NERC – WindowsTechs.com

Federal incentives could help utilities overcome major cybersecurity hurdle: money

Posted on June 22, 2023 by Christian Vasquez

A new rule that would give electric utilities incentives for investing in cybersecurity is set to go into effect next month.

The post Federal incentives could help utilities overcome major cybersecurity hurdle: money appeared first on CyberScoop.

Continue reading Federal incentives could help utilities overcome major cybersecurity hurdle: money→

Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says

Posted on April 13, 2021 by Sean Lyngaas

About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday. The electric utilities did not report any significant follow-on activity from the hackers, but the broad exposure of the sector points to the challenges of protecting utilities from supply-chain breaches. A minority of the electric-sector organizations that downloaded the malicious code used the affected SolarWinds software in their “operational technology” networks, a broad term for more sensitive software and hardware used to manage industrial operations, according to the North American Electric Reliability Corp. NERC is a not-for-profit regulatory authority backed by the U.S. and Canadian governments. But Manny Cancel, a senior vice president at NERC, said clear communication on the espionage campaign from the U.S. government helped the sector to reduce its exposure to any […]

The post Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says appeared first on CyberScoop.

Continue reading Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says→

Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are

Posted on December 23, 2020 by Sean Lyngaas

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector. The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec. 22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems. But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC. “At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads the advisory, which CyberScoop obtained. “However, the presence of SolarWinds […]

The post Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are appeared first on CyberScoop.

Continue reading Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are→

North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors

Posted on April 1, 2020 by Sean Lyngaas

A November drill involving electric utilities across North America mimicked the disruptive malware used to cut power in Ukraine in 2016, testing operators’ ability to expunge the malicious code from their systems. The fictional scenario, revealed Tuesday in a press briefing on the exercise, saw the malware compromise the industrial control systems that utilities use to manage their operations. An electric equipment vendor helped the utilities replace some of the industrial computers that had been “bricked,” or rendered useless, by the malware. (The code was not actually executed on live systems; it was all simulated.) The intense scenario forced participants to “start implementing their incident response plans” and “really upped the training value for many utilities,” said Matt Duncan, an official at the North American Electric Reliability Corp., the regulator that runs the biennial drill, known as GridEx. It is an example of the greater lengths that many utilities go […]

The post North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors appeared first on CyberScoop.

Continue reading North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors→

‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Posted on November 13, 2019 by Sean Lyngaas

Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them. Participants, which will also include natural gas companies […]

The post ‘GridEx’ offers stiff security test for an industry that welcomes the challenge appeared first on CyberScoop.

Continue reading ‘GridEx’ offers stiff security test for an industry that welcomes the challenge→

5 Challenges Utilities Will Face in Preparing for New FERC Security Standards

Posted on December 7, 2018 by Kacy Zurkus

Since the attack on the power grid in Ukraine, defending critical infrastructure against the threat of cyberattack has become a top priority. In an effort to strengthen supply chain risk management within the energy sector, the Federal Energy Regulato… Continue reading 5 Challenges Utilities Will Face in Preparing for New FERC Security Standards→

Utilities will have stricter cybersecurity reporting requirements under new ruling

Posted on July 19, 2018 by Zaid Shoorbajee

U.S. regulators are laying down stricter reporting requirements for electrical utilities that experience cybersecurity lapses. The Federal Energy Regulatory Commission (FERC) said Thursday that utilities will have to report attempts by attackers, even if they don’t have an immediate effect, that ultimately make it easier to “harm reliable operation of the nation’s bulk electric system.” Current requirements only make utilities report incidents that result in an actual compromise or disruption. “Cyber threats to the bulk power system are ever changing, and they are a matter that commands constant vigilance,” FERC Chairman Kevin McIntyre said in a statement. “Industry must be alert to developing and emerging threats, and a modified standard will improve awareness of existing and future cyber security threats.” The new standards will come by way of the North American Electric Reliability Corporation (NERC), a quasi-governmental body that implements FERC’s rulings for electrical utilities. NERC will have to develop standards […]

The post Utilities will have stricter cybersecurity reporting requirements under new ruling appeared first on Cyberscoop.

Continue reading Utilities will have stricter cybersecurity reporting requirements under new ruling→

Category Archives: NERC