cybersecurity

What does it mean to have “extreme visibility” in an operational technology (OT) environment? According to Claroty, a New York-based company that offers cybersecurity products for industrial control systems, it’s having the ability to see all assets on a network, knowing what they are, and understanding what functions they perform. The company says the more […]

Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]

The power grid is changing across the U.S. More distributed energy resources are being added every day. That brings challenges for power utilities, but also opportunities. John Di Stasio, president of the Large Public Power Council (LPPC), which represents 27 of the largest locally governed and operated not-for-profit electric systems in the U.S., was a […]

The names of bulk power system entities that violate federal critical infrastructure cybersecurity reliability standards—along with identification of standards violated and penalties assessed—may soon be routinely disclosed under changes proposed by the Federal Energy Regulatory Commission (FERC) and the North American Reliability Corp. (NERC).  The proposed changes, which FERC and NERC outlined in an Aug. […]

XENOTIME, a cyberthreat activity group thought responsible for TRISIS/TRITON malware attacks on safety instrumented systems (SIS) at an oil and gas Middle Eastern facility in 2017, has been probing power company networks in the U.S. and elsewhere, new intelligence from industrial control systems (ICS) security firm Dragos shows.  “In February 2019, Dragos identified a change in […]

The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multi-year strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that

The malicious threat landscape for industrial control systems (ICSs) is constantly evolving and getting more sophisticated, thereby raising the need to have visibility, implement protective controls, and perform continuous monitoring. As a result, it is important to take a look at the attack vectors of some malware/malicious events—such as Triton—that have occurred over the last […]

The smart grid offers great promise to transform the electric system, enabling two-way communication between providers and consumers over the network, and allowing new services that can save electricity and

Cybersecurity firm FireEye has uncovered and is responding to a new intrusion at an unnamed critical infrastructure facility that it suggests in an April 10 blog post was perpetrated by the group behind the TRITON attack, which prompted a process shutdown at a Middle Eastern facility in 2017. But while details of the new attack are sparse, […]

When conversations around the power industry turn to computer hacking, more often than not experts say it’s not a question of if, but rather, how systems have been compromised. William Doering, adjunct professor in the online Master’s in Business Administration program at Maryville University and a director with Guidehouse—a management consulting services provider—said he has participated […]

Norsk Hydro, a major global aluminum producer that is also Norway’s third-largest producer of hydropower, has been stricken by an extensive cyberattack—reportedly ransomware—that forced its entire global network offline. The company powers its sizable aluminum production operations with 20 hydropower plants concentrated in Telemark, Røldal-Suldal, Sogn, and Vennesla, producing a total 10 TWh per year. […]

Houston, March 14, 2019 – BlueVoyant and IronNet Cybersecurity today announced a partnership to deliver advanced, collective cyber defense and threat-detection capabilities to small-to-medium-sized energy providers in the United States. The joint offering will deliver IronNet’s threat analytics platform along with the industry’s first and only real-time collective cyber defense capability through BlueVoyant’s superior managed […]

Carol Holahan, counsel in Foley Hoag’s Energy & Cleantech practice, was a guest on The POWER Podcast. Holahan advises large regional generators and other participants in the wholesale and retail competitive electricity markets on policy initiatives, changing environmental regulations, decommissioning and sale of plants, and matters pending before the Federal Energy Regulatory Commission (FERC). During […]

New Secure Media Exchange release goes beyond malware detection to identify next wave of USB attack types, keeping human authentication part of security  HOUSTON, Feb. 4, 2019 — Honeywell (NYSE: HON) today announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) […]

The U.S. Department of Energy (DOE) and Federal Energy Regulatory Commission (FERC) want to explore how federal and state authorities could incentivize cybersecurity and physical security in the power and natural gas sectors. The agencies issued a notice on Feb. 4 announcing they would jointly hold a technical conference on Thursday, March 28, 2019, from […]

Industrial control system cybersecurity is today largely focused on securing networks, and efforts largely ignore process control equipment that is crucial for plant safety and reliability, leaving it woefully

Before industrial control systems (ICSs) were network-connected, operators had little to worry about in the way of cyber threats. But as industrial environments, such as energy utilities, become more connected, they’re exposed to vulnerabilities and attacks. ICSs are used in large amounts of critical infrastructure, including the electrical grid, transportation systems, and wastewater plants. How […]

The power sector’s terror of a debilitating cybersecurity attack is magnified seemingly every day as new vulnerabilities or destructive threat actors are identified. But according to several industrial

Supports modern plants with the digital transformation of OT and IT environments Combines Voith’s in-depth knowledge of the OT and IIoT domain with Kudelski’s expertise in hardware- and software-based cybersecurity solutions Delivers tangible cybersecurity products and services for power generation and other industrial sectors YORK, Pa. / CHESEAUX-SUR-LAUSANNE, Switzerland – Voith, a global technology group that […]

Entities with industrial control systems (ICS) associated with bulk electric system (BES) operations must develop and implement plans that include security controls for supply chain management, the Federal Energy Regulatory Commission (FERC) ordered in a final rule that formally adopts three new critical infrastructure protection (CIP) reliability standards.  FERC on October 18 issued Order No. […]

BlackEnergy, the malware used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015, has a successor—GreyEnergy. A group is using the malware to target industrial networks outside Ukraine, researchers  from Slovakian cybersecurity firm ESET warn.  The researchers said in an October 17–released white paper that analysis of the previously undocumented GreyEnergy […]

Cybersecurity experts have identified a new activity group that they say is targeting access operations at electric utilities in the U.S., Europe, Middle East, and East Asia.  Cybersecurity firm Dragos Inc. told POWER on August 1 that though it has confirmed that the group—which it dubbed “RASPITE”—is actively targeting electric utilities, “there is no current indication […]

Horizontal drilling technology and fracking techniques have created a natural gas revolution in the U.S. The future looks bright for gas-fired power generation but there are three potential storm clouds that

Department of Homeland Security (DHS) officials in a July 24 webinar said that Russian hackers infiltrated a power plant industrial control system (ICS) in an incident that could have caused a blackout last year. However, as an industrial cybersecurity expert pointed out—and a DHS spokesperson confirmed—the impact of the incident may be overstated. The expert and DHS responded to a […]

The Federal Energy Regulatory Commission (FERC) has ordered the North American Electric Reliability Corp. (NERC) to broaden, within six months, its Critical Infrastructure Protection (CIP) reliability standards to include mandatory reporting of cybersecurity incidents that could harm the bulk electric system (BES). FERC’s Order No. 848issued on July 19 directs NERC to develop and submit […]

A bill codifying the Department of Homeland Security’s (DHS’s) role in addressing industrial control systems (ICS) cybersecurity has cleared the U.S. House of Representatives. While H.R. 5733, “DHS Industrial Control Systems Capabilities Enhancement Act,” contains no mandates for the private sector, it directs the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to develop and maintain […]

The U.S. Department of the Treasury on June 11 slapped sanctions on five Russian firms and three Russian individuals for several “significant” malicious cyber-enabled activities, including cyber intrusions in the U.S. energy grid. The department’s Office of Foreign Assets Control said the sanctions are authorized under President Obama’s Executive Order 13694, “Blocking the Property of Certain […]

On May 14, 2018, the Department of Energy (DOE) Office of Electricity Delivery & Energy Reliability released its Multiyear Plan for Energy Sector Cybersecurity (“Plan”). The Plan is significantly guided by DOE’s 2006 Roadmap to Secure Control Systems in the Energy Sector and 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity. Taken together with DOE’s […]

A relatively new cyberattack threat activity group dubbed “XENOTIME” is intent on compromising and disrupting industry safety instrumented systems globally, and cybersecurity experts are warning it is “easily the most dangerous threat activity publicly known.” According to  global industrial control system (ICS) cybersecurity firm Dragos Inc., XENOTIME is behind TRISIS (also known as TRITON), the […]

Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry. The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which […]