Fraudulent authentication certificates may provide illegal access to the $400 billion U.S. power market and cause extensive damage, according to Jesse Hurley, co-chair of the North American Energy Standards Board (NAESB) Critical Infrastructure Committee, as quoted by cnet.com.
The problem apparently lies with the security degree of the system based on which digital authentication signatures are created and with pressure from various industry players for security standards to be more lax so as to accommodate specific business models.
NAESB is voting on a proposal to reduce digital certificatesâ€™ authorization period from theÂ standard 30 years to 10 or even five years as the discovery of flaws in the MD5 and the SHA-1 certificate generation algorithms has proven that more time means more chances for such vulnerabilities to be spotted and exploited. From a wider perspective, the U.S. Senate is facing a strong debate on the security of critical infrastructure with three bills regulating cyber security practices being brought to the floor by Democrats, Republicans and a compromise-bound group.
Traditionally, NAESB standards acquire the force of law through being adopted by the federal government. While various companiesâ€™ representatives argue against allowing the private sector to set and adjust such standards, others point out that solely relying on the government in this respect may not work either.
“I don’t think I’d like to get a memo from the Iranian government saying, ‘We’d like to return the favor for Stuxnet. How about if we turn off half of the Western Interconnection?â€, said Jesse Hurley, hinting that continuation of this public-private partnership is vital.