TRUSTED NETWORK TECHNOLOGIES’ UTILITY IT STUDY REVEALS EXPECTATIONS OF CRITICAL ENERGY SYSTEMS BREACHES

September 01, 2005 (PRLEAP.COM) Business News
Utilities executives burdened by compliance, but optimistic regarding security and identity management efforts
ATLANTA, GA ––
Trusted Network Technologies, Inc. (TNT), a leading developer of identity audit and control solutions, today issued the results of a utility industry survey. The survey indicates that one-third of IT executives believe that a portion of a utility’s supervisory control and data acquisition (SCADA), or energy distribution systems, will be attacked or compromised in the next two years. Furthermore, 20 percent say that their SCADA systems have already been subjected to outside threats. TNT commissioned the July survey as part of the company’s Know Identity initiative – an ongoing campaign to educate organizations about using identity information to manage and prevent the risk of critical information exposure.

The results of the survey further validate concerns cited in a recent Government Accountability Office (GAO) report about the threat of real cyber attacks targeting systems controlling infrastructure utilities. In response to such concerns, The Energy Policy Act of 2005, signed by President Bush on August 8, 2005, calls for an “electric reliability organization” to set standards that will ensure the continued reliability of the interconnected electric transmission grid in North America. The North American Reliability Council (NERC), a group that has already provided voluntary reliability standards, is now working closely with government and industry to implement the reliability provisions of the new law.

“These findings highlight the risks utilities face, with threats that affect their profitability, as well as the livelihood and security of individuals within their vicinity,” said Rob Ciampa, TNT’s vice president of marketing and business strategy. “Terrorists, hackers and even internal saboteurs present a constant threat to utilities that could disrupt plant operations and the distribution of power to users. A uniform set of security standards combined with continued IT education regarding network access control will play a critical role in ensuring a secure, reliable energy supply.”

Utilities face the challenge of protecting the nation’s energy supply while addressing the additional pains associated with compliance. TNT’s survey reveals the costs and efforts of compliance with Sarbanes-Oxley regulations and the North American Energy Reliability Council (NERC) 1300 standards:

 Utility IT executives expect NERC 1300 compliance costs to rise by 52 percent next year and Sarbanes-Oxley compliance costs to rise by 32 percent
 Sixty percent agree that compliance data collection requires considerable manual effort, and one in five strongly agree
 Forty-three percent say NERC and SOX compliance efforts interfere with critical IT projects.

Compliance has also prompted investment in IT solutions to automate audit and policy controls.
“A large part of the overall compliance exercise has involved IT, network controls, application controls, and security controls,” said Jim Turner, compliance director for Alabama Power Company, the second-largest subsidiary of Southern Company. “It was a substantial amount of work, and it got some needed attention and a lot of money appropriated to make those controls more robust and adequate.”

Utility IT executives were also asked to assess and prioritize identity management initiatives in their organizations. About three-fourths are confident in the quality and completeness of their IT compliance and identity management efforts. IT executives rated access control and systems management solutions as their top identity management priorities, followed by directory solutions and user provisioning. Single sign-on and token authentication ranked as the lowest identity management priorities.

The Survey
TNT commissioned Applied Research – West, Inc., to conduct a utility research project. In June and July 2005, Applied Research contacted IT executives from 50 large and medium-sized U.S. utilities.

About Trusted Network Technologies, Inc.
Trusted Network Technologies (TNT) provides identity audit and control solutions that enable companies to see, control and prove every user interaction with every computer, server and application. Utilities, banks, universities and Fortune 1000 companies rely on TNT solutions to save them millions in complying with Sarbanes-Oxley and other regulatory mandates, prevent the debilitating risk of exposing confidential information, and extend new services securely to partners and customers. TNT solutions enable these identity-driven companies to automate identity auditing and control as a fundamental business function, simultaneously strengthening and simplifying identity management and enforcement. For more information, visit www.trustednetworktech.com or call 888.KNOW1ID (566.9143).
###