The OEIS will assess the risks posed by cyber and physical threats

Sep 24, 2012 11:03 GMT  ·  By

The US Federal Energy Regulatory Commission (FERC) has launched the Office of Energy Infrastructure Security (OEIS). It's main goal is to help the organization focus on the risks posed by physical and cyber threats to energy facilities.

The OEIS will provide expertise, assistance and leadership to ensure that organizations from the FERC’s jurisdiction will benefit from proper security solutions against cyberattacks and other threats such as electromagnetic pulses.

The office will focus on four main aspects related to security: develop recommendations for handling attacks; provide assistance, expertise and advice to state agencies; participate in collaboration and coordination efforts; and conducting outreach with the private sector.

Lila Kee, GlobalSign chief product officer and Executive Committee member for the North American Energy Standards Board (NAESB) Wholesale Electric Quadrant (WEQ), has revealed the reasons for which the energy sector is a tempting target.

“There is a reason why the energy sector is on the nation’s Critical Infrastructure list, it is a critical target for any organization seeking to disrupt the US way of life and the network that powers our nation,” Kee explained.

“These days, there simply is no such thing as ‘not enough’ security when it comes to protecting grid reliability and the creation of this office is another example of how FERC continues to monitor the issue and strengthen cyber defenses for the sector.

“Private industry needs to step up and do its part as well, as security vendors we should be driving the creation and adoption of standards that support national defense efforts, investing in R&D that will provide greater protection and making product improvement decisions that respond to threats.”

There are certain applications and systems utilized by energy providers to perform transactions. However, as Kee points out, although they are vital and could become exposed to attacks because they’re accessible via the Internet, “they don’t play a direct role in controlling or supporting electric reliability and delivery to end users.”

“It is important for government, private enterprise and the public in general to understand the differences. This will ensure that resources are allocated appropriately in the effort to strengthen the security of the grid and systems used for business transactions,” she added.