Contact CyberSecure.US 


• Government Authentication
• Personal Identity
• Federal Standards
• Governance
• R&D
• Resources
• Legislation and Policy
• Liability
• Power Grid
• Procurement


o Government Authentication Library
o Personal Identity Library
o Federal Standards Library
o Governance Library
o R&D Library
o Resources Library
o Legislation and Policy Library

CRE Interventions
•  Agency Administrative Actions
•  Rulemaking
•  Litigation

• ICANNfocus Archives


Security Spotlight

Securing the Power Grid
The North American Electric Reliability Corporation (NERC), an electricity reliability watchdog and self-regulatory organization (SRO), announced that it "will submit the first set of violation notices in the United States to the Federal Energy Regulatory Commission (FERC) today for approval...." The penalties relate to the seemingly mundane subject of "Vegetation Management." According to NERC, "Improper vegetation clearance on transmission lines was a causal factor of the August 14, 2003 blackout, where 50 million people across the Northeast U.S. and Southeast Canada lost power."

The National Journal provided a different possible explanation for the 2003 blackout. The article quotes a former president of the Cyber Security Industry Alliance as stating that he was told by "U.S. intelligence officials" that a foreign military "in 2003 gained access to a network that controlled electric power systems serving the northeastern United States." The article states "These officials believe that the intrusion may have precipitated the largest blackout in North American history...."

The article also quotes a former Defense Intelligence Agency official as stating that "I’ve long been a skeptic of claims about being able to shut down the world from the Net.? But...I’m starting to come around to the idea that the ignorance or intransigence of utility system owners just might merit a more robust response than has been undertaken to date." The article notes that "the government finds it exceptionally difficult to compel utility operators to better monitor their systems."

It is important not to jump to premature conclusions regarding power failures and security of the grid, particularly when so much remains shrouded in uncertainty. It is also important to recognize that SROs can be an effective alternative to direct government regulation. SROs and the companies they regulate, however, need to remember that trust in self-regulation must be justified through performance.

See NERC Press Release

See National Journal article

Current Developments

  • Sun Microsystems Selected to Support Northrop in Development of NHIN
    "Sun Microsystems, Inc., the creator and leading advocate of Java(TM) technology, announced today that it will support a consortium led by Northrop Grumman Corporation to help in the development of a prototype for a nationwide health-information network architecture.
  • HHS Selects Cisco to Help Develop NHIN
    "Cisco today announced that it was selected by the U.S. Health and Human Services Department [HHS] to work with other technology firms to develop prototypes for a Nationwide Health Information Network (NHIN) architecture.
  • Government to Release Contracts to Test NHIN
    "The federal government on Thursday plans to issue long-awaited contracts to test the architecture for a nationwide health information network, National Coordinator for Health Information Technology David Brailer, MD, announced today.
  • Health IT Panel Urges Patient E-Authentication Standards
    "The federal government should develop a nationwide patient authentication standard that protects individuals’ information, and provide financial incentives to providers to foster the adoption of health IT, according to the federally chartered Commission on Systemic Interoperability.
  • Additional News
  • Privacy – More Complex Than It Appears
    Several of the world's leading technology companies have teamed up to promote consideration of consumer privacy. Google, Oracle, Microsoft, Intel and other major companies have established the Consumer Privacy Legislative Forum (CPL Forum) to support discussion of "comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework."

    The CPL Forum initiative raises complex issues regarding both federal preemption of state privacy protection laws and permissible business use of consumer-generated data.

    A statement issued by the CPL Forum explained that because a national standard would preempt State privacy laws, "a robust framework is warranted." A senior legal official with Google stated that the "uneven patchwork" of state consumer privacy laws can be counterproductive, "when you have so many laws all with the same aim but with different definitions, companies aren't able to create protection in a uniform way."

    However, a senior official with the Electronic Privacy Information Center (EPIC) said "state governments have been more responsive than Congress in safeguarding consumer privacy." EPIC also said that they "welcome the participation of industry in the discussion, but it can't simply be an exercise in public relations."

    The CPL Forum noted that the privacy legislation they support would "also enable legitimate businesses to use information to promote economic and social value." A senior official with the Progress & Freedom Foundation said that regulation of consumer information would have "unintended" consequences "especially when imposed on a medium like the Internet that is changing so rapidly."

    Balancing the often conflicting interests of various stakeholders is no easy task. The CPL Forum is poised to make an important contribution to the debate.

  • Click for Consumer Privacy Legislative Forum Statement
  • Firms Seek Privacy Rules.pdf

  • Government
    •  OMB - Information Policy, IT & E-Gov
    •  NIST - Computer Security Resource Center
    •  National Security Agency - Information Assurance
    •  US Dept. of Homeland Security - Information Analysis & Infrastructure Protection
    •  US-CERT
    •  National Information Assurance Partnership (NIST & NSA)
    •  InfraGuard (FBI)

    •  Internet Security Alliance
    •  The Center for Internet Security
    • Information Technology Association of America
    • Center for Democracy and Technology
    • Anti-Phishing Working Group
    •  Electronic Privacy Information Center

    Technical Orgs
    • CERT Coordination Center
    • DNS-OARC
    • Information Systems Audit and Control Association
    • The Internet Engineering Task Force
    Copyright © 2007 The Center for Regulatory Effectiveness.
    All rights reserved.