Blog Posts Tagged with "Utilities"
November 18, 2012 Added by:Michele Westergaard
Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...
October 11, 2012 Added by:Brent Huston
I was recently engaged with some critical infrastructure experts on Twitter. We were discussing a quick and dirty set of basic tasks that could be used an approach methodology for helping better secure the power grid and other utilities. There was a significant discussion and many views were exchanged...
September 16, 2012 Added by:Brent Huston
Utilities have been computerizing their SCADA systems for years now. This has allowed them to save money, time and manpower and has increased their situational awareness and control flexibility. However, industrial control systems are usually not very robust and also very ‘dumb...
September 09, 2012 Added by:David Navetta
Maine has been one of the most aggressive states to pursue widespread implementation of smart utility meters for customers throughout the state, but not all utility customers have embraced smart meters despite consumers concerns over privacy issues...
September 06, 2012 Added by:David Navetta
Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...
August 07, 2012 Added by:Larry Karisny
From securing Intrusion Prevention Systems (IPS) that now must securely encrypt the new end point of nano sensors chip sets to Intrusion Detection Systems (IDS) that must now be able to view real time event anomalies and business processes, this discussion showed the need for security technology change...
July 19, 2012 Added by:Headlines
“The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today’s environment where new cyber threats continue to emerge. Adoption by the electric sector will further protect critical infrastructure and... provide an invaluable view of the industry’s cybersecurity capabilities.”
July 15, 2012 Added by:Ben Rothke
Protecting “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters”...
June 20, 2012 Added by:Infosec Island Admin
“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...
May 31, 2012 Added by:Headlines
"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas..."
May 23, 2012 Added by:Headlines
“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."
May 16, 2012 Added by:Larry Karisny
A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...
April 27, 2012 Added by:Joe Weiss
The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...
April 24, 2012 Added by:Infosec Island Admin
Social engineering attempts can be highly targeted and conducted in a way that is much more difficult to detect than the spam and phishing emails we receive in our inbox. Phone-based social engineering attempts were recently experienced at two or more power distribution companies...
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Paying Lip Service (Mostly) to User Educatio... Electra Melina on 01-29-2015
Digital Reputation: Can’t Buy it, Gotta Ea... Eden Connie on 01-29-2015
Writing Mandatory Procedures for ISO 27001 /... sarakfeely B on 01-29-2015