HackDig : Dig high-quality web security articles

4 Steps for Assessing Your NERC CIP Compliance Program

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP is a bur
Publish At:2021-01-25 01:32 | Read:324 | Comments:0 | Tags:Regulatory Compliance Critical Infrastructure NERC CIP Tripw

FERC Releases Staff Report on Lessons Learned from CIP Audits

In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) audits performed in conjunction with staff from Regional Entities and the North American Electric Reliability
Publish At:2020-12-02 02:44 | Read:546 | Comments:0 | Tags:ICS Security audits FERC lessons learned NERC CIP

FERC Approves Deferment of 3 CIP standards

Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension officially on April, 17th with this order.Having approved NERC’s petition submitted on April 6th, FERC officially pushes
Publish At:2020-04-21 10:28 | Read:1244 | Comments:0 | Tags:NERC CIP compliance cybersecurity regulation Energy regulato

Finally Some Good News: NERC Proposes Deferment of 3 CIP standards

Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3 PRC standards) for three months due to the national emergency declared on March 13th by President Trump. As the orig
Publish At:2020-04-07 23:38 | Read:1639 | Comments:0 | Tags:NERC CIP cybersecurity regulation NERC CIP standards

Top 10 State of Security Articles of 2016

With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year.6 Stages of Network Intrusion and How to Defend Against ThemIn June, David Bisson wrote up an article around a
Publish At:2016-12-29 23:50 | Read:7770 | Comments:0 | Tags:Off Topic Hacker ics NERC CIP Phishing ransomware scam

Software Monitoring for NERC CIP – What, Why and How – Part 2

In Part 1 of this series, I walked through the background of the NERC CIP v5 controls and outlined what needs to be monitored for NERC CIP software requirements. In this final part of the series, we will take what we have learned and explore approaches for meeting the requirements, while considering security value. NERC CIP is supposed to be for security, af
Publish At:2016-07-21 14:15 | Read:6001 | Comments:0 | Tags:Featured Articles NERC CIP security software _NERC

Software Monitoring for NERC CIP: What, Why and How – Part 1

The momentous NERC CIP v5 deadline of July 1 is now behind us.Considerable work has been done by all NERC registered entities, but there is still considerable work ahead. Some entities are still working on implementing or automating required controls. On top of that effort, the time bound process requirements (e.g. review X every Y days) kicked in on July 1.
Publish At:2016-07-13 04:45 | Read:5059 | Comments:0 | Tags:Featured Articles NERC CIP CIS security software

Don’t Let the Lights Go Out on Critical Infrastructure Security

As cyberattack prevention becomes an increasingly critical focus of homeland security efforts, industry observers are taking a closer look at the readiness of the nation’s critical infrastructure. Some believe there is reason to worry. Researchers recently revealed that many industrial systems, including some used in public utilities, come with default passw
Publish At:2016-03-11 14:30 | Read:4502 | Comments:0 | Tags:Security Critical Infrastructure Security ISO 15408 NERC CIP

NERC CIP Audits: Top 10 Common Mistakes

I spent quite a while on the road while working at NERC for about seven years. I believe at one point I had over 130+ nights stayed during a single year. One of the many roles I had while at NERC was as a compliance program auditor for NERC CIP audits and compliance investigations. I picked up some common mistakes I have seen from entities across the entire
Publish At:2016-01-08 08:25 | Read:8438 | Comments:0 | Tags:Featured Articles NERC CIP Regulatory Compliance audits comp

Honeywell Patches Vulnerabilities in Its Midas Gas Detectors

Honeywell, an American multinational company that produces consumer and commercial products, aerospace systems, and engineering services, has patched two vulnerabilities in its Midas gas detectors.According to an alert issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the vulnerabilities affect versions 1.13b1 and earlier of
Publish At:2015-12-08 11:00 | Read:5012 | Comments:0 | Tags:Latest Security News Honeywell ics ICS-CERT Midas NERC CIP

The Top Five NERC CIP Audit Fails

The power and electric industry has one underlying mission: the reliable delivery of electricity. Many in the industry see audit requirements, such as the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards to be a major distraction from their core mission. Nevertheless, the industry is m
Publish At:2014-10-22 10:35 | Read:4420 | Comments:0 | Tags:NERC CIP Regulatory Compliance audit CIP _NERC