In the US, the National Cybersecurity Center of Excellence (NCC0E) has released a draft guide for utilities as part of a drive to move away from decentralised identity management practices.
The guide, Identity and Access Management for Electric Utilities, could help energy companies reduce their risk by showing them how they can control access to facilities and devices from a single console.
The guide, developed in conjunction with the National Institute of Standards and Technology, Maryland and Montgomery County, provides guidance to utility companies wishing to set up a single identity management system, with the aim of strengthening identity management in day-to-day operations at the typical utility facility.
According to the NCC0E, many facilities have fragmented identification and access points, depending on IT, operations and physical access to work sites. However, these different access points leave companies vulnerable to cyberattack at multiple places and make tracing the sources of those attacks difficult.
Cyber incidents tied to weak authentication
In 2014, the US Department of Homeland Security reported that 5% of the cybersecurity incidents its Industrial Control Systems Cyber Emergency Response Team responded to were tied to weak authentication. Abuse of access authority made up another 4%.