Cybersecurity Archive

Stacy Mill’s First Utility Security Magazine Contribution Provides a Roadmap to Better OT Security Welcome to my first article in Utility Security magazine! It’s an honor to contribute to this community of professionals working to protect critical infrastructure. In this space, I’ll offer insights into the current threat landscape facing utilities, share practical advice on securing operational technology (OT) networks and—most importantly—provoke a chuckle or two. Or at least a polite smirk. Now, you might be wondering why you should read what I have to say. Fair question. I’ve been in IT since I was 19, starting with mainframes and evolving through global networks, data centers and the cloud (which, spoiler alert, is just someone else’s…

In the US, the Cybersecurity & Infrastructure Security Agency (CISA) has identified 16 critical infrastructure sectors ranging from Food and Agriculture to Manufacturing, Communications, Public Health, Transportation, and Energy & Utilities. These sectors are so vital that any incapacitation or destruction would have a debilitating effect on the nation’s stability. Among these sectors, the Energy & Utilities sector stands out for its foundational role in supporting all the others.  A reliable energy supply is crucial for economic growth, public health, and national welfare. Without it, health and welfare would be threatened, and a country’s economy would be at significant risk. As a uniquely critical sector, Energy & Utilit…

As headlines continue to reinforce, cyberattackers are increasingly putting utilities’ operational technology (OT) and Internet of Things (IoT) security to the test—some with the intent of disruption at a societal scale. A recently issued warning by U.S. and international cyber authorities cites efforts by pro-Russian hacktivists to exploit vulnerable OT systems at utilities across North America and Europe. The decentralized nature of U.S. utilities means a wide variety of cybersecurity maturity for individual targets. Authorities ask that utilities shore up protections to their internet-connected infrastructure in order to prevent nefarious actors from gaining remote access to vulnerable systems. While the targets of this particular threa…

The Cybersecurity & Infrastructure Security Agency (CISA) recently launched a Secure By Design initiative that provides guidance for software manufacturers to ship software solutions with security as a core consideration from the earliest stages of their development cycles. We talked with CISA’s Matthew Rogers about the process of building out the initiative and how it will impact utility security. Utility Security Magazine: Tell us more about what inspired this Secure by Design initiative. Matthew Rogers: So, it was in part inspired by a foreign affairs article titled ‘Stop Passing the Buck on Cyber Security.’ Cybersecurity is a global multibillion dollar industry and the scale continues increasing for threats. But as people in the ut…

Earlier this year, the Supreme Court of the United States overturned the decades-old case often referred to as Chevron deference—setting the stage for potential impactful changes to federal agency regulations that utilities must adhere to for current and future cybersecurity regulations. The original 1984 ruling of Chevron U.S.A. v. Natural Resources Defense Council required federal courts to defer to federal agency interpretations of laws or statutes. With this recent 2024 Supreme Court ruling, federal courts will no longer have to defer and can interpret laws and regulations. So, how will this all impact utilities and their cybersecurity efforts? We sat down with Harley Geiger, a cybersecurity law and policy expert from Venable LLP law f…

In November 2023, the North American Electric Reliability Corp. (NERC) and its Electricity Information Sharing and Analysis Center (E-ISAC) conducted the seventh biennial GridEx. “GridEx is one of the largest and most comprehensive security drawings that are done in any critical infrastructure sector,” said Manny Cancel, senior vice president and CEO of E-ISAC. “It has been going on for more than 14 years, and the purpose of the drill is to really exercise and stress our incident response plans in the face of serious cyber and physical security scenarios.” GridEx consists of two components. The first, called Distributed Play, is a two-day span of simulated incidents ranging from cyber and physical attacks on substations to disinformation…

With the rapid advancement of AI and other technologies, utility customers are going to face increasing and more deceptive scam efforts than ever before. This, of course, means that utility organizations will have an increasingly difficult task of educating and informing customers about utility-related scams they may encounter.  Utility Security magazine’s Editor-in-Chief, Curtis Marquardt Jr., sat down with Monica Martinez, the executive director for Utilities United Against Scams (UUAS). UUAS is a consortium of more than 150 U.S. and Canadian electric, water and natural gas utilities and trade associations that is dedicated to combating imposter utility scams by providing a forum for these participating organizations to share data and be…

If you were to Google the term “utility security expert,” a name that appears at the top of the list is Brian Harrell—and for good reason. Harrell has the distinguished honor of having served in key security leadership roles in both the public and private sectors. Currently, Harrell oversees physical security, cybersecurity, privacy, intelligence and business continuity units for Avangrid, an energy company with operations across 25 states. Prior to that, Harrell was appointed by the President of the United States in 2018 to serve as the sixth assistant secretary for infrastructure protection for the Department of Homeland Security. Harrell has also served as the first assistant director for infrastructure security at the Cybersecurity and…

As artificial intelligence solutions continue to grow into the pop culture lexicon, many envision this technology as the beginning of a dystopian nightmare that ends with us cowering away from the red glowing eye of an Arnold Schwarzenegger-skinned robot. But while the threats of a doomed Terminator-esque fate loom in the imaginations of some, others are imagining ways this evolving technology will empower utility cybersecurity professionals to improve their security posture in ways that were previously not possible. We sat down with cybersecurity and AI expert James Edgar to learn about the security threats and solutions that are emerging from AI technology. Utility Security Magazine: So many view AI as a new and emerging technology. But…