NERC CIP Blog
Read the latest news, developments and opinion pieces on NERC CIP compliance from industry experts New Net Technologies.
Click on a link below for information on how you can ensure your IT systems comply with security standards. .
According to researchers at security firm ESET, a threat group using the Russia-linked ‘Black Energy’ malware are to blame for the recent power outages in Ukraine.
A nightmare scenario based on a devastating APT attack on the US energy grid has been provided by the University of Cambridge’s Centre for Risk Studies and Lloyds.
British Gas has acknowledged pressure coming from the cyber-security profession and agreed to take another look at its policy toward password managers, in order to maintain continuous compliance of cyber security controls.
Research by USA Today reveals that the US power grid suffers some kind of physical or cyber attack every four days.
Of particular interest is the high incidence of cyberattacks, although the most recent ICS-CERT report (the Cyber Emergency Reponse Team covering all industries utilizing industrial control systems) suggests an even higher incidence of cyber attacks.
The latest ICS-CERT report includes some analysis of cyber security incidents reported to them in Fiscal Year 2014. Of the 245 incidents reported, 55% were attributed to some form of Advanced Persistent Threat (APT), but overall 38% of the 245 incidents remain unexplained:
The World is Not Enough…
A NERC CIP compliance audit isn’t all speedboats and supermodels, even when tackling CIP 007 (which is actually focused on maintaining a hardened build standard and may leave you wanting to fire your own ejector seat).
Two newly discovered vulnerabilities have been classified with a maximum CVSS Score of 10 and users of Schneider Electric ETG3000 FactoryCast HMI Gateway should take immediate action to protect SCADA systems from attack.
This cyber attack will immediately draw comparisons with the infamous Stuxnet attack but does it also mark a tipping point for all industries to take cyber security seriously?
CSOOnline report that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the U.S. Department of Homeland Security (ICS-CERT) issued an advisory on Tuesday warning that malware has been used since 2011 to attack a number of ICS (Industrial Control Systems).