HackDig : Dig high-quality web security articles for hackers

Joint “CYPRES” Report on Incident Response Released by FERC

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event. The report i
Publish At:2020-09-30 12:20 | Read:110 | Comments:0 | Tags:Featured Articles ICS Security FERC Incident Response and Ma

NERC Publishes Practice Guide for Assessing SVCHOST.EXE

One of our customers (You know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020.North American Electric Reliability Corporation (NERC) seldom releases guidance like this, so they shouldn’t go unnoticed. They’ve publi
Publish At:2020-09-30 12:20 | Read:96 | Comments:0 | Tags:Government ICS Security cybersecurity ICS security SVCHOST.E

So You Want to Achieve NERC CIP-013-1 Compliance…

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a backdoor in third-party accounting software. To safeguard North America’s electricity supply, the North
Publish At:2020-02-09 10:21 | Read:1283 | Comments:0 | Tags:ICS Security CIP-013-1 compliance _NERC

Software Monitoring for NERC CIP – What, Why and How – Part 2

In Part 1 of this series, I walked through the background of the NERC CIP v5 controls and outlined what needs to be monitored for NERC CIP software requirements. In this final part of the series, we will take what we have learned and explore approaches for meeting the requirements, while considering security value. NERC CIP is supposed to be for security, af
Publish At:2016-07-21 14:15 | Read:5564 | Comments:0 | Tags:Featured Articles NERC CIP security software _NERC

5 Types of Partnerships in Information Security

One thing is clear in information security: defending against digital threats today is more challenging than ever.Part of the problem has to do with an increase in the number of threats. For example, the United States Internal Revenue Service in January 2016 received 1,026 reports of tax-related phishing and malware attacks – a 400 percent increase over the
Publish At:2016-07-11 16:15 | Read:3761 | Comments:0 | Tags:Off Topic bsides Information Security malware partnerships T

Unnecessary Risks: Vulnerabilities in ICS Devices

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that’s a controversial statement, let me explain why I make it.Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to their
Publish At:2015-12-03 04:25 | Read:3764 | Comments:0 | Tags:Featured Articles ICS Security ICS Devices risks vulnerabilt

The Top Five NERC CIP Audit Fails

The power and electric industry has one underlying mission: the reliable delivery of electricity. Many in the industry see audit requirements, such as the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards to be a major distraction from their core mission. Nevertheless, the industry is m
Publish At:2014-10-22 10:35 | Read:3961 | Comments:0 | Tags:NERC CIP Regulatory Compliance audit CIP _NERC

Tools

Tag Cloud