IIOT Cyber

Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully

It’s an exciting era in energy generation. The rapid adoption of IT systems and networked technology has enabled new business models and catalyzed production decentralization. However, with innovation comes

The power sector’s terror of a debilitating cybersecurity attack is magnified seemingly every day as new vulnerabilities or destructive threat actors are identified. But according to several industrial

Entities with industrial control systems (ICS) associated with bulk electric system (BES) operations must develop and implement plans that include security controls for supply chain management, the Federal Energy Regulatory Commission (FERC) ordered in a final rule that formally adopts three new critical infrastructure protection (CIP) reliability standards.  FERC on October 18 issued Order No. […]

BlackEnergy, the malware used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015, has a successor—GreyEnergy. A group is using the malware to target industrial networks outside Ukraine, researchers  from Slovakian cybersecurity firm ESET warn.  The researchers said in an October 17–released white paper that analysis of the previously undocumented GreyEnergy […]

Cybersecurity experts have identified a new activity group that they say is targeting access operations at electric utilities in the U.S., Europe, Middle East, and East Asia.  Cybersecurity firm Dragos Inc. told POWER on August 1 that though it has confirmed that the group—which it dubbed “RASPITE”—is actively targeting electric utilities, “there is no current indication […]

A bill codifying the Department of Homeland Security’s (DHS’s) role in addressing industrial control systems (ICS) cybersecurity has cleared the U.S. House of Representatives. While H.R. 5733, “DHS Industrial Control Systems Capabilities Enhancement Act,” contains no mandates for the private sector, it directs the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to develop and maintain […]

On May 14, 2018, the Department of Energy (DOE) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (“Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Taken together with DOE’s […]

A relatively new cyberattack threat activity group dubbed “XENOTIME” is intent on compromising and disrupting industry safety instrumented systems globally, and cybersecurity experts are warning it is “easily the most dangerous threat activity publicly known.” According to  global industrial control system (ICS) cybersecurity firm Dragos Inc., XENOTIME is behind TRISIS (also known as TRITON), the […]

Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry. The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which […]

Lawmakers, industry, and government entities, including the Department of Energy (DOE) and the National Institute of Standards and Technology (NIST), this week released a string of measures responding to mounting cybersecurity attacks by state-sponsored actors. A Revised Cybersecurity Framework On April 16, the Commerce Department’s NIST, a federal standards laboratory, released an updated version of […]

Russian state-sponsored cyber actors are exploiting routers and other network infrastructure devices worldwide to conduct man-in-the-middle attacks that specifically target critical infrastructure providers and other sectors, the U.S. Department of Homeland Security (DHS), the FBI, and the UK’s National Cyber Security Centre (NCSC) warned in a new joint technical alert. In the U.S. Computer Emergency […]

  Defense-in-depth is a concept that is already widely deployed by many organizations within their IT infrastructures. However, many organizations do not apply it to their industrial control system (ICS) operations, owing mostly to obscure protocols. But as IT and ICS architectures converge and high-profile cybersecurity incidents mount, a robust, holistic defense-in-depth solution may be […]

The energy industry must work together to restore trust in the digital age.   When Hurricane Harvey hit, Houston knew what to do. Emergency response plans went immediately into effect to save lives and jump-start a long recovery. But as energy leaders convene here in the world’s energy capital for CERAWeek, we need to ask […]

Cybersecurity is a topic covered frequently in the pages of POWER magazine, and one that all power plants need to take seriously. A recent simulation proved that the consequences of a hack can be grave. The drill took place in Sweden, but could have been conducted anywhere in the world. The attack used plant control […]

Organizations across every industry today face a wide range of cyber threats and serious security challenges from various vectors. A top concern among these is the persistence cybersecurity experts are seeing

The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) warned in an e-mail on October 20 that an ongoing cyberattack campaign is targeting the nuclear, energy, and other critical infrastructure sectors since at least May 2017—with results ranging from cyber espionage to the ability to disrupt energy systems in the event of […]

A group has launched a new wave of cyberattacks aimed at severely disrupting operations in the European and North American energy sectors, IT security firm Symantec warns. Dragonfly, a group that has been in operation since at least 2011, has re-emerged over the past two years, the firm said in an official blog posting on […]