Cybersecurity update

One-stop shop

This week, I visited San Antonio, where a grid security advocacy group shopped around a list of nearly 80 "best practices" for electric utilities to consider as they defend against hackers.

Protect Our Power bills the project as a "one-stop shop" for electricity companies inundated with federal requirements, cybersecurity sales pitches and, of course, a near-constant stream of cyberattacks.

"We see it as a transformative idea: It's moving us away from the [federal] standards, which can take a year or two years to put in place," said Jim Cunningham, executive director of Protect Our Power, the grid security advocacy group that organized the conference. "They aren't as dynamic as they need to be in this environment."

Utilities are often wary of best practices as a Trojan horse for costly mandatory standards, currently set through the North American Electric Reliability Corp. and the Federal Energy Regulatory Commission.

For instance, elsewhere in Texas, the state's Public Utility Commission has proposed creating a dedicated grid cybersecurity monitor to keep tabs on the latest threats and vulnerabilities in the sector and encourage power companies to use best practices.

Advertisement

Southwestern Public Service Co., El Paso Electric Co. and Entergy Texas Inc. — three large utilities in the Lone Star State — filed joint comments noting that they're "concerned that reporting to the [monitor] may duplicate coordination efforts with NERC [rules], which increases compliance costs."

Cunningham and other executives at Protect Our Power might have a hard time talking power companies into using their framework, given that many utilities will have their hands full meeting existing requirements backed up with potential $1 million daily penalties.

New supply chain standards from FERC and NERC are set to take effect this year. "Supply chain" is among the issues singled out by Protect Our Power — along with "patch management," "network segmentation" and dozens of other practices (hopefully) familiar to any information technology administrator.

Will these protocols move the dial for grid cybersecurity? Time will tell.

— Blake Sobczak

Bits and bytes

Ransomware attacks on oil and gas companies may have forced five facilities to revert to manual operations, according to Texas-based security firm ThreatGEN. E&E News

The Interior Department grounded its fleet of drones for the foreseeable future, citing cybersecurity concerns. E&E News

A $4.6 billion aid bill expected to pass the House next week contains money for Puerto Rico's grid reliability and cybersecurity. E&E News

An antivirus subsidiary of Avast called Jumpshot has been secretly selling people's internet browsing histories to some of the world's biggest companies, according to leaked documents. Vice's Motherboard

Britain agreed to use Huawei Technologies equipment in part of its telecom network, cutting against an aggressive U.S. campaign against the Chinese 5G technology giant. The Washington Post

Hackers tied to Turkey are targeting European and Middle Eastern governments, three senior Western security officials told Reuters. Reuters

The Defense Department will review the final version of a plan to certify military contractors' cybersecurity practices. Nextgov

Advertisement

Advertisement

Latest Selected Headlines

More headlinesMore headlines

More headlinesMore headlines

More headlinesMore headlines

More headlinesMore headlines