America's power grid too vulnerable to cyberattack

America's power grid remains vulnerable to cyberattack, a result of sluggish implementation of weak computer security standards and insufficient federal oversight, says a tough new report from the US Department of Energy Inspector General.

The North American Electric Reliability Corp. (NERC), the lead grid-reliability organization for the power industry, has had approved standards in place since January 2008. Power companies were to have fully implemented those "critical infrastructure protection" (CIP) cyberstandards a year ago, but the standards still aren't doing an effective job, the inspector general's audit found. "Our testing revealed that such standards did not always include controls commonly recommended for protecting critical information systems," including tough password and log-in protections, the report said. The plodding implementation is "not adequate to ensure that systems-related risks to the Nation's power grid were mitigated or addressed in a timely manner."