Moody’s Rating adds telecoms, airlines, utilities to highest risk category

The financial ratings service says industry digital reliance increases cyber risk.

The post Moody’s Rating adds telecoms, airlines, utilities to highest risk category appeared first on CyberScoop.

Continue reading Moody’s Rating adds telecoms, airlines, utilities to highest risk category

Mattis: Don’t create separate military cyber service

The former defense secretary said U.S. Cyber Command needs emergency authority to be able to operate inside the United States.

The post Mattis: Don’t create separate military cyber service appeared first on CyberScoop.

Continue reading Mattis: Don’t create separate military cyber service

How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

The U.S. government officials trying to test the country’s ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn’t in the script. Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data. In October, though, COVID-19 forced planners from the departments of Defense and Energy to figure out how to run the event virtually, with participants plugged in from around the country. And they used the […]

The post How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic appeared first on CyberScoop.

Continue reading How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors

A November drill involving electric utilities across North America mimicked the disruptive malware used to cut power in Ukraine in 2016, testing operators’ ability to expunge the malicious code from their systems. The fictional scenario, revealed Tuesday in a press briefing on the exercise, saw the malware compromise the industrial control systems that utilities use to manage their operations. An electric equipment vendor helped the utilities replace some of the industrial computers that had been “bricked,” or rendered useless, by the malware. (The code was not actually executed on live systems; it was all simulated.) The intense scenario forced participants to “start implementing their incident response plans” and “really upped the training value for many utilities,” said Matt Duncan, an official at the North American Electric Reliability Corp., the regulator that runs the biennial drill, known as GridEx. It is an example of the greater lengths that many utilities go […]

The post North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors appeared first on CyberScoop.

Continue reading North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors

‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them. Participants, which will also include natural gas companies […]

The post ‘GridEx’ offers stiff security test for an industry that welcomes the challenge appeared first on CyberScoop.

Continue reading ‘GridEx’ offers stiff security test for an industry that welcomes the challenge

Mock grid, real threats: DARPA borrows an island for a cyberattack drill

Over the last 120 years, Plum Island, a forbidding swath of sand off Long Island, has been at the edge of U.S national security. The island housed gun batteries during the Spanish-American War, a torpedo storage facility during the First World War, and in recent decades it has been the government’s home for studying animal-borne diseases. In the first week of November, the military found yet another way for Plum Island to serve as a guinea pig. This time, though, it was for a decidedly 21st-century threat: cyberattacks that could hamstring the power grid. The fictional scenario saw contractors with the Pentagon’s R&D arm — the Defense Advanced Research Projects Agency (DARPA) — team up with engineers from prominent utilities to try to restore power that had been out for weeks following a hypothetical cyberattack. Their tall task: use a generator to gradually restart the power system, substation by substation — a process known as “black start” — all […]

The post Mock grid, real threats: DARPA borrows an island for a cyberattack drill appeared first on Cyberscoop.

Continue reading Mock grid, real threats: DARPA borrows an island for a cyberattack drill

Electric power industry puts cybersecurity to forefront with Trump, lawmakers

Electric power industry executives are pushing to have their cybersecurity concerns heard by Congress and the Trump administration. A Senate Energy and Natural Resources Committee hearing on Tuesday — convened to discuss how the government can better coordinate with the private sector on power grid security, incident response and other cyber threat information sharing efforts — is the latest example for how the industry is reaching out to Washington. Last week, electric power company and trade group representatives also met with top administration officials, including Secretary of Energy Rick Perry and Jeanette Manfra, the acting deputy undersecretary for the Homeland Security Department’s cyber division, Politico first reported. The group spoke about relevant, shared security goals and priorities, and where the government can offer assistance. Energy companies face substantial risks in cyberspace, experts say, and threats can directly affect physical systems and human life. John DiStasio, President of the Large Public Power Council, told lawmakers Tuesday that because […]

The post Electric power industry puts cybersecurity to forefront with Trump, lawmakers appeared first on Cyberscoop.

Continue reading Electric power industry puts cybersecurity to forefront with Trump, lawmakers

Electric power industry puts cybersecurity to forefront with Trump, lawmakers

Electric power industry executives are pushing to have their cybersecurity concerns heard by Congress and the Trump administration. A Senate Energy and Natural Resources Committee hearing on Tuesday — convened to discuss how the government can better coordinate with the private sector on power grid security, incident response and other cyber threat information sharing efforts — is the latest example for how the industry is reaching out to Washington. Last week, electric power company and trade group representatives also met with top administration officials, including Secretary of Energy Rick Perry and Jeanette Manfra, the acting deputy undersecretary for the Homeland Security Department’s cyber division, Politico first reported. The group spoke about relevant, shared security goals and priorities, and where the government can offer assistance. Energy companies face substantial risks in cyberspace, experts say, and threats can directly affect physical systems and human life. John DiStasio, President of the Large Public Power Council, told lawmakers Tuesday that because […]

The post Electric power industry puts cybersecurity to forefront with Trump, lawmakers appeared first on Cyberscoop.

Continue reading Electric power industry puts cybersecurity to forefront with Trump, lawmakers