Takes on Cybersecurity

Thomas Hoffman   Today’s Top Stories   or  Other Legislation/Regulation Stories  

Migrating to Vista Sea Change Investment Fund Talks About Google Apps Eric Schmidt and Douglas Merrill talk about Google Apps Web 2.0 The New Face of the Web Best Practices in Choosing and Consuming Managed Security Services A Guide to Understanding Hosted and Managed Messaging Virtual Reality SaaS Solutions for Remote Systems Management Mobility @ the Speed of Business Sign up to receive Legislation/Regulation Resource Alerts

August 15, 2005 (Computerworld) -- The new energy bill signed into law by President Bush last week is expected to have a significant impact on IT departments at power companies. IT executives and experts noted that it allows federal enforcement of upcoming cybersecurity standards.

Under the new law, the Federal Energy Regulatory Commission has the authority to establish a national electric reliability organization with the power to oversee and audit reliability standards.

Instead of developing its own standards, the FERC plans to adopt those set by the North American Electric Reliability Council, said Ellen Vancko, a spokeswoman for the organization. The NERC is a Princeton, N.J.-based voluntary organization that sets standards for the operation and planning of the nation's bulk electricity system.

A spokeswoman for the FERC was unable to confirm the agency's plans last week.

The NERC is developing cybersecurity standards that cover areas ranging from the security of critical cyber assets to personnel screening and training requirements. The standards, known as CIP-002 to CIP-009, have been in the works for the past two years.

Executives from electric utilities and independent system operators (ISO), which oversee regional power grids, recently submitted comments on the third draft of the cybersecurity standards, said Laurence W. Brown, director of legal affairs at the retail energy services division of Edison Electric Institute Inc. in Washington. Brown said a fourth draft of the standards is expected to be voted on this fall.

If the standards are approved by NERC members and the group's board, they will likely go into effect next spring, said Brown. That should give power companies enough time to craft budgets that address the new requirements and create a list of physical and cyber assets that will be audited by the new reliability organization being established by the FERC, he said.

Listing Assets

The biggest challenge for power companies in meeting the upcoming standards, said Brown, is the creation of a list of physical and cyber assets that need to be audited each year.

"The most difficult issue is being able to demonstrate that you have looked at all of the areas that need to be tested and [are] doing the work necessary," said Brown.

For instance, Southern Co. identified its critical assets after the 9/11 terrorist attacks in the U.S., but it will now have to put together a different list to address cyber assets, said Bob Canada, a business assurance principal at the Atlanta-based super-regional power company.

While there may be some overlap with its post-9/11 asset management efforts, the new requirements will demand "a significant effort" to implement effective security controls for some of Southern's facilities, he said. For example, the company might need to restrict workers' access to portions of a computer console or an area of a power plant to ensure that those employees' actions are authorized, he said.

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Welcome to a special IT Blogwatch EXTRA: watching bloggers' reactions to the latest spectacular development in the standards war over..." Read more... "Stephen Spoonamore offers more details on what I was trying to drive home in my recent column: Because individual votes..." Read more... Read more Government & Regulation posts or See all Blogs

Report: AMD to spin-off manufacturing Microsoft scales out SQL Server 2008, wants to 'democratize BI' Oracle tries to step up on high-end databases More top stories...

IBM launches Bluehouse, a Facebook for business iPhone grabs top smart phone spot Wi-Fi helps college students get better grades, survey says

Health hazards for IT workers -- how that desk job wears your body down Too much junk food, too little exercise and a 24/7 tether to technology? Your body ain't happy, friend. Let us count the pains. NASA robot sends back evidence it's snowing on Mars Instruments on the surface of Mars have detected falling snow that is likely evaporating before it reaches the planet. Wall Street's collapse may be computer science's gain One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs. Installing Linux apps: A few good tips Getting new software installed on Linux doesn't have to be hard, but it can differ depending on what you're installing. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland Security Apple's iPhone Ask a Premier 100 IT Leader Bill Gates steps down BlackBerry Legal Battle Data Security Breaches Electronic Voting Firefox H-1B Visas HP's Boardroom Scandal Handheld Devices Hurricane Katrina Aftermath Microsoft Legal Issues Microsoft's Vista Open Source RFID Technology SCO's Linux Fight Sarbanes-Oxley Act Spam Voice Over IP Wi-Fi Windows Meta File Vulnerability Windows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class 2006 Computerworld Horizon Awards 2006 Premier 100 IT Leaders 2006 Salary Survey 2007 Best Places to Work in IT 2007 IT Forecast 2007 Premier 100 IT Leaders 40 Years of Computerworld ASPs, Take Two Best Places to Work in IT 2003 Best Places to Work in IT 2004 Best Places to Work in IT 2005 Best Places to Work in IT 2006 Business Intelligence Home Runs Business Intelligence: Smarter BI Business Intelligence: The Future of BI CRM Goes Vertical CRM: Sober CRM Career Planning Guide 2005 Careers: IT Profession 2010 Computerworld Horizon Awards 2005 Data Management: Mining for Gems Data Management: Taming Data Chaos Development: Hard-Workin' Web Sites Development: New Tools New Choices Development: The New World of Application Development Development: The Web Services Tsunami Development: Web Services Hurdles Disaster Recovery: Preparing for the Worst E-commerce Grows Up E-mail/Groupware: Big Decisions Faces of Mobile IT Forecast 2006 Global Mobile Hardware: Multiple Cores, Multiple Challenges Hardware: On-Demand Un-Hyped Hardware: The Shape of Things to Come Horizon Awards: 10 Cool Cutting Edge Technologies IT Management: Guide to Managing Vendors IT Management: Navigating Global IT IT Management: Recovery Ahead IT Management: The Future of IT IT Management: The Resourceful Project Manager Innovative Technology Awards 2004 Management: Reinventing IT Microsoft in Transition Mobile/Wireless Leaders and Laggards Mobile/Wireless: The Untethered Worker Mobile/Wireless: Tiny Gadgets, Huge Costs Network Management: Taking Control Networking: Turbulence Ahead! Networking: VoIP Goes Mainstream Operating Systems: In the Slow Lane Operating Systems: Linux Goes Global Operating Systems: Should You Nix Unix? Outsourcing: Offshore Buyer's Guide Outsourcing: Outsourcing Dangers Premier 100 IT Leaders 2004 Best in Class Premier 100 IT Leaders 2005 Best in Class ROI: Do the Math! Salary Survey 2003 Salary Survey 2004 Salary Survey 2005 Security Action Plan Security: Compliance Headaches Security: Proactive Security Security: Risk and Reward Security: Tips From Security Pros Souped-up Security Storage: Battling Complexity Storage: Cheap & Secure Data Stores Storage: Stretching Your Storage Dollars Storage: The Lean Storage Machine Storage: The New Rules of Storage Storage: The Ultimate Backup Guide Supply Chain: Missing Links Supply Chain: RFID Reality Check The Business of Security Web 2.0 Security Wireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone Windows Protection Zone The Enterprise Search Zone Software as a Service Zone See your link here

Computerworld Executive Briefing: The Compliance Era Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. The new Computerworld report, The Compliance Era, explains why regulatory compliance has zoomed to the top of the IT agenda and shows how real-world IT executives are dealing with the storage, security and privacy challenges. Get this briefing free (a $195 value), for a limited time, courtesy of VeriSign. Download this executive briefing  From Laggard to Leader: Transforming the Data Center From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast  WINNING THE PCI COMPLIANCE BATTLE A Guide for Merchants and Member Service Providers Get this white paper now! This white paper explores the compliance requirements for PCI data security and helps online merchants select a PCI compliance service vendor. It also introduces QualysGuard PCI, which helps online merchants scan and remediate vulnerabilities, and submit PCI compliance status directly to their acquiring banks via its "auto-submission" feature. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Project Portfolio Management - Boost the value of IT Core Network Services Survey: The Costs and Impacts of DNS and IP Address Management Six Project Metrics Every CIO Should Know for Application Delivery Success View more whitepapers

• Report: AMD to spin-off manufacturing
• IBM launches Bluehouse, a Facebook for business
• Microsoft scales out SQL Server 2008, wants to 'democratize BI'
• More top stories 

Since You Asked A weekly storage column from storage analyst, Steve Duplessie of the Enterprise Strategy Group Click here to read the latest column by Steve Duplessie

Eliminate SPAM, Gain Productivity Learn all about the dangers and the costs of spam in all its forms – from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses – and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold. Download this white paper now!  See more Whitepapers

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler