I came across an interesting article discussing how the U.S. Department of State has recently shown interest in adopting network access control (NAC) tools that perform pre-admission access control. The intent is driving the development of standards that help organizations secure their network from malicious hacker attempts. There is a mounting concern that the nation's critical infrastructure — ranging from the electricity grid to banking systems to defense contractors — is far from being secure. To this end, the SANS (SysAdmin, Audit, Network, Security) Institute has worked with security professionals both inside and outside of government agencies to develop the Consensus Audit Guidelines. There are 20 controls in this program to tackle cybersecurity issues. NAC is identified to help with “Critical Control 12: Malware Defenses.”
What is a Smart Grid? It's an interconnected network of electric stations, substations, and meters that communicate with one another and exchange information. The concept utilizes wireless sensor networks, software, and computing to enable utilities to see how much and where energy is being consumed, and if there are problems or blackouts in the network. More importantly, it lets customers manage their electricity consumption. But what does it mean to security and risk management? President Obama has called for the installation of 40 million smart meters and 3,000 miles of transmission lines. This means that technology vendors like Cisco Systems and IBM will be front line players in implementing networking intelligence for the electric system.
Trusted Network Connect (TNC), which is the working body of Trusted Computing Group (TCG) today announced extensions to the security architecture with new open source standards for remote access (IF-T), non-TNC enabled endpoints, and Security Assertion Markup Language (SAML) interface. TNC has collaborated with NAC vendors to standardize solutions that work with hybrid network components — NAC switches, appliances, and software agents. The TNC standards could integrate with any device that produces identity and policy information. In essence creating a repository of policy based on identity and behavior of the user which is completely transferable to any system via SAML interfaces. This work is specifically aimed at easing the deployment woes of many organizations that host diverse vendor solutions like Cisco, Microsoft, ProCurve Networking by HP, Juniper, Oracle, Symantec, McAfee, and so on….