Duke CEO Says Utilities Know ‘We Are a Target’ for Hackers
The cyberattack on the biggest fuel pipeline system in the U.S. is a stark reminder that America’s energy infrastructure is a tempting, and vulnerable, target for hackers.
Colonial Pipeline attack spotlights risks of geographically dispersed networks in an industry that is ‘far behind’
A May 7 ransomware attack on Colonial Pipeline largely shut down the largest refined products pipeline system in the U.S., demonstrating the atypical cybersecurity risks and vulnerabilities faced by organizations with geographically distributed networks.
5 takeaways from attack on Colonial Pipeline
The Colonial Pipeline, which transports about 45 percent of fuel consumed on the East Coast, shut down over the weekend due to a ransomware attack.
White House denies there's supply shortage in wake of ransomware attack on major U.S. pipeline
President Biden’s homeland security adviser, Elizabeth Sherwood-Randall, told reporters Monday afternoon that, despite disruptions created by a ransomware attack on a major U.S. pipeline over the weekend, the White House is not immediately concerned about fuel shortages or major damage to critical infrastructure.
Colonial Pipeline attack underscores US energy's vulnerability
The ransomware attack on Colonial Pipeline, the largest supplier of oil to the Northeast region of the United States, is underscoring just how vulnerable critical U.S. infrastructure is to cybercriminals in a way no previous attack has done, say U.S. officials and experts in the field.
Industry offers help in addressing ‘sophisticated threats’ facing electric grid for DOE security plan rollout
Industry says understanding “sophisticated threats” that the electricity sector faces will be essential to the Biden administration’s plan to secure industrial control systems and is offering to collaborate with the White House, Energy Department and CISA to make their efforts to secure the grid successful.
Executive Order 13920: Securing the US Bulk-Power System
In May 2020, former President Donald Trump issued Executive Order 13920 which blocked the installation of bulk-power system (BPS) electric equipment that was designed, developed, manufactured or supplied by foreign adversaries of the United States. Attend this webinar to learn more about EO 13920 and EO 14017 and their potential implications for the electric sector.
Biden administration unveils plan to defend electric sector from cyberattacks
The Biden administration is buckling down on cyber threats to U.S. power infrastructure. The Department of Energy (DOE) announced a 100-day plan to help shore up the U.S. electric power system against cyber threats Tuesday.
Lack of cyber funds in Biden infrastructure plan raises eyebrows
President Biden's $2.25 trillion infrastructure plan does not include any funds to protect critical infrastructure against cyberattacks, even as the threat grows against targets like the electric grid.
Biden administration kicks off 100-day plan to shore up cybersecurity of electric grid
The Biden administration on Tuesday announced it was kicking off a 100-day plan aimed at protecting the electric grid against cyberattacks.
State of the Electric Utility 2021: Utilities' cybersecurity approach shows cause for concern, experts say
Power companies are more focused than ever on cybersecurity, and experts say results of Utility Dive's 8th annual State of the Electric Utility (SEU) survey show an industry working to better secure the grid. But they also say the responses reveal cause for concern — including the potential for misplaced utility efforts and under-investment in emerging technologies.
National infrastructure plan could strain CISA despite modernizing systems
President Biden on Wednesday announced a $2 trillion infrastructure plan, offering a broad range of spending targets – including fixing roads and bridges, planting a nationwide electric vehicle charging network, greening the power grid, and rebuilding schools. Cybersecurity was not specifically mentioned as part of the infrastructure plan, but that won’t prevent the plan from having profound impacts on cybersecurity.
The Cybersecurity 202: Here's how Biden's infrastructure package could address electric grid cybersecurity
President Biden unveiled a $2 trillion-dollar jobs and infrastructure plan today, Jeff Stein, Juliet Eilperin and Michael Laris report. The plan includes at least at least $100 billion for a variety of infrastructure priorities, including modernizing the electric power grid.
CyberWeek Top Five News
In this week’s episode John Cofrancesco and Mitch Farbstein discuss the top five cybersecurity events of the week. The bad actors and states keep pounding at the global security gates, thus reinforcing Fortress' charter to identify and protect organizations from cybersecurity vulnerabilities.
Fortress Delivers Technical Support and Operational Analysis to Army
Fortress Information Security (Fortress) successfully conducted a full Technical Support and Operational Analysis (TSOA) for the US Army Combat Capabilities Development Command (DEVCOM) March 15-19.
Northrop Grumman Cyber Report: Cyber Survivability; Exercising w/ The Army
On this week’s Cyber Report, sponsored by Northrop Grumman, Jim Conroy, the vice president of emerging systems and strategic initiatives at Northrop Grumman’s Navigation, Targeting and Survivability Division, discusses securing the military internet of things and open architecture systems, and Andrea Schaumann, the federal operations deputy at Fortress Information Security, discusses the company’s participation in the US Army’s recent Technical Support and Operational Analysis with Defense & Aerospace Report Editor Vago Muradian.
WECC Reliability & Security Digital Workshop: Fortress Demo
As operating costs continue to rise; utilities question how to increase security, ease the burden of compliance, and achieve financial objectives. Energy utilities and their vendors share many of the same challenges: cyber threats and compliance. Join Fortress Information Security as we dive deep into NDAA Section 889 A & B, Cybersecurity Maturity Model Certification (CMMC), and Executive Order 14017 to gain a better understanding of how these regulations impact your business.
As legislators work toward law requiring companies to alert feds to breaches, key hurdles emerge
After two major hearings on Solarigate, one domestic policy proposal grabbed the spotlight: requiring organizations to alert the government to major cyber incidents in the interest of national security. Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry.
Getting the Cyber Ball Loading
This is Fortress Information Security's inaugural podcast. Fortress is a leader in assisting organizations that value their technology assets and data, and recognize the intricacies of managing their cybersecurity efforts. Today, you will learn how Fortress can provide a holistic services and solutions approach that can lead your organization from cyber policy determination, through supply chain pre-acquisition vendor assessment, through infrastructure vulnerability detection and finally through comprehensive, on-going remediation and reporting.
SolarWinds attack and Executive Order on America’s Supply Chain illuminate gaps in supply chain risk management
Fortress Information Security (Fortress) today announces a series of innovations to their risk and compliance management solutions in response to emerging security challenges such as those illustrated by the recent SolarWinds attack, and in alignment with Executive Order 14017 on America’s Supply Chain.
What to watch for cybersecurity in Biden's first 100 days
As new fallout and revelations emerge from the massive SolarWinds hacking campaign that hit multiple U.S. agencies, a barrage of other online threats is likely to challenge President Biden's pledge to boost cybersecurity.
America Under Cyber Attack: Operating in a Post-Sunburst World
Last year foreign hackers secretly broke into a US-based IT security solution provider and added infected code into their software. As part of the company’s regular software update process, the company unknowingly forwarded malicious code, creating a backdoor to their clients' IT systems. Multiple government agencies and private organizations were impacted.
Biden suspends Trump order on bulk power system security pending 90-day review
An executive order signed by President Joe Biden last week included the 90-day suspension of an order issued by his predecessor aimed at fortifying the nation's bulk power system against malicious cyberattacks by foreign adversaries.
Understanding the SolarWinds Breach & How it Could Impact Critical Infrastructure
The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR) is administered by the Department of Defense (DoD). The DFARS contains requirements of law, DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures. During this webinar, experts will discuss how CMMC impacts utilities and the bulk-power system, and learn how direct contractors, subcontractors and suppliers, must meet the requirements under the regulation.