CNET – (National) Disaster awaits U.S. power grid as cybersecurity lags. Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, warns the co-chair of the North American Energy Standards Board’s (NAESB) Critical Infrastructure Committee. NAESB scheduled a committee vote June 14 to decide when the digital certificates it authorizes should expire. Since even carefully designed algorithms have flaws that will be discovered over time, which happened with the MD5 algorithm in 1995 and the SHA-1 algorithm in 2005, a shorter period is considered more secure. Two companies, Open Access Technology International and GlobalSign, which are authorized by the NAESB to issue digital certificates to the industry, argue that a 30-year expiration for digital certificates is sufficient. The co-chair of the NAESB Critical Infrastructure Committee said, “I’d be advocating for something smaller like 10 or 5 (years) but that’s not on the table at the moment.” The president of NAESB said it is unclear whether the revised digital certificate standard will apply to Web interfaces or embedded supervisory control and data acquisition systems — which directly control power and gas - 3 - transmission — as well.
Ali Loney, on June 14, 2012