Record fines come on the heels of warnings about cyber risk

Record fines come on the heels of warnings from US Intelligence warning of a growing risk to our utility providers.  Similar warnings have been issued for law firms, higher education, and small businesses, so this information is relevant to a wide spectrum of organizations who may need to review how they are protecting their data and systems.

The North American Electric Reliability Corp. (NERC) imposed its stiffest fine to date for violations of Critical Infrastructure Protection (CIP) cybersecurity regulations.  Unnamed sources have named Duke Energy Corp as a subject of fines, but NERC has not officially shared details of the investigation and citations.  Parts of the report that have been released point out weaknesses that are not unique to utilities, including:

  • Failure to deny access by default
  • Failure to enable ports and services needed for operations
  • Failure to monitor cyber assets

Other utilities can refer to NERC CIP Standards, and others may want to perform a gap assessment using the National Institute of Standards and Technology Cyber Security Framework to identify areas that may not be covered by current controls, policies or procedures.


Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity.