Critical Infrastructure

On August 27, 2019, the Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) issued a White Paper proposing to disclose the names of entities that violate Critical Infrastructure Protection (CIP) standards, while continuing to withhold other details of those violations. This significant change in policy reflects broader issues in FERC’s handling of security information.
Continue Reading

Recent press reports indicate that a cyber-attack disabled the third-party platform used by oil and gas pipeline company Energy Transfer Partners to exchange documents with other customers. Effects from the attack were largely confined because no other systems were impacted, including, most notably, industrial controls for critical infrastructure. However, the attack comes on the heels of a Federal Bureau of Investigation and Department of Homeland Security (“DHS”) alert warning of Russian attempts to use tactics including spearphishing, watering hole attacks, and credential gathering to target industrial control systems throughout critical infrastructure, as well as an indictment against Iranian nationals who used similar tactics to attack private, education, and government intuitions, including the Federal Energy Regulatory Commission (“FERC”). These incidents are raising questions about cybersecurity across the US pipeline network.
Continue Reading