SANS Industrial Control Systems Security Blog: Tag - NERC

One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


Microsoft's New Patching Models will Cause Havoc for NERC Registered Entities

In May 2016, Microsoft announced a change to how updates for Windows 7 and 8.1 systems would be offered. That change made available "Monthly Rollups" that allow all previously released non-security updates to be installed in a single installation update. This week, Microsoft announced a revision to the previously reported plan in that the … Continue reading Microsoft's New Patching Models will Cause Havoc for NERC Registered Entities


NERC CIP Continues to Grow and Adapt

Today, FERC announced the approval of Order 829 directing NERC to develop a Reliability Standard addressing "supply chain risk management for industrial control system (ICS) hardware, software, and computing and networking services associated with bulk electric system operations." Imposing requirements on entities to secure the supply chain will present a significant challenge and I'm anxious … Continue reading NERC CIP Continues to Grow and Adapt


ES-ISAC Changes Require Plan Updates

Did you hear about the NERC registered entity that got a PV for failing to update the Cyber Security Incident response plan within thirty calendar days of a change? How about the registered entity that got a PV because they didn't notify the ES-ISAC of a Reportable Cyber Security Incident? Well if you don't act … Continue reading ES-ISAC Changes Require Plan Updates


Ready, Set, Stop! FERC Postpones CIP Version 5

This post was written by SANSICS456 - Essentials for NERC CIP co-author TedGutierrez. Just when the electric industry thought that they had seen it all, FERC pulls another rabbit out of its hat astonishing audiences near and far. In an order issued today (February 25, 2016) FERC granted a motion to defer the implementation of … Continue reading Ready, Set, Stop! FERC Postpones CIP Version 5