In May, 2014 the US Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued a report confirming several recent attacks on public utilities from the first quarter of 2014. DHS confirmed that a sophisticated threat actor gained unauthorized access to an unnamed public utility’s control system network.
Incidents of this type haven’t been as widely publicized as recent retail breaches, but it is believed by many that there are far more incidents occurring within the Energy Sector than are heard about in the press. Lack of enforced and implemented policy and compliance, poor capability for early detection of threat indicators, and lack of visibility and automation may all be contributing to failure in rapidly detecting attacks and breaches.
Essential Power™ (formerly known as North American Energy Alliance) is a wholesale power generator and marketer providing electric energy and located in the North Eastern United States. Essential Power will share a case study on its own journey towards achieving NERC CIP compliance within a very short five-month timeline, and how they did it.