Cybersecurity

Framingham, MA — Positive Technologies experts have discovered a total of 17 vulnerabilities in the SPPA-T3000. Vladimir Nazarov, Head of ICS Security at Positive Technologies, said: “By exploiting some of these vulnerabilities, an attacker could run arbitrary code on an application server, which is one of the key components of the SPPA-T3000 distributed control system. […]

A nationwide survey of state utility commissions suggests regulators are increasingly grappling with issues that could “profoundly” alter energy delivery and utility business models. However, over the next decade, they expect central station generation will continue to dominate state portfolios, and utility-scale solar growth will surpass customer-owned photovoltaic (PV).  The survey to take the “regulatory […]

Many networks across a variety of verticals including government, military, financial services, power plants, and industrial manufacturing have been so-called “air-gapped.” This means they are physically and logically isolated from other networks where communication between these networks is not physically or logically possible. This can be a good thing or bad thing depending on your […]

Market forces are playing as much if not more of a role than regulatory policy in the transition from fossil-fueled power generation to renewables, as utilities in the U.S. and worldwide establish decarbonization goals. That was the message from Bill Ritter Jr., former governor of Colorado, during his keynote address at POWER’s Distributed Energy Conference […]

Malware detected at the Kundankulam nuclear power plant in India’s state of Tamil Nadu has not affected plant systems, an investigation by Nuclear Power Corp. of India (NPCIL), the nation’s nuclear plant operator, confirms.  The entity said in a press release on Oct. 30 that it discovered the malware on Sept. 4 on the personal […]

What does it mean to have “extreme visibility” in an operational technology (OT) environment? According to Claroty, a New York-based company that offers cybersecurity products for industrial control systems, it’s having the ability to see all assets on a network, knowing what they are, and understanding what functions they perform. The company says the more […]

Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]

The names of bulk power system entities that violate federal critical infrastructure cybersecurity reliability standards—along with identification of standards violated and penalties assessed—may soon be routinely disclosed under changes proposed by the Federal Energy Regulatory Commission (FERC) and the North American Reliability Corp. (NERC).  The proposed changes, which FERC and NERC outlined in an Aug. […]

XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows.  “In February 2019, Dragos identified a change in […]

The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multi-year strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that