cybersecurity

The Federal Energy Regulatory Commission (FERC) has ordered the North American Electric Reliability Corp. (NERC) to broaden, within six months, its Critical Infrastructure Protection (CIP) reliability standards to include mandatory reporting of cybersecurity incidents that could harm the bulk electric system (BES). FERC’s Order No. 848issued on July 19 directs NERC to develop and submit […]

A bill codifying the Department of Homeland Security’s (DHS’s) role in addressing industrial control systems (ICS) cybersecurity has cleared the U.S. House of Representatives. While H.R. 5733, “DHS Industrial Control Systems Capabilities Enhancement Act,” contains no mandates for the private sector, it directs the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to develop and maintain […]

The U.S. Department of the Treasury on June 11 slapped sanctions on five Russian firms and three Russian individuals for several “significant” malicious cyber-enabled activities, including cyber intrusions in the U.S. energy grid. The department’s Office of Foreign Assets Control said the sanctions are authorized under President Obama’s Executive Order 13694, “Blocking the Property of Certain […]

On May 14, 2018, the Department of Energy (DOE) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (“Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Taken together with DOE’s […]

A relatively new cyberattack threat activity group dubbed “XENOTIME” is intent on compromising and disrupting industry safety instrumented systems globally, and cybersecurity experts are warning it is “easily the most dangerous threat activity publicly known.” According to  global industrial control system (ICS) cybersecurity firm Dragos Inc., XENOTIME is behind TRISIS (also known as TRITON), the […]

Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry. The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which […]

The U.S. Department of Energy (DOE) over the past two weeks has made a string of funding announcements, including nearly a half-billion dollars of new investment in power-related initiatives. The funding backs advancements in cybersecurity, advanced nuclear, solar, bioenergy, fuel cells, geothermal, and energy storage. $25 Million for Cybersecurity.On April 16, the DOE’s Office of […]

Malware-based attacks against utilities and power plants are increasing six-fold according to a recent federal report. Power plants have become an appealing target because of a lack of detection and monitoring

Lawmakers, industry, and government entities, including the Department of Energy (DOE) and the National Institute of Standards and Technology (NIST), this week released a string of measures responding to mounting cybersecurity attacks by state-sponsored actors. A Revised Cybersecurity Framework On April 16, the Commerce Department’s NIST, a federal standards laboratory, released an updated version of […]

Russian state-sponsored cyber actors are exploiting routers and other network infrastructure devices worldwide to conduct man-in-the-middle attacks that specifically target critical infrastructure providers and other sectors, the U.S. Department of Homeland Security (DHS), the FBI, and the UK’s National Cyber Security Centre (NCSC) warned in a new joint technical alert. In the U.S. Computer Emergency […]