http://www.govexec.com/story_page.cfm?articleid=40940 

By Juliana Gruenwald  
CongressDaily  
September 11, 2008

A House Energy and Commerce subcommittee is aiming to take up 
legislation next week that would provide the Federal Energy Regulatory 
Commission with additional authority to help protect the nation's power 
grid from a cyberattack.

During a hearing before the Energy and Commerce Energy and Air Quality 
Subcommittee, several witnesses and lawmakers argued that the threat to 
the nation's power grid from cyberattacks is real and urged lawmakers to 
enact legislation to give FERC additional powers to order utilities to 
take the necessary steps to address the problem.

"The Department of Energy regularly discovers new vulnerabilities in the 
control systems employed by many utilities," said Kevin Kolevar, the 
department's assistant secretary for electricity delivery and energy 
reliability. "This is not hyperbole ... cyberattacks against control 
systems have occurred and they are becoming increasingly sophisticated."

FERC argues that current law is inadequate to allow the agency to take 
action to protect against cybersecurity attacks in a timely and 
confidential manner. And while the North American Electric Reliability 
Corp., the industry self-regulatory group overseen by FERC, issued an 
advisory in 2007 to 1,800 power operators and owners outlining immediate 
and longer term steps they should take to address cybersecurity 
vulnerabilities, compliance with the advisory was voluntary. A recent 
FERC audit of 30 utilities found that most were not in compliance with 
the advisory.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/