products:

Sorry,

there are no posts to show...


Helpful Resources

News:

On July 21, 2016, the North American Electric Regulatory Commission (NERC) was given a directive to develop new risk management standards aimed at addressing risks to the information systems in the supply chain of electric system assets. The new standards will cover risks related to remote vendor access, software integrity and authenticity, vendor risk management, procurement controls, and more.

The Federal Energy Regulatory Commission (FERC) issued the new directive to NERC and they also issued a Notice of Inquiry (NOI) to collect input from the public about the protection of highly-sensitive control centers that monitor and control the bulk electric system in real-time. This NOI showed particular interest in remote vendor access and application whitelisting and referred to the recent successful attack on the Ukraine power grid as an example of the risks that need to be addressed in the current Critical Infrastructure Protection (CIP) standards.

Advanced malware has been increasingly threatening  Industrial Control Systems (ICS) in the energy industry in several recent incidents, including the well-studied Ukraine power grid attack and a recent attack on the Gundremmingen nuclear power plant. A highly-destructive type of malware known as ransomware has also recently impacted facilities like the Lansing Board of Water and Light (BWL) in Michigan.

Ransomware is a particularly dangerous and relatively new threat to ICS systems. A report from The Institute for Critical Infrastructure Technology (ICIT) emphasizes the risk: “if a SCADA or ICS system in an energy, utilities or manufacturing organization becomes infected with ransomware, then lives could be jeopardized in the time it takes to investigate the incident and return the systems to operation.” The report identifies endpoint security solutions as essential to preventing ransomware attacks, stating, “without adequate investment in bleeding-edge endpoint security solutions, ransomware will likely cause more significant harm much sooner.”

Learn more about how to prevent ransomware attacks with endpoint security.

Both of the new initiatives to continue to develop the NERC-CIP standards and to gain valuable insight from experts in the industry are important steps in securing the systems that monitor and control the generation and transmission of North America’s power. Improving security standards for the communications that connect the system-critical power control centers to the outside world is crucial to reducing the ICS attack surface and mitigating future attacks on the power grid.

Industry experts are encouraged to submit comments to the FERC and support this initiative by reading the NOI here.
Subscribe to CyberSheath’s blog for future important updates on NERC-CIP risks and solutions from our security professionals working in NERC-CIP regulated industries.

FAQs:

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO