The White House has received considerable praise for highlighting Critical Infrastructure Cybersecurity in the State of the Union speech this year, and the Executive Order that accompanied the speech takes several important steps in resolving the complex problems facing industry, governments and consumers to secure the systems upon which our economy and personal safety depends.
Critical Infrastructure is defined as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." Such systems include the electric distribution system, water management systems and energy pipelines. Traditionally such industrial control systems have relied upon a combination of obscurity and network separation to ensure stable and secure operating environments, but modern systems are leveraging ubiquitous connectivity and cloud services in ways that open previously protected components and communications channels to attack.
The Executive Order instructs the Secretary of Commerce to direct the National Institute for Standards and Technology (NIST) to develop a voluntary framework for Cybersecurity that will address "standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks." This framework will be developed with opportunities for open public review and comment, and Electrosoft Services looks forward to participating in that process.
The electric distribution system brings power from generation sources to consumers, and the metering device that measures and controls the flow of electricity is a vital component of that system. A secure process for remotely upgrading the firmware of smart meters is necessary for assurance that the meters are being controlled by appropriate software as intended by the utility. In 2009 the National Electrical Manufacturers Association (NEMA, now The Association of Electrical Equipment and Medical Imaging Manufacturers) published Requirements for Smart Meter Upgradeability (NEMA SG-AMI 1-2009). Electrosoft Services supported NIST in developing conformance test requirements that may be used voluntarily by testers and/or test laboratories to determine whether smart meters and upgrade management systems conform to the requirements of NEMA SG-AMI 1-2009. We are supporting Oak Ridge National Laboratory which is validating the test framework in cooperation with multiple smart meter vendors.
The Executive Order also promotes voluntary industry participation in adoption of the Cybersecurity Framework and identification of critical infrastructure at greatest risk. These measures will make significant improvements in information sharing within the industry, advancement of security best practices and improve the protection of vital systems upon which we all depend. We look forward to these important developments are are excited to have an opportunity to contribute.
-Scott Shorter