This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP
The Frost & Sullivan research report on the global critical national infrastructure (CNI) cyber security market, coming out on the eve of the SANS European ICS Security Summit, highlights a number of key trends in this increasingly important field.
One of the largest challenges facing management in Engineering organizations today is how to effectively assess cyber risk on ICS infrastructure and make the appropriate investments in risk mitigation activities to manage this risk to as low as possible. Continue reading Effective Assessment of ICS Infrastructure Cyber Risk
Did you hear about the NERC registered entity that got a PV for failing to update the Cyber Security Incident response plan within thirty calendar days of a change? How about the registered entity that got a PV because they didn't notify the ES-ISAC of a Reportable Cyber Security Incident? Well if you don't act … Continue reading ES-ISAC Changes Require Plan Updates
A recent USA Today article and an Inquisitr article that referenced it highlight some valid concerns about the weaknesses of the power grid, but their use of scare language and the lack of specificity should be even more concerning. The articles contain too many unsubstantiated claims. Expert comments without context don't qualify as facts. And … Continue reading The US Power Grid is Vulnerable - but let's not exaggerate.