Cybersecurity

In January 2021, a hacker accessed the digital infrastructure controlling the water supply for Oldsmar, a Florida city of 15,000 people. The bad actor attempted to manipulate the city’s water supply, exploiting a vulnerability in the company’s IT-grade remote access software to alter levels of sodium hydroxide in the water supply, raising its concentration to […]

For the better part of the past decade, utility companies have been more concerned with the potential for outages than cyberattacks, but this has changed over the past several months. The Colonial Pipeline ransomware attack and the remote cyberattack on a Florida water treatment plant put cybersecurity top-of-mind and made it clear hackers can do […]

In December 2020, the U.S. Department of Energy announced a new subcommittee focused on the nation’s electric grid. The Grid Resilience for National Security subcommittee was a response to increasing threats to the country’s expansive electric grid that reliably delivers electricity to power the digital age. Today, those threats are even more relevant than ever […]

  COMMENTARY Supply chain security is top of mind these days for policymakers and regulators focused on protecting the utility industry and other critical infrastructure. A cyber vulnerability with a single supplier can take down an entire supply chain network and the entities that use its products. The organizations that support and supply products and […]

POWER and Chemical Engineering magazines are hosting the fifth annual Connected Plant Conference (CPC), taking place Aug. 30–Sept. 1, 2021, at the Renaissance Austin Hotel in Austin, Texas. CPC is the only event specifically covering the digital transformation taking place in the power generation and chemical process industries. CPC includes a look at the technology […]

The Biden administration is moving to add more safeguards to the nation’s critical infrastructure by establishing a new voluntary public-private collaboration that will focus wholly on industrial control systems (ICS) cybersecurity. The administration formally launched the “Industrial Control Systems Cybersecurity Initiative” in the “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems” signed by […]

IBM Security reported on July 28 that the average cost of recent data breaches was $4.24 million per incident, the highest cost ever recorded by the company in 17 years of tracking the metric. Notably, data breaches in the U.S. were by far the costliest, exceeding $9 million per incident on average. The findings were […]

In early May 2021, a Russian cyber-criminal group hit Colonial Pipeline, the largest U.S. oil and natural gas pipeline system, with a devastating ransomware attack. The exploit maliciously encrypts computer files, making them inaccessible unless the victim pays a ransom. To contain the threat, Colonial was forced to temporarily shut down portions of its operations […]

How do you protect yourselves from cybercriminals that plan to hold your organization for ransom? These criminals are intelligent, extremely computer literate, and know that production facilities, the utility sector, and mainly the power sector are ripe for ransom threats. The criminal hack organization known as DarkSide created a malicious computer code that resulted in […]

When securing network assets, a long and often complex list of configurations must be performed to ensure industrial control systems have the appropriate cyber protection. This article presents a systematic

Owners and operators of the 100 most “critical” hazardous liquid and natural gas pipelines, and liquefied natural gas (LNG) facilities will need to act within the next 30 days to align with federal cybersecurity guidance under new mandates issued by the Transportation Security Administration (TSA). The TSA’s May 27-issued pipeline-focused security directive is a notable, […]

The Biden administration this week issued a new spate of actions to bolster the nation’s cybersecurity, though details of its 100-day plan issued last month to address risks to the U.S. bulk power system (BPS) remain scant. In a May 11 notice, the president said his administration would continue, for one year, a national emergency declared […]

A ransomware incident on May 7 that prompted Colonial Pipeline Co., owner of the nation’s largest refined products pipeline, to proactively shut it down underscores the punch cyberthreats can pose to organizations, “regardless of size or sector,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned.   Five days after Colonial Pipeline first learned it was the […]

Managing a nationwide system of assets providing power generation, transmission, and distribution, which underpin the energy sector, can be a challenging endeavor. Particularly when you take into account the vast array of modern and legacy technologies that may not work in harmony together. For energy professionals, the stakes could not be higher. Prolonged outages as […]

Two recent incidents have made the cost of not protecting our infrastructure and natural resources abundantly clear. First, there was the widely publicized SolarWinds attack that infected more than a dozen utility companies, and oil and gas manufacturing entities. Then, there was a dangerous incident in Florida, where a hacker gained access to a water […]

The utility industry has undergone a remarkable shift over the past 10 years. What was traditionally a one-way commodity electron-flow to customers has now become bidirectional traffic of both electrons and bytes. With the rise of distributed energy resources (DERs) and customer demands for improved energy efficiency, utilities are handling an increasing amount of useful […]

President Joe Biden on his first day in office sent a clear signal that he would not follow his predecessor’s policies with respect to energy and climate issues. On Jan. 20, 2021, Biden signed Executive

GE Digital’s OpShield technology to be integrated into Bayshore Networks’ solutions DURHAM, N.C., Feb. 8, 2021 /PRNewswire/ — Bayshore Networks and GE Digital today announced an expansion to their partnership to integrate their solutions to address the growing need to secure industrial and critical infrastructure networks. GE Digital’s OpShield technology will be integrated into Bayshore Networks’ advanced […]

Over the last several years, cyber actors and online criminal gangs have used cyber warfare to disrupt business and infrastructure across the globe. Today, they are becoming even more aggressive and are using their resources to target Operations Technology (OT) and Industrial Control System (ICS) networks. According to the Canadian government’s Canadian Centre for Cyber […]

The case for advanced analytics and remote diagnostics During the last 25 years significant advancements have been made in remote monitoring capabilities for power plants. A number of operations and maintenance (O&M) functions can routinely be managed remotely, and it is also becoming more common for peaking and renewable energy plants to be remotely operated […]

Operational technology (OT) electronics and networks for manufacturing, energy production, and virtually every other industrial application, are targets for cyberattacks. For infrastructure-related companies, such as power producers, transportation, and water plants, the OT networks are not only the revenue producers, but also important targets for destabilizing national security. Successful attacks can be destructive and costly, […]

The Department of Energy (DOE) has issued a “prohibition order” in line with President Trump’s May 2020 broad bulk power system (BPS) security executive order (EO 13920) that will ban some utility procurement of specific grid equipment from China.  When it takes effect on Jan. 16, 2021, the Dec. 17–issued “Prohibition Order Securing Critical Defense […]

As long as products have had ethernet ports, people have been asking for remote access to them. They believed they could just plug the devices into the internet, and it would all work. At first, there wasn’t necessarily a clear path to making this dream a reality without assistance from the user’s IT department. IT […]

The North American Energy Standards Board (NAESB), a wholesale and retail natural gas and power industry forum comprising 300 corporate members, will initially focus its standards development to support cybersecurity and blockchain out of 11 digital technologies it identified that are quickly transforming the energy space.  The board’s April 2019–formed Digital Committee, which comprises 16 […]

Even before the Stuxnet malware program made international headlines in 2010, cybersecurity was an important issue for utility companies. In the aftermath of one of the largest attacks on supervisory control