US Cybersecurity and Infrastructure Security Agency (CISA): Guidance On The Essential Critical Infrastructure Workforce

As the Nation comes together to slow the spread of COVID-19, on March 16th the President issued updated Coronavirus Guidance for America that highlighted the importance of the critical infrastructure workforce. The Cybersecurity and Infrastructure Security Agency (CISA) executes the Secretary Read More …

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had Read More …

Estonia’s Elering joins ENCS to bolster EU cybersecurity

Estonia’s national Transmission System Operator (TSO) for electricity and natural gas, Elering, has become the latest member of the European Network for Cyber Security (ENCS) to strengthen the energy sector’s cyber defences. Elering is responsible for the functioning of the Read More …

Critical Remote Code-Execution Bugs Threaten Global Power Plants

Siemens industrial equipment commonly found in fossil-fuel and large-scale renewable power plants are riddled with multiple security vulnerabilities, the most severe of which are critical bugs allowing remote code-execution. The affected product is SPPA-T3000, a distributed control system used for Read More …

The energy industry practices for a ‘black swan’ cyberattack that could take down the grid

More than 6,500 government officials and big players in the energy sector came together this week to conduct a simulated cyberattack on the electrical grid. The event is called GridEx, and takes place every two years. It imagines the U.S. Read More …

Cyber-security incident at US power grid entity linked to unpatched firewalls

A cyber-security incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) said last week. In a report highlighting the “lessons learned” from a past Read More …

FERC, NERC propose to publicly identify utilities violating cybersecurity standards

Safeguarding the U.S. power grid against a potential cyberattack remains a high priority for regulators and utilities alike. While there has been no loss of load in North America from a cyberattack, the threat is at an all-time high, according to Read More …

ACSC helps power energy sector’s cybersecurity capabilities

The Australian Cyber Security Centre (ACSC) has plugged into energy sector organisations and government agencies to help power their cybersecurity capabilities. The nationwide program — which started in November 2018 – aims to improve the energy industry’s cyber threat resilience and responses. Read More …

AMEO ‘concerned’ about nation-state attacks on power grids

“For the energy sectors and critical infrastructure sectors, particularly around electricity, we are concerned about nation-state actors,” says Tim Daly, chief security officer (CSO) for the Australian Energy Market Operator (AEMO). “Nation-states are looking to have capability and implants that Read More …