products:

Sorry,

there are no posts to show...


Helpful Resources

News:

On July 21, 2016, the North American Electric Regulatory Commission (NERC) was given a directive to develop new risk management standards aimed at addressing risks to the information systems in the supply chain of electric system assets. The new standards will cover risks related to remote vendor access, software integrity and authenticity, vendor risk management, procurement controls, and more.

The Federal Energy Regulatory Commission (FERC) issued the new directive to NERC and they also issued a Notice of Inquiry (NOI) to collect input from the public about the protection of highly-sensitive control centers that monitor and control the bulk electric system in real-time. This NOI showed particular interest in remote vendor access and application whitelisting and referred to the recent successful attack on the Ukraine power grid as an example of the risks that need to be addressed in the current Critical Infrastructure Protection (CIP) standards.

Advanced malware has been increasingly threatening  Industrial Control Systems (ICS) in the energy industry in several recent incidents, including the well-studied Ukraine power grid attack and a recent attack on the Gundremmingen nuclear power plant. A highly-destructive type of malware known as ransomware has also recently impacted facilities like the Lansing Board of Water and Light (BWL) in Michigan.

Ransomware is a particularly dangerous and relatively new threat to ICS systems. A report from The Institute for Critical Infrastructure Technology (ICIT) emphasizes the risk: “if a SCADA or ICS system in an energy, utilities or manufacturing organization becomes infected with ransomware, then lives could be jeopardized in the time it takes to investigate the incident and return the systems to operation.” The report identifies endpoint security solutions as essential to preventing ransomware attacks, stating, “without adequate investment in bleeding-edge endpoint security solutions, ransomware will likely cause more significant harm much sooner.”

Learn more about how to prevent ransomware attacks with endpoint security.

Both of the new initiatives to continue to develop the NERC-CIP standards and to gain valuable insight from experts in the industry are important steps in securing the systems that monitor and control the generation and transmission of North America’s power. Improving security standards for the communications that connect the system-critical power control centers to the outside world is crucial to reducing the ICS attack surface and mitigating future attacks on the power grid.

Industry experts are encouraged to submit comments to the FERC and support this initiative by reading the NOI here.
Subscribe to CyberSheath’s blog for future important updates on NERC-CIP risks and solutions from our security professionals working in NERC-CIP regulated industries.

FAQs:

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.