Articles

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an “attempted” breach.

One of the most pernicious aspects of the far-reaching and potentially devastating SolarWinds supply chain hack is that it successfully evaded detection for at least ten months by hiding inside seemingly normal software operations. The hack of SolarWinds’ Orion product enabled Russian actors to embed surveillance malware into widely used management software. It pushed the so-called SUNBURST malware deep into public and private networks using the invisibility cloak of ordinary activity, causing no harm or disruption as it silently operated.

The SolarWinds hack is largely considered a turbo-charged nation-state espionage campaign. Most experts, however, won’t rule out that out the possibility that the Russian intelligence team behind the breach weren’t also paving the way for attacks that could damage operations. One of the biggest concerns about the hack’s impact is how it affected the nation’s power grid.

New regulations aimed at spotting attempted compromises in the power grid that don’t cause damage, like SolarWinds, went into effect on January 1, 2021. It’s not at all clear that the new requirements will help the energy industry spot these kinds of attacks.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

New DOE document names China, Russia as threats to…

lead centered=”no”
A US Department of Energy RFI seeks information on energy industry’s supply chain security practices following executive order to develop industry regulations.
/lead

On May 1, the Trump Administration issued an Executive Order on Securing the United States Bulk Power System that seeks to remove from the power grid crucial electric equipment supplied by vendors from foreign adversarial nations. Yesterday, the Department of Energy (DOE), Office of Electricity issued a request for information (RFI) “seeking information to understand the energy industry’s current practices to identify and mitigate vulnerabilities in the supply chain for components of the bulk-power system (BPS).”

The RFI is a follow-on to the executive order (EO), which directs the Energy Department, in consultation with other agencies, to develop regulations implementing its goals through a rulemaking process. The EO defines electric equipment as items used in substations, control rooms and power generating stations, including reactors, capacitors, substation transformers, large generators, voltage regulators, along with several other defined pieces of electrical equipment.

This article appeared in CSO Online. To read the rest of the article please visit here.