IIOT Cyber

Several major power companies have launched a software assurance database that will serve as a software bill of materials (SBOM) repository for the power industry. Part of a long-sought solution to address a critical supply chain cybersecurity risk, the collaborative effort announced on Feb. 8 seeks to help vendors identify and remediate vulnerabilities in software […]

The energy and utilities sector is not just the lifeblood of the world’s economy, but fundamental to society’s existence as a whole. Yet, recent events have highlighted just how volatile and unpredictable it can be. Output is influenced by everything from weather patterns to war, and no business, consumer, or household is immune from the […]

With the advent and implementation of smart grid infrastructure across power utilities, there has been a paradigm shift in the efficiencies of the grid. The use of digital communication technology has led to high-speed communication enablement across various components as well as better data analysis and real-time control. This has proven to be advantageous not […]

In January, the U.S. Department of Energy (DoE) launched its new Building a Better Grid initiative. The DoE’s stated intention for the program is to create a more robust transmission system that will restore the nation’s electrical grid through expanded access and greater resilience. The initiative emphasizes supporting generation and distribution of clean energy, and […]

Behind the digital tools that make the industrial internet of things (IIOT) in the power generation and chemical process industries are people. The 2021 Connected Plant Conference in Austin, Texas recognized the achievements of several individuals and companies who are fast risers in the field. Through insight and experience, these “Game Changer” champions have contributed […]

For the better part of the past decade, utility companies have been more concerned with the potential for outages than cyberattacks, but this has changed over the past several months. The Colonial Pipeline ransomware attack and the remote cyberattack on a Florida water treatment plant put cybersecurity top-of-mind and made it clear hackers can do […]

  COMMENTARY Supply chain security is top of mind these days for policymakers and regulators focused on protecting the utility industry and other critical infrastructure. A cyber vulnerability with a single supplier can take down an entire supply chain network and the entities that use its products. The organizations that support and supply products and […]

The Biden administration this week issued a new spate of actions to bolster the nation’s cybersecurity, though details of its 100-day plan issued last month to address risks to the U.S. bulk power system (BPS) remain scant. In a May 11 notice, the president said his administration would continue, for one year, a national emergency declared […]

GE Digital’s OpShield technology to be integrated into Bayshore Networks’ solutions DURHAM, N.C., Feb. 8, 2021 /PRNewswire/ — Bayshore Networks and GE Digital today announced an expansion to their partnership to integrate their solutions to address the growing need to secure industrial and critical infrastructure networks. GE Digital’s OpShield technology will be integrated into Bayshore Networks’ advanced […]

The North American Energy Standards Board (NAESB), a wholesale and retail natural gas and power industry forum comprising 300 corporate members, will initially focus its standards development to support cybersecurity and blockchain out of 11 digital technologies it identified that are quickly transforming the energy space.  The board’s April 2019–formed Digital Committee, which comprises 16 […]

Electric-power and gas companies are especially vulnerable to cyberattacks, but a structured approach that applies communication, organizational, and process frameworks can significantly reduce cyber-related risks. In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors […]

Earlier this year, MITRE—a not-for-profit organization that works in the public interest across federal, state, and local governments, as well as with industry and academia—officially released the long-awaited industrial control systems (ICS) version of its popular ATT&CK knowledge base. ICS ATT&CK is the group’s response to the unique attack surface that industrial networks are trying […]

Malware detected at the Kundankulam nuclear power plant in India’s state of Tamil Nadu has not affected plant systems, an investigation by Nuclear Power Corp. of India (NPCIL), the nation’s nuclear plant operator, confirms.  The entity said in a press release on Oct. 30 that it discovered the malware on Sept. 4 on the personal […]

What does it mean to have “extreme visibility” in an operational technology (OT) environment? According to Claroty, a New York-based company that offers cybersecurity products for industrial control systems, it’s having the ability to see all assets on a network, knowing what they are, and understanding what functions they perform. The company says the more […]

Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]

The names of bulk power system entities that violate federal critical infrastructure cybersecurity reliability standards—along with identification of standards violated and penalties assessed—may soon be routinely disclosed under changes proposed by the Federal Energy Regulatory Commission (FERC) and the North American Reliability Corp. (NERC).  The proposed changes, which FERC and NERC outlined in an Aug. […]

XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows.  “In February 2019, Dragos identified a change in […]

The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multi-year strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that

The malicious threat landscape for industrial control systems (ICSs) is constantly evolving and getting more sophisticated, thereby raising the need to have visibility, implement protective controls, and perform continuous monitoring. As a result, it is important to take a look at the attack vectors of some malware/malicious events—such as Triton—that have occurred over the last […]

The smart grid offers great promise to transform the electric system, enabling two-way communication between providers and consumers over the network, and allowing new services that can save electricity and

Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April 10 blog post was perpetrated by the group behind the TRITON attack, which prompted a process shutdown at a Middle Eastern facility in 2017. But while details of the new attack are sparse, […]

Cyber-attacks on industrial control systems (ICSs) are no longer a hypothetical. As pieced together by the Wall Street Journal, in 2017, Russian hackers attacked a small construction company, exploiting the organization’s connections with utilities and government agencies. Through an integrator, the hackers accessed computer-network credentials, giving them the ability to get into computer systems that […]

When conversations around the power industry turn to computer hacking, more often than not experts say it’s not a question of if, but rather, how systems have been compromised. William Doering, adjunct professor in the online Master’s in Business Administration program at Maryville University and a director with Guidehouse—a management consulting services provider—said he has participated […]

Norsk Hydro, a major global aluminum producer that is also Norway’s third-largest producer of hydropower, has been stricken by an extensive cyberattack—reportedly ransomware—that forced its entire global network offline. The company powers its sizable aluminum production operations with 20 hydropower plants concentrated in Telemark, Røldal-Suldal, Sogn, and Vennesla, producing a total 10 TWh per year. […]

SUNNYVALE, Calif., Feb. 04, 2019 — Ondas Holdings Inc., through its subsidiary, Ondas Networks Inc., a developer of private licensed wireless data networks for mission-critical industrial markets, today announced the launch of Ondas Labs, a partnership program and innovation lab for advanced edge computing and connectivity in mission-critical applications. Ondas Labs will provide an innovation hub and […]

The U.S. Department of Energy (DOE) and Federal Energy Regulatory Commission (FERC) want to explore how federal and state authorities could incentivize cybersecurity and physical security in the power and natural gas sectors. The agencies issued a notice on Feb. 4 announcing they would jointly hold a technical conference on Thursday, March 28, 2019, from […]

Behind the digital tools that make the industrial internet of things (IIOT) in the power generation and chemical process industries are people. The upcoming Connected Plant Conference—Feb. 19–21, 2019, in Charlotte, North Carolina—will recognize the achievements of 11 individuals and companies who are fast risers in the field. Through insight and experience, these “Game Changer” champions […]