Kevin Thomas, CISSP, PCI QSA, CRISC, HITRUST’s Post

Electricity providers in Europe will soon have to perform cybersecurity risk assessments for regulators, including disclosing incidents, reporting threats and implementing safeguards, under coming rules that aim to prevent hacks from causing blackouts in multiple countries.

Coming rules regarding cybersecurity that aim to prevent hacks from causing blackouts in multiple countries #futureworktrends #technologywizards (in-article links/comments) Full WSJ Pro Cybersecurity article: https://lnkd.in/g8XAWyBt

New EU cyber rules that mandate audits every three years are a commendable step toward enhancing the resilience of our power grids against cyber threats. However, the real effectiveness of these measures hinges not just on periodic assessments, but on the robust testing of security controls. The current system suffers from significant delays between the identification of security issues and the implementation of solutions, which can compromise grid integrity. Identifying vulnerabilities is crucial, but promptly addressing these weaknesses is table stakes. To truly safeguard our power systems, we need to shift towards continuous improvement in cybersecurity practices. This includes ongoing assessments, monitoring, and remediation to close the gap between problem recognition and action. This proactive approach is not just vital for the EU; it should be a model for other regions, including the United States. With increasing threats to critical infrastructure, such as water and wastewater systems—which represent a vulnerable aspect of national security—the need for continuous cybersecurity measures is more pressing than ever. Source: Catherine Stupp at The Wall Street Journal https://lnkd.in/ePwuZuym #cybersecurity #criticalinfrastructure #strategy #energy

https://lnkd.in/e-_MVD96 National Grid is preparing to deploy “honeypots” ahead of a government deadline to upgrade its cyber security defences under the UK Network and Information Systems Regulations act. Energy regulator Ofgem has set a December 2023 deadline for gas and electricity companies to comply with newly-tightened rules. #cyber #cyberriskmanagement #cni #criticalinfrastructureprotection #executivesearch Howgate Sable

The European Commission has adopted the first-ever EU #network code on #cybersecurity for the electricity sector (C/2024/1383) It will support a high, common level of cybersecurity for cross-border electricity flows in Europe. The dossier now passes to the Council and European Parliament to scrutinise the text and the rules will enter into force once this period is over. The network code aims to establish a recurrent process of cybersecurity risk assessments in the #electricity sector. These assessments are aimed at systematically identifying the entities that perform digitalised processes with a critical or high impact in cross-border electricity flows, their cybersecurity risks, and then the necessary mitigating measures that are needed. For that, this network code establishes a #governance model that uses and is aligned with existing mechanisms established in horizontal EU legislation, notably the revised Network and Information Security Directive (#NIS2).

Re cyber governance culture in the US electricity sector, a blunt assessment. (From the latest edition of SANS NewsBites.)

National Grid removes Chinese-made equipment from UK's electricity network over cybersecurity concerns 🚨 The UK's National Grid has reportedly removing Chinese-made equipment from its electricity network over cybersecurity concerns. The move comes after consulting with the National Cyber Security Centre (NCSC). The equipment being removed is used to manage communication between energy projects and the grid, and to balance the grid to minimize the risk of blackouts. This is the latest example of a Chinese company being ousted from the UK's critical infrastructure network over cybersecurity concerns. In 2020, the UK banned Huawei from its 5G network. The UK government is concerned that Chinese companies could be compelled by the Chinese government to share sensitive data. This move is likely to further strain relations between the UK and China. https://lnkd.in/etGmPSGt #cybersecurity #CNI

The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. https://lnkd.in/gu-sB8BY

The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. https://lnkd.in/ehri4jiQ

The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. https://lnkd.in/e8NaXr8Y