Quantcast
Channel: Pivot Point Security » Vendor Risk Management
Viewing all articles
Browse latest Browse all 12

Information Security Surprises Keep Energy Organizations Off Balance

$
0
0

These Energy IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles were emailed to us, shared on Twitter @pivotpointsec and our Google+ page, and read in RSS subscriptions this week.

 

Elderly Activists Break Straight Into “Fort Knox” Of Enriched Uranium Storage

Newswires have just reported that, back in July 2012, three elderly anti-nuclear activists, including an 82-year-old nun, cut through fences surrounding the (supposedly) heavily protected Y-12 facility in Oak Ridge, Tennessee, the US government’s only facility for storing weapons grade uranium. They then did a bit of vandalism, and walked on unstopped until they flagged down a security guard’s car and surrendered. The contractor-run complex, built after the 9/11 attacks, has been called “the Fort Knox of uranium” because of its security features.
An investigation revealed that guards routinely ignored motion sensors because they were triggered by wildlife, and a security camera that should have shown the break-in had been broken for months. Recently revised plans to revamp management of contractor-run facilities within the US nuclear weapons complex have been called into question in light of the embarrassing breach.

For nuclear power plants and other energy facilities, managing risk associated with third-party services while achieving business goals is a perennial challenge. Third-party security risks must be identified and addressed, and security incidents investigated and leveraged to drive continuous improvement.

Researcher Finds Security Hole in RuggedCom Networking Equipment

The US Department of Homeland Security recently began looking into a cybersecurity researcher’s claims that specialized network systems sold by Siemens’ RuggedCom division contains flaws that could enable hackers to attack power plants and other critical infrastructure where the equipment is deployed.

An expert in securing industrial control systems revealed at a recent industry conference that he had been able to spy on traffic moving through the networking equipment. Hackers exploiting this security flaw could gain credentials to access the computer systems that control power plants. Many utility companies rely on the RuggedCom systems to enable communications with remote power stations. “If you get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” the researcher said.

President Obama Drafts Executive Order to Salvage National Cybersecurity

Frustrated by Congress’ failed efforts to pass cybersecurity legislation this summer, President Obama has circulated an executive order that would circumvent the legislature and finally implement a comprehensive cybersecurity policy.

Experts have long been trumpeting that America’s critical infrastructure, including the power grid and energy pipelines, are increasingly vulnerable to cyberattacks that could lead to economic disaster and massive loss of life.

In its current form, the executive order would allow federal agencies to propose new security standards for critical infrastructure, and to create a “council of federal agencies” that reports directly to the President on cyberthreats. The order also provides for voluntary standards for companies, and outlines new regulations covering the most vital infrastructure.

 

Securing the Grid

Your Energy IT Security concerns can and should be addressed by an independent and objective Information Assurance firm. Pivot Point Security can enable your energy company to align its key initiatives with security best practices to ensure the integrity of the grid. See how we can help.
Related Articles That Might Interest You

The post Information Security Surprises Keep Energy Organizations Off Balance appeared first on Pivot Point Security.


Viewing all articles
Browse latest Browse all 12

Trending Articles