Blog

Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial...
Blog

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly...
Blog

Improving OT Security in Industrial Processes

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste...
Blog

WaterISAC: 15 Security Fundamentals You Need to Know

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by Israel, and the criminals used this opportunity to...
Blog

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS...
Blog

Expert Insight for Securing Your Critical Infrastructure

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...
Blog

How Does IoT Contribute to Real-Time Grid Monitoring for Enhanced Stability and Fault Detection?

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach...
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative and faster than ever. So, understanding attackers’ tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker action in 2022. The positive news is that 67% of...
Blog

What is NERC? Everything you need to know

Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT...
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Known unpatched vulnerabilities are often exploited by criminals to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although the terms “patch management” and...
Blog

How to Build an Effective ICS Security Program

How to Build an Effective ICS Security Program Of all the different areas of cybersecurity, not many are as important, or have as far-reaching consequences as industrial control systems (ICS) security. While most relevant organizations would agree that ICS security is a significant concern for their operations, it is easier said than done. Many find it difficult to put into practice the measures...
Blog

OT Security: Risks, Challenges and Securing your Environment

Before the revolution of Information Technology (IT), the world experienced the revolution of Operational Technology (OT). Operational Technology is the combination of hardware and software that controls and operates the physical mechanisms of industry. OT systems play an important role in the water, manufacturing, power, and distribution systems that transformed the industry into the modern age...
Blog

Former contractor accused of remotely accessing town's water treatment facility

A federal grand jury has indicted a former employee of a contractor operating a California town's wastewater treatment facility , alleging that he remotely turned off critical systems and could have endangered public health and safety. 53-year-old Rambler Gallor of Tracy, California, held a full-time position at a Massachusetts company that was contracted by the town of Discovery Bay to operate...
Blog

What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?

It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the importance of keeping it safe cannot be...
Blog

The Future of Driverless Cars: Technology, Security and AI

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is time to revisit the topic to see if driverless...
Blog

Distributed Energy Resources and Grid Security

As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart energy devices can be useful for consumers to have more control over their energy consumption, but can also pose a...
Blog

A Look at The 2023 Global Automotive Cybersecurity Report

From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity . These shifts have redirected the automotive industry, meeting and surpassing customer expectations for what vehicles should accomplish. However, they...
Blog

How Retiring Gas and Coal Plants Affects Grid Stability

Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was digital), it's safe to say they've had a...
Blog

How to Advance ICS Cybersecurity: Implement Continuous Monitoring

Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control systems like Remote Terminal...
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks , in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by the Government Accountability Office (GAO)...