FERC, NERC joint report on cyber incident response at electric utilities

Security Affairs

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. electric utilities. A cyber attack could have a severe impact on the operations of the utilities and consequent economical losses.

Siemens Shares Incident Response Playbook for Energy Infrastructure

Dark Reading

The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Coronavirus-themed campaign targets energy sector with PoetRAT

Security Affairs

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors. . The malware infected ICS and SCADA systems used to control the wind turbines within the renewable energy sector.

Incentivizing public utilities to enhance cybersecurity: FERC’s proposed regulation

Data Protection Report

There are 10 CIP Reliability Standards in-scope for the proposed regulation, but the physical security standard is not in-scope. The ten in-scope standards cover a wide range of security areas, including training, protecting the perimeter, incident response, and supply chain.

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)

CGI

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs). The energy transition is driving a shift toward the increasing use of distributed energy resources (DERs). DERs are smaller power-generation resources, usually located on the consumer side, that provide energy where it is needed. From a cybersecurity perspective, DERs pose new and unique challenges for utilities.

Data Encryption Shields the Energy Sector Against Emerging Threats

Thales Cloud Protection & Licensing

Data Encryption Shields the Energy Sector Against Emerging Threats. Security of CNI is a national security issue. The energy sector is part of the critical national infrastructure (CNI), and delivers services that are essential for modern life.

US Utilities Targeted with LookBack RAT in a new phishing campaign

Security Affairs

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. Security experts at Proofpoint have discovered a new series of phishing attacks targeting entities US utilities in an attempt to deliver the LookBack RAT. targeting three US companies in the utility sector. This time the attackers used phishing emails impersonating a licensing body related to the utilities sector.

Document Storage for the Energy Industry

Armstrong Archives

If you work in the energy industry, it comes as no surprise that it’s one of the most heavily regulated. To comply with government regulations, an energy company might have tens of thousands of documents that need to be physically stored, scanned or destroyed.

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

Security Affairs

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack.

European cooperation on flexibility to accelerate the energy transition

CGI

European cooperation on flexibility to accelerate the energy transition. Early in September, we invited a number of our clients from around Europe to participate in a roundtable discussion on energy flexibility. Read more about energy flexibility.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

This is the first time the Department of Energy will test the electrical grid’s ability to recover from a blackout caused by cyberattacks. The Department of Energy wants to test the resilience of an electrical grid to a cyber attack, so it’s going to launch the first hands-on exercise to test the ability of the operators of such infrastructure in recovering from a blackout caused by a cyber attack. Security Affairs – Electrical Grid, hacking).

NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs

Data Matters

On January 25, 2019, the North American Electric Reliability Corporation (“NERC”) asked the Federal Energy Regulatory Commission (“FERC”) to approve a settlement issuing a record $10 million fine against an unidentified utility resulting from violations of critical infrastructure protection standards (“CIP”) occurring mostly between 2015 and 2018 (referred to hereafter as the “Settlement Agreement”). Cybersecurity Energy Enforcement Information Security National Security

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

“The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed.”

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

Threatpost

The "BLURtooth" flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 Vulnerabilities Web Security authentication keys Bluetooth bluetooth 4.0

Embracing digital technologies to build a low-carbon society: Are local energy communities the answer?

CGI

Embracing digital technologies to build a low-carbon society: Are local energy communities the answer? Are local energy communities the answer? The current energy system is demand led and is a centralized top-down system—essentially one-way traffic from production to consumption. This means energy is supplied from a central point of production and generation to cities, factories and homes via the grid. Creating a self-sustaining energy ecosystem.

Darwin’s advice to the energy sector: get agile!

CGI

Darwin’s advice to the energy sector: get agile! What does Charles Darwin have to do with digital transformation in the energy sector? Darwin’s theory—that it isn’t the strongest of the species that survives, but the ones most responsive to change—can point the way for utilities to move faster toward a sustainable energy system. Biggest challenges for the energy sector. This scenario will be enabled through so-called microgrids and energy islands. .

Delivering on the benefits of data: How utilities can get the first-mover advantage

CGI

Delivering on the benefits of data: How utilities can get the first-mover advantage. With the energy transition underway, there is a similar bold “rethink” taking place in the way energy companies view solutions, particularly around managing data. However, there is still ground to be covered before the near real-time data requirements of distributed energy resources, balancing and consumer access are met.

TSA Issues Directive to Enhance Pipeline Cybersecurity

Data Matters

Department of Homeland Security’s Transportation Security Administration (“TSA”) issued a Security Directive , “Enhancing Pipeline Cybersecurity” on May 28, laying out new cybersecurity requirements for operators of liquids and natural gas pipelines and LNG facilities designated as critical infrastructure. Critical Infrastructure Cybersecurity Energy Information Security National Security PolicyThe U.S.

FERC issues notice of proposed rulemaking to extend reporting requirements for cyberattacks targeting the energy sector

Data Protection Report

Department of Homeland Security (DHS) held public briefings about an attempt by a state-sponsored Russian hacking group to target control systems for U.S. DHS’ webinar explained that the hackers obtained access to vendors providing computer services to electric utilities companies. This initial access enabled the hackers to gain entry to power company control systems through a complex series of security compromises lasting quite some time. On July 23 and 25, 2018, the U.S.

'Cyber blindspot' threatens energy companies spending too little

Information Management Resources

Amid rising threats, utilities are now spending less than 0.2 Cyber security Data security Cyber attackspercent of their revenue on cybersecurity, at least a third less than financial institutions.

Breach Reveal: PG&E Exposed 30,000 Sensitive Records

Data Breach Today

Previously Unnamed Utility Reached Record $2.7 energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E Million Settlement Agreement A previously unnamed U.S.

Electrification: a lottery ticket that utilities must claim

CGI

Electrification: a lottery ticket that utilities must claim. Utilities face a fundamental dilemma. Due to unprecedented pressure to support the move to an energy-efficient and low-carbon system, they face the paradox of encouraging consumers to consume less of what they sell and distribute—electricity. Is there a lottery ticket for utilities around the corner ? However, this will not happen without a strong commitment and effort from utilities.

European Utility Week 2018: Top 5 takeaways and the call to ‘journey together’

CGI

European Utility Week 2018: Top 5 takeaways and the call to ‘journey together’. This ancient African proverb sums up, quite accurately, the sentiment at the recently concluded European Utility Week (EUW) 2018. Among the event’s numerous sessions and conversations on the low carbon energy program, energy markets and digitalization, what stood out was an overarching call to ‘journey together’. Ensuring system stability and grid security.

Not all blockchains are created equal when it comes to energy consumption

CGI

Not all blockchains are created equal when it comes to energy consumption. As we talk with clients about blockchain implementations at scale, a question we often get is, “What about the high-energy consumption?” This is a common misconception, as only some blockchain implementations are big energy consumers. How that trust is built affects the amount of energy required. A key concept in understanding blockchain energy consumption is the consensus algorithm.

Securing the electricity network: Understanding the unique ICS environment of a utility

CGI

Securing the electricity network: Understanding the unique ICS environment of a utility. As utilities and energy delivery systems begin to seek the benefits that the convergence of information technology (IT) and operational technology (OT) offers, they also face the challenge of increased vulnerability to cyberattacks. Potential impact of security breaches. More points to secure. Securing the future.

Tiao Discusses Utilities’ Concerns in Sharing Information with the Government

Hunton Privacy

Tiao was featured on Platts Energy Week discussing the importance of the homeland security partnership between electric utility companies and the U.S. Utilities Wary of Sharing Grid Risks,” Tiao talked about the recent leak to The Wall Street Journal of a sensitive internal memo at the Federal Energy Regulatory Commission that revealed potential vulnerabilities in the electricity grid. View the Platts Energy Week feature with Paul Tiao.

Department of Energy Announces New Efforts in Energy Sector Cybersecurity

Hunton Privacy

On May 14, 2018, the Department of Energy (“DOE”) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (the “Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Multiyear Plan for Energy Sector Cybersecurity. energy sector.

Utilities Digital Journey Insights (Part 3): Data, the new “digital capital” - Going beyond the hype of advanced analytics and AI

CGI

Utilities Digital Journey Insights (Part 3): Data, the new “digital capital” - Going beyond the hype of advanced analytics and AI. This series of blog posts builds on the 2018 CGI Client Global Insights, providing insights into how utilities are making progress toward digital transformation. The findings and perspectives are based on 1,400 in-person interviews with business and IT executives, of which 127 are from the utilities industry. So where do utilities stand?

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. the security posture of vendor partners).

The Growing Presence (and Security Risks) of IoT

Thales Cloud Protection & Licensing

That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs. The issue is that these tens of billions of new devices will likely amplify the inherent security risks of IoT. Bad actors can subsequently exploit these security weaknesses to accomplish a number of malicious purposes. Meet security compliance regulations.

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

And yet we are overlooking profound privacy and security ramifications. billion IoT devices in use as of 2017, half are consumer gadgets, like smart TVs, speakers, watches, baby cams and home thermostats; much of the rest is made up of things like smart electric meters and security cameras in corporate and government use. This will be led by the manufacturing, consumer, transportation and utilities sectors. Security-by-design lacking.

IoT 142

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The report doesn’t include the name of the utility company that suffered the incident. utilities are required to notify DOE within one hour of a cyber attack against their systems.

Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?

Security Affairs

Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The attack was detailed by California-based cybersecurity firm Area 1 Security in a report. appeared first on Security Affairs.

FBI confirmed that Darkside ransomware gang hit Colonial Pipeline

Security Affairs

Colonial Pipeline is not the first organization in the oil and energy industry targeted by the Darkside ransomware gang, in February the group the Brazilian state-owned electric utility company Copel. The U.S.

Is the recent accident at Iran Natanz nuclear plant a cyber attack?

Security Affairs

The “accident” impacted the electricity distribution network at Iran’s Natanz nuclear facility, Atomic Energy Organization of Iran spokesman Behrouz Kamalvandi told the Iranian Fars News Agency. . appeared first on Security Affairs.

What the Blockchain Taught Us about IT Security

Security Affairs

It is not just about security, but in utilizing Blockchain to secure your company and your information. With how fast technology is improving and being included in everyday activities or jobs to make them fast and efficient, it is important to make sure you are secured, especially when on the internet. But it is not just about security, but in utilizing Blockchains to secure your company and your information. Energy Efficiency.

Hackers Target Oil Producers During COVID-19 Slump

Security Affairs

Real-Life Examples of Spear-Phishing Attacks in the Energy Production Sector. The threat of spear-phishing for energy companies is, unfortunately, not a theoretical one. Why are cyberattacks in the energy industry suddenly on the rise? The Energy Industry Must Remain Vigilant.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient

Once the disk is mounted, the script invokes the BitLocker utility to encrypt the drive. Once we’ve found the correct storage image, then it can be encrypted using the Virtualbox management utility. In the screenshot below, the Virtualbox management utility collects the password that we’ll use to encrypt, then unlock the VM during the boot process. For more information, or for help assessing the security of your web applications, just contact us at Perficient.

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The report doesn’t include the name of the utility company that suffered the incident. utilities are required to notify DOE within one hour of a cyber attack against their systems.

DHS and FBI – Hackers Are Targeting US Nuclear, Energy, and Manufacturing Facilities

Privacy and Cybersecurity Law

According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. If you or your enterprise is engaged in the energy or manufacturing sectors, cyber threat preparation and monitoring is your first line of defense against bad actors.