IIOT Cyber

The Biden administration this week issued a new spate of actions to bolster the nation’s cybersecurity, though details of its 100-day plan issued last month to address risks to the U.S. bulk power system (BPS) remain scant. In a May 11 notice, the president said his administration would continue, for one year, a national emergency declared […]

GE Digital’s OpShield technology to be integrated into Bayshore Networks’ solutions DURHAM, N.C., Feb. 8, 2021 /PRNewswire/ — Bayshore Networks and GE Digital today announced an expansion to their partnership to integrate their solutions to address the growing need to secure industrial and critical infrastructure networks. GE Digital’s OpShield technology will be integrated into Bayshore Networks’ advanced […]

The North American Energy Standards Board (NAESB), a wholesale and retail natural gas and power industry forum comprising 300 corporate members, will initially focus its standards development to support cybersecurity and blockchain out of 11 digital technologies it identified that are quickly transforming the energy space.  The board’s April 2019–formed Digital Committee, which comprises 16 […]

Electric-power and gas companies are especially vulnerable to cyberattacks, but a structured approach that applies communication, organizational, and process frameworks can significantly reduce cyber-related risks. In our experience working with utility companies, we have observed three characteristics that make the sector especially vulnerable to contemporary cyberthreats. First is an increased number of threats and actors […]

Earlier this year, MITRE—a not-for-profit organization that works in the public interest across federal, state, and local governments, as well as with industry and academia—officially released the long-awaited industrial control systems (ICS) version of its popular ATT&CK knowledge base. ICS ATT&CK is the group’s response to the unique attack surface that industrial networks are trying […]

Malware detected at the Kundankulam nuclear power plant in India’s state of Tamil Nadu has not affected plant systems, an investigation by Nuclear Power Corp. of India (NPCIL), the nation’s nuclear plant operator, confirms.  The entity said in a press release on Oct. 30 that it discovered the malware on Sept. 4 on the personal […]

What does it mean to have “extreme visibility” in an operational technology (OT) environment? According to Claroty, a New York-based company that offers cybersecurity products for industrial control systems, it’s having the ability to see all assets on a network, knowing what they are, and understanding what functions they perform. The company says the more […]

Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]

The names of bulk power system entities that violate federal critical infrastructure cybersecurity reliability standards—along with identification of standards violated and penalties assessed—may soon be routinely disclosed under changes proposed by the Federal Energy Regulatory Commission (FERC) and the North American Reliability Corp. (NERC).  The proposed changes, which FERC and NERC outlined in an Aug. […]

XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows.  “In February 2019, Dragos identified a change in […]