Energy Sector hit hardest by successful cyber-attacks
Over three-quarters (77 percent) of IT professionals say that they have experienced a rise in cyber-attacks in the past 12 months. Tripwire conducted a study of 150 IT pros from the energy, utilities and oil and gas industries which discovered that 78 percent of respondents said they experienced a cyber-attack from an external source and 30 percent have seen an attack from an insider in the past 12 months. Article
Lessons From The Ukraine Electric Grid Hack
New SANS analysis on how the attackers broke in and took control of the industrial control systems at three regional power firms in the Ukraine and shut off the lights.
Security experts from SANS today in conjunction with the North American Reliability Corporation (NERC)’s E-ISAC published an in-depth postmortem analysis by SANS ICS experts of the attack, SANS ICS REPORT based on details revealed by ICS-CERT late last month as well as other public information. Read More
Catastrophic cyber-attack on U.S. grid possible, but not likely
Anything is possible in the cat-and-mouse game of probing and protecting the online weaknesses of the nation’s critical infrastructure. But security experts say the U.S. grid is resilient enough to make a “cyber Pearl Harbor,” highly unlikely…..see full article
Protecting Vital Electricity Infrastructure
With an interconnected grid of over 450,000 miles of high voltage transmission lines and over 55,000 transmission substations, the targets of opportunity are endless.
Electricity is perhaps the most vital of the critical infrastructures and key resources that support our society. The mission of the North American Electric Reliability Corporation (NERC) is to ensure the reliability of the North American bulk power system (BPS). While electric utility companies are responsible for administering the day-to-day operations of the electric grid, regulators such as NERC and the Federal Energy Regulatory Commission (FERC) are charged with the overall responsibility of ensuring reliability and security. NERC develops and enforces Reliability Standards, annually assesses seasonal and long‐term reliability, monitors the bulk power system through system awareness, operates the Electricity Information Sharing and Analysis Center (E-ISAC), and educates, trains and certifies industry personnel.
Within North America, the National Strategy for Critical Infrastructure (Canada) and the National Infrastructure Protection Plan (United States), establish a collaborative approach that is used to strengthen critical infrastructure resiliency. These strategies recognize that each level of government, as well as infrastructure owners and operators, have major roles and responsibilities in strengthening the resiliency of critical infrastructure and will exercise their responsibilities as appropriate and according to each respective jurisdiction.
While the security of the grid is a shared responsibility between the government and the private sector, the primary responsibility rests with utility owners and operators. Utility security staff has a responsibility to ensure they are able to receive and act upon criminal intelligence and be prepared to identify risks and vulnerabilities associated with security threats. Full Read