NIST just released some guidance for electical grid …and it includes one entry on securing firmware!
“The NCCoE released a draft of the NIST Cybersecurity Practice Guide, SP 1800-7 “Situational Awareness for Electric Utilities” on February 16, 2017. Public comments on the draft will be expected through April 17, 2017. Submit your comments.”
“To improve the security of information and operational technology, including industrial control systems, energy companies need mechanisms to capture, transmit, analyze and store real-time or near-real-time data from these networks and systems. With such mechanisms in place, energy providers can more readily detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies. Obtaining real-time and near-real-time data from networks also has the benefit of helping to demonstrate compliance with information security standards.”
“18.104.22.168PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity”