Subscribe to Email Updates

TOPICS
INDUSTRY

Amplified Perspectives

Today’s trending topics explored by key industry leaders.

FERC Issues Final Rule on Protection System Coordination, Personnel Training in Order 847

On June 7, 2018, FERC issued Order 847, a final rule for “Coordination of Protection Systems for Performance During Faults and Specific Training for Personnel Reliability Standards.” The final rule approved Reliability Standards PRC-027-1 (Coordination of Protection Systems for Performance...

Corporate Networks Prove Highly Vulnerable to Attacks

According to a recent report by an enterprise security solution provider, corporate networks are highly vulnerable to attacks that would give hackers full control of their infrastructure. The report outlines a study of 22 security assessments of corporate information systems at companies across...

VPNFilter Malware Targets Critical Infrastructure in Ukraine

Early in July, Ukraine’s SBU security service claimed it stopped an attack on network equipment belonging to the LLC Aulksa chlorine plant in central Ukraine. The attack appears to have been intended to disrupt plant operations. Specifically, the alleged plan was to block the function of the...

Order 843 and CIP-003-7: How They Will Impact Low Sites

On April 25, 2018, the Federal Energy Regulatory Commission (FERC) published Order 843, effectively approving CIP-003-7 standards. An issued effective date of Jan. 1, 2020, has been released. So you might be wondering, “How do the new standards affect my current low sites?”

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Our firm recently partnered with the University of Southern Maine Department of Engineering faculty and students to develop and execute an interactive substation cybersecurity demonstration, during which participants experienced real-time attack scenarios. Throughout the semester, the dual...

If Ransomware Strikes, Will You Be Protected?

On April 24, 2018, hackers compromised the website of the Ukrainian energy and coal ministry. A message was posted to the site demanding a ransom be paid in Bitcoin to recover the encrypted files. This appears to have been an isolated attack that did not impact any other areas of the Ukrainian...

Building “Impenetrable” Cybersecurity Systems With Penetration Testing

Utilities often focus on offline or passive methods of assessing and protecting their systems. Being able to analyze configurations and evaluate access control lists is a worthwhile pursuit, and it does give utilities a sense of how secure individual systems are at a specific point in time.

FERC Approves Reliability Standards EOP-004-4, EOP-006-3 and EOP 008-2

On Jan. 18, 2018, the Federal Energy Regulatory Commission (FERC) issued Order 840 addressing Emergency Preparedness and Operations Reliability Standards. The final rule approved:

Start Sooner to Get More Out of Security System Commissioning

Commissioning — the process that verifies a substation security system operates in a manner consistent with its design — commonly starts in the final weeks before the system is handed over to the security operation center. But that can be a mistake.

Understand and Prepare for Advanced Persistent Threats in Cybersecurity

Advanced persistent threats (APT) are long-term attacks focused on a specific entity or industry. They include a set of covert and continuous computer hacking processes. The term “advanced” refers to the planning and strategy to stay under the radar; “persistent” refers to the ongoing process...

Control Center Communication Networks and CIP-012-1

The NERC Urgent Action (UA) 1200 Standard, a temporary standard developed by the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection Advisory Group and approved on Aug. 13, 2004, was the first set of standards designed to address critical infrastructure protection...

Malware Attacks on Critical Infrastructure Security Are Growing

Over the past several years, the world has seen an increase in the use of malware to directly and maliciously affect critical infrastructure. In 2012, a piece of malware known as Shamoon was used to overwrite the hard drives of some 30,000 computers at Saudi Aramco, the Saudi Arabian national...

Low-Impact Requirements: Counting Down to Enforcement of CIP-003-6

Sept. 1, 2017, marked the start of the one-year countdown to enforcement of the CIP-003-6 low-impact requirements covering Physical Security Controls and Electronic Access Controls. While an entire year might seem like a long time, meeting that deadline still could be a challenge for some.

Leave a comment

Written by