U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Security

Energy Sector – Presented the Cybersecurity Framework Implementation Guidance

The US Energy Department issued the guidance “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry. The Energy industry is constantly under attack, the number of hacking campaigns that are targeting the sector is increasing exponentially. Energy companies and utilities have to adopt a proper cyber security posture in order to mitigate the […]

Energy Sector – Presented the Cybersecurity Framework Implementation Guidance

The US Energy Department issued the guidance “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry.

The Energy industry is constantly under attack, the number of hacking campaigns that are targeting the sector is increasing exponentially. Energy companies and utilities have to adopt a proper cyber security posture in order to mitigate the cyber threats. Some of the pillars for the approach of cyber security in the Energy industry are the development of efficient risk management strategies, the adoption cyber best practices and the sharing of information regarding the threats, the incidents and the countermeasures.

On Jan. 8, the US Energy Department has released a voluntary guidance, titled “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry. The Energy Sector Cybersecurity Framework Implementation Guidance was prepared in response to the Cybersecurity Framework released by the National Institutes of Standards and Technology in 2014. The document highlights the necessity to improve the collaboration between the private industry and government entities to mitigate cyber threats.

 

The guidance proposes principles and effective practices of risk management to develop a comprehensive cybersecurity framework necessary to improve the security and resilience of critical infrastructure in the Energy sector.

“The U.S. Department of Energy (DOE), as the Energy Sector-Specific Agency, worked with the Electricity Subsector and Oil & Natural Gas Subsector Coordinating Councils along with other Sector-Specific Agencies to develop this Framework Implementation Guidance specifically for energy sector owners and operators. It is tailored to the energy sector’s risk environment and existing cybersecurity and risk management tools and processes that organizations can use to implement the Framework. ” reads the guidance.

The Energy Sector Cybersecurity Framework Implementation Guidance is designed to assist the organizations operating in the energy sector to:

  • Evaluate the current level of cyber security reached by the organization.
  • Characterize a target cybersecurity posture.
  • Characterize existing cybersecurity risk management programs identifying gaps and possible improvement in compliance with the Guidance. It is suggested to prioritize the gaps based on the potential damages caused by a cyber attack.
  • Identify existing sector tools, standards, and guidelines that could be adopted to support the implementation of an effective cyber security framework.
  • Effectively demonstrate and communicate the risk management approach and the use of the Framework to both internal and external stakeholders.

The Energy Sector Cybersecurity Framework Implementation Guidance shows how organizations that adopt C2M2 can align their security posture with the specification of the NIST Framework. The guidance also proposes a range of other existing tools and practices that can support the adoption of a Cybersecurity Framework. The Guidance was accepted positively by organizations operating in the Energy Sector that consider it a guidance that was developed by the industry, for the industry.

Energy organizations are a privileged target of cyber attacks for this reason the implementation of the NIST Cybersecurity Framework is a necessary step to secure our society.

Pierluigi Paganini

(Security Affairs –  Energy Sector Cybersecurity Framework Implementation Guidance, US Energy Department)