DOE: Distributed Energy Resources Need to Be Designed with Cybersecurity Protection

Cyber-protection-of-DERs

By Utility Dive:

Distributed Energy Resources (DERs) present major obstacles in grid reliability and protection against cyberattacks and threats. DOE states “they should be designed with security as a ‘core component.’

An attack on distributed solar or battery storage resources would have ‘negligible impact’ on grid reliability today, DOE said, but the capacity of DERs on the electric system is expected to quadruple by 2025 and the agency warned that each of those systems could be hacked.”

Continue Reading…

CHI Memorial Is Recovering from a Ransomeware Attack

CHI-Memorial

By the Chattanoogan: “Officials of CHI Memorial said their parent company has engaged cybersecurity experts and is working with law enforcement on a costly computer hack.

Sonia Moss, marketing manager, said, “Upon discovering the ransomware attack, CommonSpirit took immediate steps to protect our systems, contain the incident, begin an investigation, and ensure continuity of care. Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees and caregivers.”

Continue Reading…

National Cybersecurity Awareness Month (October)

NERC

By NERC: “WASHINGTON, D.C. – October is Cyber Security Awareness Month, which highlights some of the emerging challenges in the world of cybersecurity. NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) is supporting the campaign as a Cyber Security Awareness Month champion. This year’s theme, “See Yourself in Cyber,” focuses on four primary best practices: enabling multi-factor authentication; using strong passwords and a password manager; updating software; and recognizing and reporting phishing.”

“This year’s campaign is very timely as evidenced by the recent spate of high-profile hacks that often start with credential theft,” said Manny Cancel, NERC’s senior vice president and CEO of the E-ISAC. “It demonstrates the importance of organizations having strong information technology protocols and procedures in place combined with a need for employee training and awareness. NERC and the E-ISAC support a month focused on raising awareness of cyber security, which coincides with our annual grid security conference GridSecCon, cohosted with ReliabilityFirst this year.”

“With rising cybersecurity threats to the United States energy infrastructure and the reliability of the bulk power system, the need for shared heightened vigilance cannot be underestimated. The E-ISAC continues to collaborate, coordinate and communicate with industry stakeholders and government partners to collectively enhance the cybersecurity posture of the North American grid. The E-ISAC encourages its members to practice good cyber hygiene and always maintain a Shields Up posture. Good practices across both information technology and operational technology networks include: applying security patches as soon as possible, maintaining strict access management, baselining systems, encouraging strong passwords and multi-factor authentication and sharing cyber incident information with the E-ISAC. And, finally, E-ISAC stakeholders who are not yet members are encouraged to join find out more information at www.eisac.com.”

FBI: White supremacists plotted attack on US power grid

FBI-Power Grid-Attack-Plot

WKRN.com (FBI) – MINNEAPOLIS (AP) — White supremacists plotted to attack power stations in the southeastern U.S., and an Ohio teenager who allegedly shared the plan said he wanted the group to be “operational” on a fast-tracked timeline if President Donald Trump were to lose his re-election bid, the FBI alleges in an affidavit that was mistakenly unsealed.

The teen was in a text group with more than a dozen people in the fall of 2019 when he introduced the idea of saving money to buy a ranch where they could participate in militant training, according to the affidavit, which was filed under seal along with a search warrant application in Wisconsin’s Eastern U.S. District Court in March. The documents were inadvertently unsealed last week before the mistake was discovered and they were quickly sealed again.

The teenager wanted the group to be “operational” by the 2024 election because he believed it was likely a Democrat would win, but “the timeline for being operational would accelerate if President Trump lost the 2020 election,” according to the affidavit. An informant told investigators that the teen “definitely wanted to be operational for violence, but also activism.”

READ MORE ….

Protecting the Industrial Cloud from Cyberattacks

Cybersecurity-Protection

EE Times – The cloud and edge computing have come to the industrial world and they’re here to stay. Whether one thinks that’s a good or bad thing, it’s now inevitable.

These shifts have been accelerated by the enormous expansion in remote workers due to Covid-19 and their many unmanaged or insecurely managed devices, along with the connection of millions more imperfectly managed devices via the Industrial Internet of Things (IIoT).

While the expansion of cloud services can help solve some cybersecurity problems for industrial companies, including the vastly expanded attack surface caused by remote workers, it also spawns new security problems.

The steady corporate shift to the cloud, data traversing “hostile territory” and the proliferation of networked devices are creating a growing list of data security challenges. We take an in-depth look at the risks and possible solutions in our upcoming Cyber Security Special Project.

In multiple reports from different parts of the cybersecurity industry, data breaches continue to be the top concern in many industries, and flaws in identity and access management (IAM) practices continue to rate among the top avenues for those data breaches.

READ MORE….

Why The Healthcare Sector Must Demand Real Cybersecurity Change

Cyber-threats-to-healthcare

Forbes – Managing Director of Technology at Health2047 with a comprehensive understanding of the digital transformation of health care IT. We should be outraged and deserve better. 

In late October of this year, a joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned of an uptick in ransomware activity targeting the healthcare and public health (HPH) sector, specifically hospitals and healthcare providers.

The advisory came just over a month after reports out of Germany documented the first patient death directly tied to a hospital ransomware attack. That’s right: The healthcare cybersecurity situation has now become a matter of life and death.

Healthcare cybercrime such as ransomware is especially egregious during a pandemic, as illustrated by Bitdefender data (via Security Boulevard). But it is now sadly all too commonplace. Also far too commonplace is the seeming inattention and inaction in the face of rising threats.

READ MORE….