SANS Survey Finds Cyber Threats to OT Environments Continue to Rise, Severity Reaches All-Time High
August 27, 2021 | Nozomi Networks
A growing majority of organizations have significantly matured their security postures since the last SANS OT/ICS survey in 2019. In spite of the progress, almost half (48%) don't know whether their organizations had been compromised. The survey echoes Nozomi Networks' own experiences with customers worldwide.    more

NERC, FERC Joint White Paper Highlights Supply Chain Vigilance, Offers Lessons Learned
July 7, 2021
NERC and FERC published a joint white paper, SolarWinds and Related Supply Chain Compromise, emphasizing the need for continued vigilance around supply chain compromises and incidents by the North American electricity industry. The paper, which highlights the lessons learned from recent supply chain compromises, recommends a series of specific cyber security mitigation actions to better ensure the security of the bulk power system. NERC and FERC encourage stakeholders to read the paper and consider applying the recommended strategies most appropriate to their circumstances. view white paper

Poll: Majority Strongly Supports Significant Federal Funding to Fortify Electric Grid Resilience
June 7, 2021 | Protect Our Power
A new poll, released on June 7 and commissioned by the electric grid security advocacy group Protect Our Power, reveals 86 percent of Americans believe the nation's electric power delivery system is vulnerable to cyber or physical attacks from foreign enemies, while 67 percent want to see strict oversight on electric grid components manufactured in nations known to be hostile to the U.S.    more

PNNL's Shadow Figment Technology Foils Cyberattacks
June 7, 2021
Scientists have created a cybersecurity technology called Shadow Figment that is designed to lure hackers into an artificial world, then stop them from doing damage by feeding them illusory tidbits of success. The aim is to sequester bad actors by captivating them with an attractive-but imaginary-world. The technology is aimed at protecting physical targets-infrastructure such as buildings, the electric grid, water and sewage systems, and even pipelines. The technology was developed by scientists at the U.S. Department of Energy's Pacific Northwest National Laboratory.    more

Protect Our Power Seeks Federal Funding for States, Electric Utilities to Harden U.S. Electric Grid Against Cyberattacks
May 12, 2021
"We've been warned repeatedly during the last several years by major U.S intelligence agencies that a crippling cyberattack on our critical infrastructure was not a question of if, but when," said Jim Cunningham, executive director of grid advocacy group Protect Our Power. "The Colonial pipeline cyberattack, on the heels of the SolarWinds attack, makes it clear that our electric infrastructure is vulnerable and in need of significant security upgrades. The devastating weather-related power outages in Texas in February demonstrates the financial and social costs of losing power even for a short period of time."    more

Understanding Cyber Attacks and Available Cybersecurity Technologies
April 15, 2021 | NRRI
The NRRI Insights paper describes how various technologies that produce and transmit data through connections to the grid create increased cybersecurity vulnerabilities. The growing connectivity between the grid and customer devices increases cybersecurity vulnerabilities and broadens the threat landscape by expanding the number of potential entry points through which malicious cyberattacks can be launched.    more

ABB Joins Forces with Nozomi Networks to Strengthen the Cybersecurity of Industrial Infrastructure Worldwide
March 30, 2021
ABB and Nozomi Networks Inc. this week announced an agreement to jointly address growing demand for improved Operational Technology (OT) cybersecurity solutions for energy, process and hybrid industries. As part of its cybersecurity portfolio, ABB will integrate Nozomi Networks' solutions for operational resiliency and real-time network visibility to assist ABB's global automation and digitalization customers.    more

A Guide for Public Utility Commissions: Recruiting and Retaining a Cybersecurity Workforce
February 23, 2021 | National Association of Regulatory Utility Commissioners (NARUC)
NARUC's guide serves as an important tool to enable state public utility commissions to develop or expand cybersecurity proficiencies, understand how cyber experts typically function in a PUC environment and identify needed skill sets. The guide also provides other resources such as recruitment, retention and alternative tactics and examples of cybersecurity job descriptions.    more

NREL Positions for Growth in Cybersecurity for Renewables, Launches New Program Office
January 12, 2021
The National Renewable Energy Laboratory (NREL) recently announced the launch of the new Cybersecurity Program Office (CPO). The CPO was established to accelerate NREL's leadership in securing renewable energy technologies and distributed energy systems.    more

Secretary of Energy Signs Order to Mitigate Security Risks to the U.S. Electric Grid
December 18, 2020
The prohibition order prohibits utilities that supply critical defense facilities (CDFs) at a service voltage of 69kV or above from acquiring, importing, transferring, or installing BPS electric equipment, and is specific to select equipment manufactured or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the People's Republic of China.    more

Hitachi ABB Power Grids Creates Research and Development Center In Montréal Focused on Cybersecurity, Machine Learning and Artificial Intelligence
December 10, 2020
Part of Hitachi ABB Power Grids' research arm, the new Center will develop key competencies in major technology disciplines related to cybersecurity, machine learning and data analytics, and contribute to product and solution developments in these fields. The Digital Power Grid Center will be the company's seventh research location, joining with existing R&D centers in China, Poland, Sweden, Switzerland, Germany and the United States.    more

Atlantica Digital and NanoLock Security Partner to Protect Tens of Millions of Smart Meters and Connected Devices in Italy and throughout Europe
December 3, 2020
Operating primarily in Europe, Atlantica Digital is currently managing over 13 million smart meters, in addition to smart lighting and industrial devices. Atlantica Cybernext, the sister company of Atlantica Digital, has created a next generation Security Operations Center (SOC), which includes the NanoLock-enabled managed security service, to serve its customers with the most technologically advanced solutions for protecting their business and infrastructure.    more

Honeywell And Nozomi Networks Announce Partnership To Significantly Strengthen Operational Technology Cybersecurity
November 23, 2020
The partnership combines Nozomi Networks' OT & Internet of Things (IoT) security and visibility capabilities with the strengths of Honeywell Forge Cybersecurity software, professional consulting and managed security services from Honeywell. It will offer comprehensive solutions to manage cybersecurity compliance and reduce the risk of downtime due to cyberattacks.    more

U.S. Department of Energy Launches Program to Enhance Partnerships Between Government and Critical Infrastructure
November 5, 2020
The OT Defender Fellowship is a year-long program for operational technology security managers throughout the energy sector to engage with cyber and national security experts across the U.S. government. Participants will gain a greater understanding of the strategies and tactics of America's adversaries and how U.S. government cyber operators defend the nation.    more

U.S. Department of Energy to Hold Sixth CyberForce Competition
October 21, 2020
As in previous events, competitors will defend cyber systems of simulated critical infrastructure against threats modeled on those faced by the energy sector today. This year, the scenario involves a wind energy company in charge of over 20,000 megawatts of electricity generation that has been experiencing abnormal network activity.    more

NRECA Earns $6 Million DOE Grant to Boost Electric Co-op Cybersecurity Readiness
September 30, 2020
Known as Essence 2.0, the three-year project will deploy a revolutionary cyber monitoring tool to NRECA's member cooperatives. Essence 2.0 enables machine-to-machine learning and is designed to quickly detect and share information about anomalies in utility network traffic that may be the result of a cyber breach. The technology also provides specific information that allows for isolation and definition of the breach characteristics for sharing with others in the industry to determine if a breach is a larger, coordinated attack by adversaries.    more

FERC, NERC Staff Outline Cyber Incident Response, Recovery Best Practices
September 15, 2020
The joint staffs of FERC and NERC, and the NERC Regional Entities, developed the report after interviewing subject matter experts from eight electric utilities of varying size and function. The report includes the joint staffs' observations on their defensive capabilities and on the effectiveness of their Incident Response and Recovery (IRR) plans.    more

The U.S.-Israel Energy Center Announces Funding Opportunity for Energy Infrastructure Cybersecurity Cooperation
August 17, 2020
Commercial companies, research institutes, and universities from the United States and Israel are encouraged to form consortia of at least two entities from each country and apply for the award. The maximum award for the winning consortium is $6 million for a period of 3 years, subject to funding appropriations. A 50 percent cost-share is required from the awardees. The program may be extended for up to 2 additional years (for a total of 5 years, with a maximum total award of $10 million).    more

RMI Report: Addressing Catastrophic Threats to the US Electric Grid
July 20, 2020
Historical approaches to ensuring grid security in the United States are proving to be poorly suited to the emerging, catastrophic threats facing the grid. They are also incongruous with the ongoing technological transition that is rapidly reshaping the electric power industry as we know it. But by embracing the present era of energy transition as an opportunity, not a threat, the report lays out unique and timely strategies to reimagine and improve the resilience of the US electric grid.    more

Microsoft Acquires IoT/OT Security Leader CyberX to Enable Unified Security Across Converged IT and Industrial Networks
June 24, 2020
By integrating the CyberX platform with the Azure IoT stack, Azure Security Center for IoT, and Azure Sentinel, the first SIEM with native IoT support, Microsoft will now provide a simpler approach to unified security governance across both IT and industrial networks, as well as end-to-end security across managed and unmanaged IoT devices.    more

Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert
June 15, 2020
Cybereason recently published findings from its newest honeypot that was created to analyze the tactics, techniques, and procedures used by hackers to target critical infrastructure providers. This project has shown hackers have adopted multistage ransomware attacks as part of hacking operations against industrial control systems (ICS).    more

National Grid Partners Announces New Investments in Two Security Leaders
June 8, 2020
Launched in late 2018 as the utility industry's first Silicon Valley-based corporate venture group, NGP now has invested $154 million in 19 startups, plus three strategic funds in the US, UK and Israel. NGP is the lead investor in more than half its deals, including both announced recently.    view white paper

Cyberspace Solarium Commission Issues "Cybersecurity Lessons from the Pandemic" White Paper
June 4, 2020
Among other recommendations, the white paper calls for enacting an Internet of Things Security law to enhance the security of the electric grid. As noted by Protect Our Power, this law is of critical importance, as more than 50 billion devices will soon be interconnected, each providing a potential pathway to the grid. This will become increasingly critical as more people work from home following the pandemic.    view white paper

Fortress Information Security Adds New Partner In Securing U.S. Power Grid
June 2, 2020
The Asset to Vendor Network for Power Utilities (A2V) earlier this week announced the group's first new partner. Founded by Fortress Information Security (Fortress) and American Electric Power (AEP), A2V was formed to create a security partnership that allows power companies to share vital cyber-threat information and bolster cyber defenses. Atlanta-based Southern Company has signed on as the first new partner of the group.    more

GridUnity Certified Compliant with Cybersecurity Standard
May 7, 2020
GridUnity recently announced that it has received their Federal Information Security Management Act (FISMA) compliance audit, passing without a single compliance issue. GridUnity's software enables the intelligent incorporation of renewable energy sources into the electric grid. This audit verifies that GridUnity ensures the highest level of data security by following a stringent set of baseline security controls from the National Institute of Standards and Technology (NIST) Special Publication 800-171.    more

Protect Our Power Welcomes Executive Order to Secure Electric Power System
May 4, 2020
"This Executive Order is an important first step -- one that Protect Our Power supports -- to address dangerous cyber-related vulnerabilities in the electric sector supply chain," says Jim Cunningham, executive director of Protect Our Power. "The order highlights a looming threat that Protect Our Power and other security experts have identified for some time now.    more

U.S. Department of Energy Announces $25 Million for Grid Management Systems and Risk Assessment Systems
April 23, 2020
The DOE recently announced $25 million in funding for 10 projects as part of the Performance-based Energy Resource Feedback, Optimization, and Risk Management(PERFORM) program. These projects will work to develop innovative management systems that represent the relative delivery risk of each asset, like wind farms or power plants, and balance the collective risk of all assets across the grid.    more

NARUC Releases Two New Cybersecurity Manual Resources
April 21, 2020
“The threat posed by cybersecurity incidents is very real, and it is essential that regulators have a clear understanding of the work being done by our utilities to safeguard vital systems and address current and future cyber threats,” said Chairman Gladys Brown Dutrieuille, Pennsylvania PUC and Chair of the NARUC Critical Infrastructure Committee. “The more our PUCs are educated on these issues, the better we are able to evaluate current issues and target future enhancements.”    more

NERC Files Motion to Defer Implementation of Seven Reliability Standards Due to COVID-19
April 7, 2020
NERC has filed a motion with FERC to defer the implementation of several Reliability Standards that have effective dates or phased-in implementation dates in the second half of 2020. This action is a measure to help assure grid reliability amid the impacts posed by the coronavirus outbreak.    more

GridEx V Report Recommends Emergency Response Plan Reviews, Enhanced Cross-Sector Coordination
April 2, 2020
Utilities and Reliability Coordinators should review their emergency response plans to account for the complex collaboration with all levels of government in North America that would be required should a grid security event occur, NERC recommended in its GridEx V after-action report. NERC held a two-day grid security exercise, which had 7,000 participants from across North America - including industry and U.S. and Canadian government partners - in November 2019.    more

ResilientGrid Launches Quick Start Program for Remote Visualization of Grid Operations
March 30, 2020
The solution is designed to help utilities get through this gap period of widespread telework caused by the COVID-19 virus. It allows remote employees who need real-time awareness of the state of the grid to have it, while reducing the impacts to their IT networks and maintaining compliance with their licenses, in a way that is compliant with the industry's complex cybersecurity regulations.    more

Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure
March 24, 2020
A new Newsweek Vantage survey finds as critical infrastructure organizations converge their IT, OT, IoT and physical systems to improve overall performance, employees are the biggest threat to cyber and physical security. Respondents report that 85% of security incursions made their way into OT networks - of those, 36% started in IT/data systems and 32% involved physical incursion into OT.    more

Grid Resilience Key to Effective Cybersecurity Plan; Cyberspace Solarium Commission Report Highlights Need to Protect Critical Infrastructure
March 13, 2020
One key recommendation: Congress should codify the concept of "systemically important critical infrastructure," whereby entities responsible for systems and assets that underpin national critical functions are ensured the full support of the U.S. government and shoulder additional security requirements befitting their unique status and importance.    more

Researcher Identifies Vulnerabilities in the Smart Grid's Intelligent Electronic Devices
February 26, 2020
The research focuses on assessing the security of the smart grid's IEDs and led to the creation of BinARM, a new security technology. "It's the first large-scale vulnerability database especially for firmware on smart devices," says Paria Shirani, a PhD candidate at Concordia University's Security Research Centre in Montreal. "It's also a multi-stage detection engine that identifies vulnerabilities in three orders of magnitude faster than all existing approaches."    more

FERC Launches Look into Virtualization, Cloud Services for Power Grid Operations
February 24, 2020
Virtualization is the process of creating virtual versions of computer hardware to minimize the amount of physical computer hardware resources needed to perform various functions. It is considered necessary if the functions of grid cyber systems are to be moved to a cloud computing environment.    more

NERC Publishes Annual Report Highlighting ERO Enterprise Transformation, Effectiveness and Efficiency Efforts
February 10, 2020 | NERC
NERC's 2019 Annual Report highlights the ERO Enterprise's efforts to assure the effective and efficient reduction of risks to the bulk power system in the face of a changing reliability and security ecosystem.    view report

Tripwire and Eaton Technology Partnership Strengthens Cybersecurity Compliance for U.S. Utilities
January 29, 2020
With this partnership, Tripwire and Eaton are making it easier and faster for U.S. utilities to comply with evolving cybersecurity requirements, including North American Electric Reliability Corporation critical infrastructure protection (NERC CIP).    more

The Future of Cyber Compliance: Insights from the 2019 Utility Cyber Security Forum
January 15, 2020
"Many people that we talk to have come to understand that you can't secure or achieve NERC or any other compliance on things which you can't see," said Michael Rothschild, Director of Marketing at Indegy. "Understanding what is in your OT environment and what it is doing is an ongoing challenge for most utilities. Navigating this the complexity requires organization-wide accountability and a granular view into what is happening in the OT environment."    more

"At FERC, we are charged with overseeing the development and enforcement of cybersecurity standards for the nation's high-voltage transmission system and jurisdictional hydroelectric facilities," FERC Chairman Neil Chatterjee said. "This new security group in OEP and the realignment in OER will consolidate the cybersecurity staff into a division that focuses solely on cyber."    more

To bolster the cybersecurity of the electric grid nationally, a new study identifies how states and state utility commissions can use existing tools to break down barriers that leave the distribution system vulnerable to massive disruption. The study was conducted by the Vermont Law School's Institute for Energy and the Environment (IEE) for the non-profit grid advocacy group Protect Our Power.    more

The transaction included an equity investment in IPKeys by EnerTech Capital, a venture capital firm focused on energy innovation and technology in areas including Network/Grid Edge, Industry 4.0 and Mobility.    more

Fortress Information Security (Fortress) recently announced the launch of the Asset to Vendor Network for Power Utilities (A2V), a joint venture with American Electric Power. A2V is designed to address concerns about protecting the U.S. power grid from cyber threats by promoting collaboration among electric companies. A2V will help reduce the costs associated with cybersecurity regulatory compliance in an effort to cope with budgetary limitations.    more

The U.S. Department of Energy will host its fifth CyberForce Competition on Nov. 16. The event, held at 10 of the DOE's national laboratories across the United States, will challenge 105 college teams to defend a simulated energy infrastructure from cyber-attacks.    more

Within the scope of this contract, Booz Allen will conduct penetration testing on enterprise network assets, operate a highly efficient incident response and monitoring program, respond to crises or urgent situations, and provide critical risk and vulnerability assessments. Booz Allen will concurrently collaborate with the greater community for information that reveals potential vulnerabilities within DOE networks.    more

During the exercise, participants will remotely respond to simulated cyber and physical events to determine how their organizations, including governors and states, might respond in a real-world event. Governors play critical roles during widespread electric grid outages and NGA's project will help participating states improve their ability to respond and recover from these incidents, enhance emergency communications, build relationships with electricity and other critical infrastructure operators, and identify infrastructure resilience needs.    more

Zurich-based ASEA Brown Boveri (ABB) has joined forces with IT companies including Microsoft, Israel-based cybersecurity firm SCADAfence and players such as Check Point Software and Fortinet to form the world's first industry group focused on improving cyber risk posture by providing tangible architectural, implementation and process guidelines to operational technology (OT) operators.    more

Now in its third year, CyberX's report is based on analyzing real-world traffic from more than 1,800 production IoT/ICS networks across a range of sectors worldwide, making it a more accurate snapshot of the current state of IoT/ICS security than survey-based studies.    more

"The Commission today directed the state's utilities and third-party energy suppliers to provide appropriate cybersecurity protections without erecting significant barriers to development of new energy markets as envisioned by REV," said Commission Chair John B. Rhodes. "Our new approach will provide a universal foundation of cybersecurity and data privacy requirements that will encourage a vibrant energy marketplace."    more

The project will use the Structured Threat Information Expression (STIX) standard, geographic information system (GIS) layering and efficacy measures to enable operational technology (OT) systems components to determine the next logical threat when an incident occurs.    more

Protect Our Power Executive Director Jim Cunningham issued the following statement on October's designation as National Cybersecurity Awareness Month. Protect Our Power is a national not-for-profit organization whose mission is to strengthen the reliability and resilience of the U.S. electric grid.    more

Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid
August 2019 | GAO
The U.S. GAO report recommends that the Secretary of Energy, in coordination with DHS and other relevant stakeholders, should develop a plan aimed at implementing the federal cybersecurity strategy for the electric grid and ensure that the plan addresses the key characteristics of a national strategy, including a full assessment of cybersecurity risks to the grid.    more

The Industrial Internet Consortium (IIC), now incorporating OpenFog, has announced the Security Maturity Model (SMM) Practitioner's Guide, which provides detailed actionable guidance enabling IoT stakeholders to assess and manage the security maturity of IoT systems. Along with the publication of the SMM Practitioner's Guide is an update to the IoT SMM: Description and Intended Use White Paper, which provides an introduction to the concepts and approach of the SMM.    more

According to Xage Security, the company's Xage Enforcement Point (XEP), for the first time, enables role-based access control and single sign-on for every device, from legacy control systems to the newest IoT machines -- even those previously lacking any access control protection.    more

The Internet of Things Security Institute (IoTSI) announced today that it has released an IoT Security Framework for Smart Cities and Critical Infrastructure. Alan Mihalic President of the IoT Security Institute says the objective of the IoTSI 's to provide the cyber and privacy frameworks that can be implemented from the base build through to the build completion.    more

A team of researchers from the Department of Energy's Oak Ridge and Los Alamos National Laboratories has partnered with EPB, a Chattanooga utility and telecommunications company, to demonstrate the effectiveness of metro-scale quantum key distribution (QKD) as a means of secure communication for the nation's electricity suppliers. This initial milestone is part of the team's three-year project focused on next-generation grid security.    more

The study, conducted for Protect Our Power by the law school's Institute for Energy and the Environment (IEE), recommends that state utility commissions exercise their authority to increase the flow of confidential information regarding vulnerabilities and best practices. It also identifies the diversity of regulatory approaches to cybersecurity regulation by utility commissions across the country as a concern that warrants attention and improvement.    more

Recently (2/6), the U.S. Department of Energy's Office of Energy Efficiency and Renewable Energy (EERE) announced their intent to issue a Funding Opportunity Announcement entitled "Clean Energy Manufacturing Innovation Institute: Cybersecurity in Energy Efficient Manufacturing."    more

Under the terms of the agreement, Schneider Electric will collaborate with Nozomi to provide customers in the industrial manufacturing and critical infrastructure segments advanced anomaly detection, vulnerability assessment and other cybersecurity solutions and services, helping them to control, prevent and mitigate risks to their operations and business performance.    more

The New York Power Authority (NYPA) announced recently the authorization of nearly $16 million in funding for two major information technology initiatives. The first is targeted for hybrid computer storage and is designed to cover several Life Extension and Modernization measures to refresh and sustain data center infrastructure as well as wired and wireless networking technologies; the second initiative is designed to bolster existing cyber security measures to protect NYPA from constantly evolving threats.    more