Collaborate Disseminate
In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) a… Continue reading FERC Releases Staff Report on Lessons Learned from CIP Audits
Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10… Continue reading Zerologon: Tripwire Industrial Visibility Threat Definition Update Released
One of our customers (you know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020. NERC seldom releases guidan… Continue reading NERC Publishes Practice Guide for assessing SVCHOST.EXE
Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its … Continue reading Joint “CYPRES” Report on Incident Response Released by FERC
The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. Thes… Continue reading Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly
On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the grid as the primary drive… Continue reading A Look at Trump’s Executive Order to Secure the Bulk Power System
Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension … Continue reading FERC Approves Deferment of 3 CIP standards
Arguably, the first malware extortion attack occurred in 1988 – the AIDS Trojan had the potential to be the first example of ransomware, but due to a design flaw, the victims didn’t end up actually having to pay up the 189 bucks. It’s… Continue reading We Want You! Win the War on Ransomware Today
With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but … Continue reading To Be or Not to Be: BCSI in the Cloud?
Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and proce… Continue reading CIP-003-7: Transient Cyber Assets and Removable Media in 2020