Record fines come on the heels of warnings about cyber risk

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Record fines come on the heels of warnings from US Intelligence warning of a growing risk to our utility providers.  Similar warnings have been issued for law firms, higher education, and small businesses, so this information is relevant to a wide spectrum of organizations who may need to review how they are protecting their data and systems.

The North American Electric Reliability Corp. (NERC) imposed its stiffest fine to date for violations of Critical Infrastructure Protection (CIP) cybersecurity regulations.  Unnamed sources have named Duke Energy Corp as a subject of fines, but NERC has not officially shared details of the investigation and citations.  Parts of the report that have been released point out weaknesses that are not unique to utilities, including:

  • Failure to deny access by default
  • Failure to enable ports and services needed for operations
  • Failure to monitor cyber assets

Other utilities can refer to NERC CIP Standards, and others may want to perform a gap assessment using the National Institute of Standards and Technology Cyber Security Framework to identify areas that may not be covered by current controls, policies or procedures.

 

Tracy Fox
+ posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search