The Federal Energy Regulatory Commission recently responded to questions from top Senate lawmakers on cybersecurity standards for power grids, CNET reports.
Joe Lieberman (I-Conn.), chairman of the Homeland Security Committee, and Susan Collins (R-Maine), the panel’s senior Republican member, asked the agency to investigate industry standards for authentication and access to control systems.
According to Declan McCullagh‘s report for CNET, FERC said allowing 20-year expiration of digital certificates leaves utilities at high risk of exposure.
The Stuxnet malware recently used authentic digital signatures to avert anti-virus software and infiltrate nuclear facilities in Iran.
This response comes nearly six weeks after the Senate Energy Committee met to discuss FERC’s authority over cyber standards for grids and other utilities.
FERC believes the certificates can provide more protection if they are updated constantly and last for shorter periods, McCullagh reports.
Responsibility for establishing cyber standards falls under the North American Energy Standards Board, a private industry body, with FERC often adopting that board’s standards, according to the report.
Citing the FERC statement, McCullagh reports the agency is not taking action at this time because the board is revising protection standards.