Critical Infrastructure Providers Strengthen Cybersecurity by Implementing Standards-Based PKI
Recent headlines and mounting evidence suggest that cyberattacks on Critical Infrastructure (CI) systems are increasing as cybercriminals have identified electric utility grids as prime targets for disruption activities. As a result, CI cybersecurity has become a prime concern for governments and citizens alike. The paper focuses on the history of the electric industry, how cybersecurity standards have emerged, what those standards are and how they can be used by other CI sectors to strengthen security and reduce the risk of harmful cyberattacks.
“PKI is a robust technology that provides a secure, scalable and cost-effective method to securely authenticate digital identities on large and complex networks such as those that manage business processes for the wholesale electric market. However, due to the many implementation details involved, if the technology is not executed correctly it can also produce a vulnerable system,” said Kee. “NAESB members have worked together to produce a standard for the Wholesale Energy Sector that is based on best practices, proven management techniques and advanced digital certificate technologies.“
In the wake of increasing attacks, U.S. CIs are stepping up efforts to amplify their cybersecurity and strengthen their defenses. In fact, the white paper notes that in President Obama’s recent Executive Order, the National Institute of Standards and Technology (NIST) was directed to lead the effort to develop a cybersecurity framework that would consist of adopting industry best-practices wherever possible. “As part of NIST’s draft cybersecurity framework of best practices, guidelines and standards, the NAESB standard on PKI stands a good chance of being applied to other CI sectors,” says Lila Kee.
All CIs are managed, controlled and accessible via Internet-connected systems, making them vulnerable to cyberattacks. This white paper details how ISOs in the energy sector have recognized the value of cybersecurity frameworks, have adopted standards developed by NAESB and have demonstrated that standards can be developed using shared expertise from both the public and private sectors – setting a framework for all CI sectors.
“It has become increasingly clear that cybercriminals are targeting the critical infrastructure in an attempt to disrupt our way of life. For this reason, NAESB made it a priority to establish PKI standards in order to fortify our cybersecurity framework,” said Rae McQuade, President of NAESB. “In establishing these standards we hope to provide a strong cybersecurity strategy so that we may best protect the business practices related to the electricity market that are a critical part of the everyday lives of our citizens.”
To read GlobalSign’s white paper visit the page here.