Tag: Cybersecurity

ICS Cybersecurity Threatened, but Defense Woefully Inadequate

March 1, 2018
| No Comments
| Industry News

Though increasingly serious cybersecurity threats loom, nearly two-thirds of U.S. industrial control system (ICS) vulnerabilities identified in 2017 could cause severe operational impact if exploited, cybersecurity firm Dragos Inc. warned in a series of reports published March 1.

The reports, which cover ICS vulnerabilities, ICS threats, and reactions to existing threats, draw a dire picture of the current state of ICS cybersecurity.

In one report, Reid Wightman, Dragos senior vulnerability analyst, notes that public disclosures issued in 2017 fail to adequately define the industrial impact of vulnerabilities. Most provided no alternative guidance beyond “patch” or recommendations to use secure networks, and the firm concluded that public reporting will need a “huge improvement.”

Another report, authored by Joe Slowik, a Dragos senior threat analyst, noted that 2017 was a defining year in ICS security. Last year alone, two major and unique disruptive attackers were revealed, five distinct activity groups targeting ICS networks were identified, and several large-scale IT infection events with ICS implications occurred.…

Read More »

Cybersecurity Tips for Power Plant Operators [PODCAST]

February 17, 2018
| No Comments
| Industry News

Cybersecurity threats have increased dramatically as sophisticated, nation-state developed hacking programs have been leaked to the general public. Now, common criminals have high-tech tools at their disposal with the capability to cause serious damage. As such, the power industry must take precautions and upgrade security to keep systems safe. While regulations provide a minimum security standard, companies that aren’t going above and beyond the government’s requirements are likely to be setting themselves up as “low-hanging fruit,” that is, easy targets for hackers.

In this episode of The POWER Podcast, Chris Grove, director of industrial security for Indegy, offers some tips for keeping bad actors out of power plants. Gaining visibility into systems is an important first step. Once companies understand what risks they’re exposed to, getting a broad-based team of both information technology (IT) and operational technology (OT) experts involved to develop solutions to mitigate the risks is a logical subsequent step. Investing in good security can pay dividends in the end.…

Read More »

Cybersecurity a Main Concern for Connected Plants, but Tech is Improving

February 21, 2017
| No Comments
| Industry News

Security issues are second only to cost concerns when energy generators consider the risks related to implementing connected technology at their power plants, according to a February 15 poll of the audience at POWER’s Connected Plant Conference.

However, continued improvements in available cybersecurity systems are quickly reducing those risks, Stan Schneider, CEO of Real-Time Innovations, told the audience in his keynote address.

“Security is a huge problem, everybody knows,” he said. “I think it’s getting better because security is a layer game.”

Using the most common security technology, such as air gap and firewalls, is not sufficient, but new technologies have the potential to greatly reduce the threat of a cybersecurity attack, according to Schneider. “If you’re dependent on fire walls, realize an insider attack easily breaches a fire wall protection. There’s just so many things that don’t work that people are dependent on for various reasons, but the new technologies [where] you can layer in different levels of security, are definitely making it better,” he said.…

Read More »

EU Parliament Approves New Cybersecurity Rules

July 11, 2016
| No Comments
| Industry News

The European Union (EU) parliament on July 6 approved the first community-wide rules designed to bolster cybersecurity throughout the EU.

According to the official statement, the new law “lays down security and reporting obligations for ‘operators of essential services’ in sectors such as energy, transport, health, banking and drinking water supply. EU member states will have to identify entities in these fields using specific criteria, e.g. whether the service is critical for society and the economy and whether an incident would have significant disruptive effects on the provision of that service.”

In addition, some “digital service providers” such as search engines and online marketplaces will be required to take measures to secure their infrastructure and report significant cybersecurity incidents to national authorities.

Community-Wide Cybersecurity Action Necessary, EU Notes

“Cybersecurity incidents very often have a cross-border element and therefore concern more than one EU member state. Fragmentary cybersecurity protection makes us all vulnerable and poses a big security risk for Europe as a whole.…

Read More »

EnergyNorthwest.com 2025 . Powered by WordPress