ICS-CERT

Department of Homeland Security (DHS) officials in a July 24 webinar said that Russian hackers infiltrated a power plant industrial control system (ICS) in an incident that could have caused a blackout last year. However, as an industrial cybersecurity expert pointed out—and a DHS spokesperson confirmed—the impact of the incident may be overstated. The expert and DHS responded to a […]

The Federal Energy Regulatory Commission (FERC) has ordered the North American Electric Reliability Corp. (NERC) to broaden, within six months, its Critical Infrastructure Protection (CIP) reliability standards to include mandatory reporting of cybersecurity incidents that could harm the bulk electric system (BES). FERC’s Order No. 848issued on July 19 directs NERC to develop and submit […]

Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry. The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which […]

Understanding the threat posed to industrial control systems (ICSs) by malware is difficult. It requires knowledge of proper ICS functionality in order to identify illegitimate software. One industrial

External malicious actors deployed a “synchronized and coordinated” cyberattack to prompt the large-scale blackout in Ukraine last December, a U.S. interagency team has confirmed. The event on December 23, 2015— the world’s first power blackout prompted by a cyberattack—saw a swathe of unscheduled power outages afflict three regional power distribution companies (called the “Oblenergos”) and cut […]

Malware has apparently been used for the first time to prompt a large-scale power blackout. An attack was tied to a Dec. 23 blackout affecting about 1.4 million Ukrainians living in the Ivano-Frankivsk region, reported Ukrainian news media outlet TSN. However, Slovakian information security firm ESET later confirmed that the reported case “was not an […]

Is the sky falling? No, but are there lessons we can learn from Chicken Little? Absolutely. False alarms and fear mongering consume energy we can ill afford to waste, but should some sort of alarm be sounding

Of 257 cyber incidents reported by asset owners or trusted partners to the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2013, an overwhelming 56% occurred in the energy sector, exceeding all incidents reported in other sectors combined.  Notably, ICS-CERT last year responded to a “major cyber intrusion campaign” from […]