From FoxNews – Smart thermostats have increased over the last decade as a residential internet of things (IoT) device with Wi-Fi enabled connectivity to home networks. Many home IoT devices have been exposed to cyber threats and vulnerabilities where the Bosch thermostats are the latest to be affected. This issue affected the Bosch thermostats “could allow hackers to access and manipulate the thermostat’s settings or even install malicious software.”
The US Electrical Grid Infrastructure continues to be vulnerable to cyber attackers and foreign nation state adversaries in attempts to bring havoc on power systems that supply other critical infrastructures.
Cyber security protection continues to be a major focus on power utilities and other critical systems. These cyber threats continue after power companies and their contractors as in the recent attacks.
Distributed Energy Resources (DERs) present major obstacles in grid reliability and protection against cyberattacks and threats. DOE states “they should be designed with security as a ‘core component.’
An attack on distributed solar or battery storage resources would have ‘negligible impact’ on grid reliability today, DOE said, but the capacity of DERs on the electric system is expected to quadruple by 2025 and the agency warned that each of those systems could be hacked.”
By the Chattanoogan: “Officials of CHI Memorial said their parent company has engaged cybersecurity experts and is working with law enforcement on a costly computer hack.
Sonia Moss, marketing manager, said, “Upon discovering the ransomware attack, CommonSpirit took immediate steps to protect our systems, contain the incident, begin an investigation, and ensure continuity of care. Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees and caregivers.”
By NERC: “WASHINGTON, D.C. – October is Cyber Security Awareness Month, which highlights some of the emerging challenges in the world of cybersecurity. NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) is supporting the campaign as a Cyber Security Awareness Month champion. This year’s theme, “See Yourself in Cyber,” focuses on four primary best practices: enabling multi-factor authentication; using strong passwords and a password manager; updating software; and recognizing and reporting phishing.”
“This year’s campaign is very timely as evidenced by the recent spate of high-profile hacks that often start with credential theft,” said Manny Cancel, NERC’s senior vice president and CEO of the E-ISAC. “It demonstrates the importance of organizations having strong information technology protocols and procedures in place combined with a need for employee training and awareness. NERC and the E-ISAC support a month focused on raising awareness of cyber security, which coincides with our annual grid security conference GridSecCon, cohosted with ReliabilityFirst this year.”
“With rising cybersecurity threats to the United States energy infrastructure and the reliability of the bulk power system, the need for shared heightened vigilance cannot be underestimated. The E-ISAC continues to collaborate, coordinate and communicate with industry stakeholders and government partners to collectively enhance the cybersecurity posture of the North American grid. The E-ISAC encourages its members to practice good cyber hygiene and always maintain a Shields Up posture. Good practices across both information technology and operational technology networks include: applying security patches as soon as possible, maintaining strict access management, baselining systems, encouraging strong passwords and multi-factor authentication and sharing cyber incident information with the E-ISAC. And, finally, E-ISAC stakeholders who are not yet members are encouraged to join find out more information at www.eisac.com.”
WKRN.com (FBI) – MINNEAPOLIS (AP) — White supremacists plotted to attack power stations in the southeastern U.S., and an Ohio teenager who allegedly shared the plan said he wanted the group to be “operational” on a fast-tracked timeline if President Donald Trump were to lose his re-election bid, the FBI alleges in an affidavit that was mistakenly unsealed.
The teen was in a text group with more than a dozen people in the fall of 2019 when he introduced the idea of saving money to buy a ranch where they could participate in militant training, according to the affidavit, which was filed under seal along with a search warrant application in Wisconsin’s Eastern U.S. District Court in March. The documents were inadvertently unsealed last week before the mistake was discovered and they were quickly sealed again.
The teenager wanted the group to be “operational” by the 2024 election because he believed it was likely a Democrat would win, but “the timeline for being operational would accelerate if President Trump lost the 2020 election,” according to the affidavit. An informant told investigators that the teen “definitely wanted to be operational for violence, but also activism.”