The European Union, with its commitment to digital governance and cyber protection, has recently updated its foundational cybersecurity framework, repealing the previous Network and Information Systems Directive (“NIS”) with the NIS2 Directive. Take a dive into the notable changes, implications, and suggested actions for businesses that fall under its scope.
Read MoreAmpere Industrial Security, the global leader in industrial cybersecurity consulting, and DeNexus Inc, the leading provider of second-generation cyber risk quantification and management to large industrial facilities, OT service providers, and the cyber risk transfer market, announce their partnership today.
Read MoreNERC has initiated the Internal Network Security Monitoring (INSM) Data Request in response to a directive from FERC. This effort aims to gather data on the risks of not implementing INSM in medium and low impact BES Cyber Systems. NERC is collecting information from utilities in the electric power industry regarding facility numbers, network configurations, malicious code detection, implementation challenges, and alternative solutions. The data must be submitted by July 25, 2023.
Read MoreOn March 16 2023, FERC issued a new Order approving NERC CIP-003-9 introducing new requirements for vendor electronic remote access security controls to low impact BES Cyber Systems. These new security controls are intended to allow detection and the ability to disable vendor remote access in the event of a known or suspected malicious communication.
Read MoreFERC has approved new cybersecurity standards to improve risk management practices and supply chain risk management for low impact assets. The new standards, designated CIP-003-9, require utilities to establish and maintain a documented supply chain cyber risk management plan and implement vendor-focused cybersecurity protections for their low impact BES Cyber Systems.
Read MoreWhile encryption meets the security objective of CIP-012, entities can utilize additional security controls to provide a defense in depth approach and in some cases utilize controls other than encryption.
Read MoreThe White House issued its new National Cybersecurity Strategy on Thursday, laying out its plan for securing the country from cyberattacks. Patrick C. Miller answers questions about the strategy and how it could impact you.
Read MoreGovernment and industry experts have recently pointed to software bill of materials (SBOM) as a requirement for organizations, but what are you getting? David Foose spends some time exploring aspects of SBOM fever.
Read MoreThis year, the S4 event hosted by Dale Peterson (DigitalBond) was bigger than ever. New venue, new content, new challenges, new theme, and a new feel. Here’s a report of my experience with some bad, some good and some great things that happened.
Read MoreDavid Foose, a former vendor, takes us on a brief walk through the history and the justifications Supply Chain Security and the birth of NERC CIP 13. With this, we explore what might have been and where it may have unfortunately veered off into constant contract negotiation entities find themselves today.
Read MoreFERC has issued Order 887, directing NERC to create new Critical Infrastructure Protection (CIP) cybersecurity standards for Internal Network Monitoring Systems (INSM). Hear from a real electric utility asset owner, Carter Manucy of FMPA, on what this means for the industry and what you should do next.
Read MoreGRIMM, a forward-looking cybersecurity organization led by industry experts, and Ampere, a security consulting firm specializing in industrial control systems (ICS), are proud to announce an alliance to secure critical infrastructure around the globe.
Read MoreA new addition to the NERC CIP regulation is coming for the electric sector requiring anomaly detection and internal network security monitoring to detect active attacks on critical systems.
Read MoreBrand new industrial security researchers find a zero day in an industrial device just 48 hours. If they can find it, so can attackers. Here's what that means for your security program.
Read MoreNetwork Segmentation - creating specialized, highly-protected network segments for critical systems - can provide necessary isolation and defense against ransomware and other attacks on critical infrastructure.
Read MoreInternal Network Security Monitoring (INSM) - visibility into what’s happening on your internal OT/ICS networks - is showing up in important places like the National Security Memorandum, CISA guidance and FERC rulemaking notices.
Read MoreI helped write and establish the NERC CIP regulations. But now I want change. There is a way to save time, money and headaches while actually improving security for critical infrastructure.
Read MoreUtilities are preparing for the technical side of a cyberattack generated by the Russia-Ukraine conflict. But there is another aspect to these attacks that can cause chaos if you’re not ready. We’ll explore that here.
Read MoreTwo industry veterans who cultivated NERC CIP over the past 20 years discuss how it all started, and what’s next for electric power industry security regulations. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Carter Manucy, a utility IT/OT Security Director, talk about the regulation that changed the electric sector cybersecurity landscape forever.
Read MoreTwo key people who helped start NERC CIP 20 years ago talk about how and why it came together, and where it could go next. Patrick C. Miller, one of the first NERC CIP auditors in the country, and Earl Shockley, a former leader at NERC, talk about this momentous regulation that changed the electric sector cybersecurity landscape forever.
Read More
