Siemens Shares Incident Response Playbook for Energy Infrastructure

Dark Reading

The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts

Coronavirus-themed campaign targets energy sector with PoetRAT

Security Affairs

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors. . The malware infected ICS and SCADA systems used to control the wind turbines within the renewable energy sector.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

DoS attack the caused disruption at US power utility exploited a known flaw

Security Affairs

A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. In May, the Department of Energy confirmed that on March 5, 2019, between 9 a.m. SecurityAffairs – power utility, hacking).

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs)

CGI

Cybersecurity in utilities: Critical questions for securing distributed energy resources (DERs). The energy transition is driving a shift toward the increasing use of distributed energy resources (DERs). Security is no longer just an IT responsibility.

US Utilities Targeted with LookBack RAT in a new phishing campaign

Security Affairs

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. targeting three US companies in the utility sector.

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

Security Affairs

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack.

European cooperation on flexibility to accelerate the energy transition

CGI

European cooperation on flexibility to accelerate the energy transition. Early in September, we invited a number of our clients from around Europe to participate in a roundtable discussion on energy flexibility. Read more about energy flexibility.

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

“The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed.”

NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs

Data Matters

On January 25, 2019, the North American Electric Reliability Corporation (“NERC”) asked the Federal Energy Regulatory Commission (“FERC”) to approve a settlement issuing a record $10 million fine against an unidentified utility resulting from violations of critical infrastructure protection standards (“CIP”) occurring mostly between 2015 and 2018 (referred to hereafter as the “Settlement Agreement”). Cybersecurity Energy Enforcement Information Security National Security

Embracing digital technologies to build a low-carbon society: Are local energy communities the answer?

CGI

Embracing digital technologies to build a low-carbon society: Are local energy communities the answer? Are local energy communities the answer? The current energy system is demand led and is a centralized top-down system—essentially one-way traffic from production to consumption.

Darwin’s advice to the energy sector: get agile!

CGI

Darwin’s advice to the energy sector: get agile! What does Charles Darwin have to do with digital transformation in the energy sector? Biggest challenges for the energy sector. This scenario will be enabled through so-called microgrids and energy islands. .

Delivering on the benefits of data: How utilities can get the first-mover advantage

CGI

Delivering on the benefits of data: How utilities can get the first-mover advantage. With the energy transition underway, there is a similar bold “rethink” taking place in the way energy companies view solutions, particularly around managing data.

Not all blockchains are created equal when it comes to energy consumption

CGI

Not all blockchains are created equal when it comes to energy consumption. As we talk with clients about blockchain implementations at scale, a question we often get is, “What about the high-energy consumption?” How that trust is built affects the amount of energy required.

FERC issues notice of proposed rulemaking to extend reporting requirements for cyberattacks targeting the energy sector

Data Protection Report

Department of Homeland Security (DHS) held public briefings about an attempt by a state-sponsored Russian hacking group to target control systems for U.S. DHS’ webinar explained that the hackers obtained access to vendors providing computer services to electric utilities companies. This initial access enabled the hackers to gain entry to power company control systems through a complex series of security compromises lasting quite some time. On July 23 and 25, 2018, the U.S.

European Utility Week 2018: Top 5 takeaways and the call to ‘journey together’

CGI

European Utility Week 2018: Top 5 takeaways and the call to ‘journey together’. This ancient African proverb sums up, quite accurately, the sentiment at the recently concluded European Utility Week (EUW) 2018. Ensuring system stability and grid security.

Breach Reveal: PG&E Exposed 30,000 Sensitive Records

Data Breach Today

Previously Unnamed Utility Reached Record $2.7 energy company that agreed to a record $2.7 Million Settlement Agreement A previously unnamed U.S.

'Cyber blindspot' threatens energy companies spending too little

Information Management Resources

Amid rising threats, utilities are now spending less than 0.2 Cyber security Data security Cyber attackspercent of their revenue on cybersecurity, at least a third less than financial institutions.

Electrification: a lottery ticket that utilities must claim

CGI

Electrification: a lottery ticket that utilities must claim. Utilities face a fundamental dilemma. Due to unprecedented pressure to support the move to an energy-efficient and low-carbon system, they face the paradox of encouraging consumers to consume less of what they sell and distribute—electricity. Is there a lottery ticket for utilities around the corner ? However, this will not happen without a strong commitment and effort from utilities.

Securing the electricity network: Understanding the unique ICS environment of a utility

CGI

Securing the electricity network: Understanding the unique ICS environment of a utility. As utilities and energy delivery systems begin to seek the benefits that the convergence of information technology (IT) and operational technology (OT) offers, they also face the challenge of increased vulnerability to cyberattacks. Potential impact of security breaches. More points to secure. Securing the future.

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

That pace is unlikely to slow down over the coming years; Pagely noted that organizations are still turning to IoT devices as a way to automate and optimize their business processes as well as save on energy costs. Meet security compliance regulations. Data security

IoT 126

Scanning for Flaws, Scoring for Security

Krebs on Security

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices?

Utilities Digital Journey Insights (Part 3): Data, the new “digital capital” - Going beyond the hype of advanced analytics and AI

CGI

Utilities Digital Journey Insights (Part 3): Data, the new “digital capital” - Going beyond the hype of advanced analytics and AI. This series of blog posts builds on the 2018 CGI Client Global Insights, providing insights into how utilities are making progress toward digital transformation.

Tiao Discusses Utilities’ Concerns in Sharing Information with the Government

Hunton Privacy

Tiao was featured on Platts Energy Week discussing the importance of the homeland security partnership between electric utility companies and the U.S. Utilities Wary of Sharing Grid Risks,” Tiao talked about the recent leak to The Wall Street Journal of a sensitive internal memo at the Federal Energy Regulatory Commission that revealed potential vulnerabilities in the electricity grid. View the Platts Energy Week feature with Paul Tiao.

Department of Energy Announces New Efforts in Energy Sector Cybersecurity

Hunton Privacy

On May 14, 2018, the Department of Energy (“DOE”) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (the “Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Multiyear Plan for Energy Sector Cybersecurity. energy sector.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Once the disk is mounted, the script invokes the BitLocker utility to encrypt the drive. Once we’ve found the correct storage image, then it can be encrypted using the Virtualbox management utility.

Why Russian APT Fancy Bear hacked the Ukrainian energy firm Burisma?

Security Affairs

Russia-linked cyber-espionage group hacked the Ukrainian energy company Burisma at the center of the impeachment trial of US President Donald Trump. The attack was detailed by California-based cybersecurity firm Area 1 Security in a report. appeared first on Security Affairs.

Hackers Target Oil Producers During COVID-19 Slump

Security Affairs

Real-Life Examples of Spear-Phishing Attacks in the Energy Production Sector. The threat of spear-phishing for energy companies is, unfortunately, not a theoretical one. Why are cyberattacks in the energy industry suddenly on the rise? The Energy Industry Must Remain Vigilant.

What the Blockchain Taught Us about IT Security

Security Affairs

It is not just about security, but in utilizing Blockchain to secure your company and your information. But it is not just about security, but in utilizing Blockchains to secure your company and your information. Energy Efficiency.

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

And yet we are overlooking profound privacy and security ramifications. billion IoT devices in use as of 2017, half are consumer gadgets, like smart TVs, speakers, watches, baby cams and home thermostats; much of the rest is made up of things like smart electric meters and security cameras in corporate and government use. This will be led by the manufacturing, consumer, transportation and utilities sectors. Security-by-design lacking.

IoT 156

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The report doesn’t include the name of the utility company that suffered the incident. utilities are required to notify DOE within one hour of a cyber attack against their systems.

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. One of the victims of the ransomware is the energy giant Energias de Portugal (EDP) , where the attackers claimed to have stolen 10 TB of files.

Protecting America’s Critical Infrastructure

Thales eSecurity

From taking a shower, to brewing your coffee, and watching the news, your morning routine is fueled by the energy sector. Unfortunately, the energy sector is of great interest to cyber attackers today. Best Practices to Secure Critical Infrastructure. Data security

Johannesburg residents left in the dark after a ransomware attack at City Power

Security Affairs

South African electric utility City Power that provides energy to the city of Johannesburg, has suffered serious disruptions after a ransomware attack. The post Johannesburg residents left in the dark after a ransomware attack at City Power appeared first on Security Affairs.

Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits

The Security Ledger

» Related Stories Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Episode 159: Deep Fakes and Election (in)Security with ZeroFOX Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy.

DHS CISA warns of Critical issues in Medtronic Medical equipment

Security Affairs

Department of Homeland Security (DHS) warns of critical flaws impacting Medtronic Valleylab products that could allow hackers to overwrite files and achieve remote code execution. and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0

A ‘Cyber Event’ disrupted power grid operations in three US states

Security Affairs

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The report doesn’t include the name of the utility company that suffered the incident. utilities are required to notify DOE within one hour of a cyber attack against their systems.

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

Hy-Vee said it believes the breach does not affect payment card terminals used at its grocery store checkout lanes, pharmacies or convenience stores, as these systems rely on a security technology designed to defeat card-skimming malware.

Sales 237

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

The attacks targeted a major utility provider, a university, and a government agency in the United States, a health agency in Canada, a health insurance provider, an energy company in Australia, and a European medical publishing company to deliver various malware families.

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” Before that, Middle East computer security was almost non-existent.

Leak of Grid Vulnerabilities Creates National Security Risks

Hunton Privacy

The recent leak of an internal memo to the former Chair of the Federal Energy Regulatory Commission, which was widely reported by national news media, has created a national security setback for the United States. In an article published in Intelligent Utility Update , Hunton & Williams partner Paul M. Tiao discusses the effects of the leak on national security and on the relationship between the energy industry and the government.