Information Security Blog

HomeInformation Security BlogEthical Hacker Roundup – Smarter Grids

Ethical Hacker Roundup – Smarter Grids

Ethical Hacker Roundup – Smarter Grids

These Energy IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.

line-break

Real Smart Grid Security Problems

A question was asked on Quora regarding Smart Grid security. The question specifically asks what the real Smart Grid security problems are versus those that make headlines.

One problem that has been addressed but not finalized is a specific standard for Smart Grid technology. In a previously published article, John stated “the problem wasn’t a lack of guidance, rather it was an overabundance of guidance;” Currently there are overlapping and ambiguous standards; NIST, AMI-SEC, NERC, ISO 27002.

Although this is just one of the many Smart Grid security problems that the Energy industry faces, it’s important to have standards for companies to follow.

The State of IT Security of Energy Companies

In the article from AutomationWorld, Grant Gerke discusses findings from a whitepaper created by The Ponemon Institute. While it is not a surprise that 71% of the C-level executes do not fully understand security initiatives within Energy organizations, we thought the statistic was worth sharing.

energy-stats

The Power Grid is Vulnerable

This article follows up to the statistics above as an inspector from the Energy Department has found what he calls “shortcomings” of utility companies.

“Without a formal risk assessment and associated mitigation strategy, threats and weaknesses may go unidentified and expose the . . . systems to an unacceptable level of risk”

There were just under one hundreds grants from the US Government to utility companies, but not all the recipients have taken steps towards mitigating cyber security risks. Rushing to develop and deploy Smart Grid technology could be a drastic mistake if these risks are not realized and reduced.

New York Energy Data Breach

Iberdrola USA, the owner of, New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), had a data breach last month. The database that was accessed contains almost 2 million customer accounts, including personal information (e.g., Social Security numbers). NYSEG and RG&E have been working with law enforcement and forensic consultants in attempt to identify who, what and how. Precautionary measures have been implemented (contacting customers) but there is no evidence that the data was used. In the press release by the New York Public Service Commission, the status of whether the breach was malicious is unknown.

Securing the Grid

Your Energy IT Security concerns can and should be addressed by an independent and objective Information Assurance firm. Pivot Point Security can help your Energy Company align its key initiatives with security best practices to ensure the integrity of the grid. See how we can help.

line-break

Don’t miss out on the Ethical Hacker Roundup

The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, reach out to us through email.

Be sure to catch the weekly roundups by subscribing to the Pivot Point Security blog via RSS or email.



Related Articles That Might Interest You

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Categories: Ethical Hacker Roundup

Tags: ,

About the Author:

Marketing at Pivot Point Security