Covering an array of cybersecurity issues in the power generation industry. These articles were previously featured in POWER magazine and will quickly become your go-to resource for clear answers to your questions.
Delivered in a PDF format.
Grid Security Gets
Cybersecurity has grabbed the lion’s share of grid security attention, but last year’s attack on a substation in California served as a reminder that physical attacks are still a significant threat.
How to Use “Honeypots” to Overcome Cybersecurity Shortcomings
Cybersecurity threats facing the power industry have escalated dramatically in the past few years, as state-sponsored, organized crime, and hacktivist groups all seek to infiltrate U.S. energy infrastructure for cyber-espionage and sabotage purposes.
Introduction to NERC CIP
Identifying CIP Version 5 Assets in Generation
The latest version of Critical Infrastructure Protection standards applies to different facilities and assets than previous versions, so the first, critical step in compliance is to determine which facilities and assets are subject to the new standards.
Federal Cybersecurity Framework Calls for Increased Vigilance
The energy industry, already familiar with the latest iteration of the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) reliability standards, should take note: Meeting those standards may not be enough to satisfy evolving cybersecurity threats and the need to protect cyber assets as well as personal data.
EPRI and Luminant Collaborate to Create Common Understanding of Cybersecurity Requirements
A collaborative effort between the Electric Power Research Institute and the Comanche Peak Nuclear Power Plant confirms that vendors and nuclear plant owners who understand and address cybersecurity requirements up front will avoid costs on the back end. The best practices developed also apply to non-nuclear plants.
NIST Cybersecurity Framework Aims to Improve Critical Infrastructure
Yet another standard? No. What you’ll see this month is a tool designed to bring together all the relevant cybersecurity standards and put them in an appropriate context—a framework—so you can manage cybersecurity risk more effectively. (And yes, managing that risk is everyone’s business, regardless of job title.)
Generation Cybersecurity: What You Should Know, and Be Doing About It
A professional engineer specializing in the cybersecurity of industrial control systems explains cybersecurity controls that should be present at every generation plant and why they are needed for basic risk reduction from everyday cybersecurity threats.
Quantum Cryptography Promises Un-Hackable Industrial Communications
What if you could send a control message between two points on the electricity grid—say between a control room operator and a turbine or between a system operator and a generating plant—and know that there’s no way that message can be intercepted, altered, or spoofed to effect malicious ends? That possibility may be only a couple of years away.
What You Need to Know (and Don’t) About the AURORA Vulnerability
When most people think of the AURORA cybersecurity threat today, they recall an image of an out-of-control generator during a 2007 demonstration test. But the threat didn’t end in 2007. Despite the widespread impact of any AURORA attack and the relatively low cost of mitigating against such attacks, virtually no utilities have taken action to protect the grid and its users from potentially devastating consequences.
Guidance on Cybersecurity for the Electricity Sector
The cybersecurity needs of the electric power industry are unique, due to the critical nature of the product and the wide range of technologies that must be considered—from complex, modern industrial control systems to aging infrastructure elements.
Ensuring the Cybersecurity of Plant Industrial Control Systems
Industrial control systems (ICSs) manage global industrial infrastructures, including electric power systems, by measuring, controlling, and providing a view of control processes that once were visible to the operator but now are not. Frequently, ICSs are not viewed as computers that must operate in a secure environment, nor are they often considered susceptible to cybersecurity threats. However, recent cybersecurity failures have proven these assumptions wrong.
Power Grid Cyber Security Strategies
Despite the uncertainty about utility cyber security regulations, there are steps that electric utilities, owners and operators of generation and transmission facilities, and industrials with on-site generation can take now to promote greater security for their facilities. Here are 10 strategies that compliance officers and regulatory affairs personnel can implement today to combat cyber threats that may compromise physical electrical infrastructure.
Power Grid Cybersecurity: How to Achieve Results in an Uncertain Regulatory Environment
The security of the U.S. electric power grid against cyber threats is a growing concern among lawmakers, regulators, industry, and the public at-large. Cyber warfare poses a serious threat to the grid’s physical infrastructure, and without effective preventative measures, the grid may be compromised by cyber attack. The best way to combat cyber threats remains unknown.