IIOT Cyber

Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully

The power sector’s terror of a debilitating cybersecurity attack is magnified seemingly every day as new vulnerabilities or destructive threat actors are identified. But according to several industrial

It’s an exciting era in energy generation. The rapid adoption of IT systems and networked technology has enabled new business models and catalyzed production decentralization. However, with innovation comes

Entities with industrial control systems (ICS) associated with bulk electric system (BES) operations must develop and implement plans that include security controls for supply chain management, the Federal Energy Regulatory Commission (FERC) ordered in a final rule that formally adopts three new critical infrastructure protection (CIP) reliability standards.  FERC on October 18 issued Order No. […]

BlackEnergy, the malware used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015, has a successor—GreyEnergy. A group is using the malware to target industrial networks outside Ukraine, researchers  from Slovakian cybersecurity firm ESET warn.  The researchers said in an October 17–released white paper that analysis of the previously undocumented GreyEnergy […]

Cybersecurity experts have identified a new activity group that they say is targeting access operations at electric utilities in the U.S., Europe, Middle East, and East Asia.  Cybersecurity firm Dragos Inc. told POWER on August 1 that though it has confirmed that the group—which it dubbed “RASPITE”—is actively targeting electric utilities, “there is no current indication […]

A bill codifying the Department of Homeland Security’s (DHS’s) role in addressing industrial control systems (ICS) cybersecurity has cleared the U.S. House of Representatives. While H.R. 5733, “DHS Industrial Control Systems Capabilities Enhancement Act,” contains no mandates for the private sector, it directs the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to develop and maintain […]

On May 14, 2018, the Department of Energy (DOE) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (“Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Taken together with DOE’s […]

A relatively new cyberattack threat activity group dubbed “XENOTIME” is intent on compromising and disrupting industry safety instrumented systems globally, and cybersecurity experts are warning it is “easily the most dangerous threat activity publicly known.” According to  global industrial control system (ICS) cybersecurity firm Dragos Inc., XENOTIME is behind TRISIS (also known as TRITON), the […]

Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry. The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which […]