Cybersecurity is becoming an increasingly important issue for utilities and other energy companies as more business tasks are connected to online environments in various ways. To better address these risks, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for the development of a voluntary risk-based Cybersecurity to enhance the security and resilience… Keep reading →
The natural gas industry is optimistic about its own future, but safety – be it pipeline, environmental or cyber – continues to be a key concern, according to Black & Veatch’s second annual Strategic Directions in the North American Natural Gas Industry survey. The overwhelming majority of the survey’s 336 respondents expect the US natural gas industry to… Keep reading →
Dear State Public Utility Commission Chairmen and Chairwomen, Risk management isn’t a new concept for any of the utility companies you regulate, nor I’m sure, is it new for you and your team. When large storms or fires cause power outages, you monitor how quickly electric utilities return service to customers. When proposals for new… Keep reading →
The energy industry is absolutely full of things that almost no one thinks about until they break. Until a high profile blackout or a price spike, the complex and technical questions that determine the outcomes of fundamental sector responsibilities like reliability and data security are often ignored by the broader public and even by industry… Keep reading →
The need to secure the electric grid against cyberattacks has attracted attention at both the corporate and policy level. But no one actually knows what “secure” really means, and making that determination may prove challenging.
Decision-makers at energy companies and on Capitol Hill have been alerted to the danger of a cyber attack on the electric grid. While those concerns may be valid, calls to “secure the grid” assume a level of knowledge of the state of grid security that even experts in the field may not possess, said IBM Energy Security Lead Andy Bochman at the Advanced Energy Conference in New York this week. Keep reading →
Sophisticated worms – automated software that spreads between computer devices – can infect an entire electric grid in a matter of seconds, but there may be effective defenses against them, according to Rob Johnson, assistant professor of computer science at Stony Brook University.
The critical role various computing devices have assumed in the daily functioning of the power grid has dramatically altered the security needs of utilities. While safeguards are already in place to protect against physical threats, like natural disasters, utilities may lack the tools to protect their networks from cyber attacks, such as worms. Keep reading →
A miniature version of this scenario took place earlier this week in Silicon Valley. It prompts me to remind utilities not to let the current emphasis on cybersecurity cause them to overlook the very real and important issues around physical security. – Jesse Berst
Quick Take: A few years back, a friend of mine served on a Department of Homeland Security committee on infrastructure protection. They heard lots about cyber threats. But the thing that worried them the most was the “Seven Bullets Theory.” That’s the idea that a terrorist group could shut down the entire East Coast grid with just seven well-placed bullets at seven different substations.
We’ve all read the cyber-attack and data breach headlines about Stuxnet, Flame, Shamoon, and most recently, Red October. Critical infrastructure cyber attacks were even a focus of the President Obama’s State of the Union Address.
Organizations that operate critical infrastructure – including oil and gas companies, utilities, nuclear facilities, and more – is well aware it’s under attack. The problem right now is that many of these organizations are struggling to figure out how the protect themselves from potentially devastating attacks. Keep reading →
When Exelon merged with Constellation, Joe Glace started reporting directly to the president and CEO, Christopher Crane. As the Chief Risk Officer for the mega-utility, it was imperative that he was part of company’s executive committee.
“The new Exelon will have a significantly increased scope across the energy value chain,” Crane said at the time of the announcement in December 2011. “It is vital to our future success that we diligently manage risk from an independent and enterprise-wide perspective.” Keep reading →
For years predictions of the horror show that could happen if the nation’s electricity grid was compromised by hackers proliferated in inverse correlation to the number of attacks; the sector went about its peaceful way, adding security as it added increased interconnectivity and meeting standards that left service reliability levels intact.
That “quiet war” in cyberspace is over. The US energy sector is under attack, and there isn’t any indication the situation is going to improve. Keep reading →
