We've all had something delayed or canceled due to COVID-19.
Sports games, the Olympics, graduations, even our SecureWorld conferences. This pandemic put the whole world on hold.
What could be next? Securing the U.S. power grid.
Power grid cybersecurity delays
According to the North American Electric Reliability Corporation (NERC), the challenges associated with "a public health emergency that is unprecedented in modern times" are posing a problem with new cybersecurity and reliability deadlines.
NERC is requesting to delay seven security standards that had implementation deadlines in July and October of 2020.
Here are the requests for delay related to cybersecurity:
- Reliability Standard CIP-005-6 – Cyber Security – Electronic Security Perimeter(s), by three months
- Reliability Standard CIP-010-3 – Cyber Security – Configuration Change Management and Vulnerability Assessments, by three months
- Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management, by three months
- Reliability Standard PER-006-1 – Specific Training for Personnel, by six months
Blame delay on coronavirus: U.S. grid cybersecurity upgrade
Tom Alrich, a grid security consultant, told E&E News he has been calling on NERC to delay the upcoming standards due to the spreading virus.
"COVID-19 has just been getting worse by the day," said Alrich. "Probably these utilities are still going to be working from home, at least in June, maybe even July 1, when the standard was due. You just can't do it under those circumstances."
NERC sent its delay request to the Federal Energy Regulatory Commission (FERC). Here's what FERC spokeswoman Mary O'Driscoll had to say about the appeal.
"We do not comment on items that are pending before the commission. But as the chairman [Neil Chatterjee] has said, the commission will be giving requests for coronavirus relief expedited consideration and the highest priority."
How safe is the U.S. electric grid when it comes to cybersecurity? Not as secure as it could be.
And if NERC gets its way, those security upgrades will be on hold for another three to six months.
Resource: cybersecurity podcast, attack on the WHO
Perhaps the delay makes sense, given what the workforce is going through. However, we also know that sophisticated nation-state attacks are not stopping because of the coronavirus.
One of our most recent podcast episodes is "Coronavirus Cyberattack at the World Health Organization." Listen here, or on your favorite podcast platform: