NIST

Several major power companies have launched a software assurance database that will serve as a software bill of materials (SBOM) repository for the power industry. Part of a long-sought solution to address a critical supply chain cybersecurity risk, the collaborative effort announced on Feb. 8 seeks to help vendors identify and remediate vulnerabilities in software […]

A Goldman Sachs private equity business is taking a stake in critical industry cybersecurity firm Fortress Information Security. The $125 million investment underscores a heightened awareness of supply chain vulnerabilities within the investor community. Fortress, which announced the investment from Goldman Sachs Asset Management Private Equity on April 19, said it also highlights a wider […]

  COMMENTARY Supply chain security is top of mind these days for policymakers and regulators focused on protecting the utility industry and other critical infrastructure. A cyber vulnerability with a single supplier can take down an entire supply chain network and the entities that use its products. The organizations that support and supply products and […]

Delivering energy has centered on the fundamental tenant of being reliably available. As energy providers strive to maintain that availability, they all too often push security to the backburner. Many unsafe practices have fallen into place for the sake of speed and efficiency, including the use of default and shared passwords, open access, and little […]

Cyber-attacks on industrial control systems (ICSs) are no longer a hypothetical. As pieced together by the Wall Street Journal, in 2017, Russian hackers attacked a small construction company, exploiting the organization’s connections with utilities and government agencies. Through an integrator, the hackers accessed computer-network credentials, giving them the ability to get into computer systems that […]

Lawmakers, industry, and government entities, including the Department of Energy (DOE) and the National Institute of Standards and Technology (NIST), this week released a string of measures responding to mounting cybersecurity attacks by state-sponsored actors. A Revised Cybersecurity Framework On April 16, the Commerce Department’s NIST, a federal standards laboratory, released an updated version of […]

Researchers have successfully demonstrated an open-source supervisory control and data acquisition (SCADA) system designed to withstand attacks and compromises on the power grid. The intrusion-tolerant system—called “Spire”—keeps power flowing even if part of the system is compromised, and it may be a breakthrough for grid resiliency, industry observers said. Spire was built from the ground […]

The National Institute of Standards and Technology (NIST) today released its final version of a national framework for improving critical infrastructure cybersecurity. The “living” document will be updated as industry reports back on its implementation. The “Framework for Improving Critical Infrastructure Cybersecurity” is essentially composed of a core, tiers, and profiles. The core presents five […]

A year ago, on Feb. 12, 2013, President Obama issued Executive Order 13636, titled “Improving Critical Infrastructure Cybersecurity.” The Executive Order instructed the National Institute of Standards and

A discussion draft of a preliminary cybersecurity framework posted by the National Institute of Standards and Technology (NIST) last week outlines several functions to protect industrial control systems, but it acknowledges that the power sector already engages in several cybersecurity practices and recommends that utilities opting to use the framework should leverage these rather than […]