Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]
The names of bulk power system entities that violate federal critical infrastructure cybersecurity reliability standards—along with identification of standards violated and penalties assessed—may soon be routinely disclosed under changes proposed by the Federal Energy Regulatory Commission (FERC) and the North American Reliability Corp. (NERC). The proposed changes, which FERC and NERC outlined in an Aug. […]
XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows. “In February 2019, Dragos identified a change in […]
The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multi-year strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that
Depending on the hazard field, electromagnetic pulses (EMPs) resulting from detonation of a nuclear weapon at high altitude or in space could cause significant damage to electronics on the bulk power system and even prompt a regional voltage collapse, the Electric Power Research Institute (EPRI) says in much-anticipated findings from its three-year study on high-altitude […]
The malicious threat landscape for industrial control systems (ICSs) is constantly evolving and getting more sophisticated, thereby raising the need to have visibility, implement protective controls, and perform continuous monitoring. As a result, it is important to take a look at the attack vectors of some malware/malicious events—such as Triton—that have occurred over the last […]
The smart grid offers great promise to transform the electric system, enabling two-way communication between providers and consumers over the network, and allowing new services that can save electricity and
Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April 10 blog post was perpetrated by the group behind the TRITON attack, which prompted a process shutdown at a Middle Eastern facility in 2017. But while details of the new attack are sparse, […]
The world’s first autonomous combined cycle power plant is currently under construction at the Takasago Machinery Works facility in Japan, and it will be operational by 2020, according to Mitsubishi Hitachi
When conversations around the power industry turn to computer hacking, more often than not experts say it’s not a question of if, but rather, how systems have been compromised. William Doering, adjunct professor in the online Master’s in Business Administration program at Maryville University and a director with Guidehouse—a management consulting services provider—said he has participated […]
