U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FERC, NERC joint report on cyber incident response at electric utilities

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices. The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities. The report is based on information […]

Nova Scotia Power

The US FERC and NERC published a study on cyber incident response at electric utilities that also includes recovery best practices.

The U.S. Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) released a study on cyber incident response and recovery best practices for electric utilities.

The report is based on information shared by experts at eight U.S. electric utilities. The idea behind the study is to improve the incident response and incident recovery plans ensuring the reliability of the electric system in case of a cybersecurity incident.

A cyber attack could have a severe impact on the operations of the utilities and consequent economical losses. The incident response and recovery (IRR) plan describes the way the staff at the utility will responds to a incident.

“Establishing clear procedures for handling incidents is a complex undertaking and, though individualized to an organization’s mission, size, structure, and functions, generally contain common elements: (1) they define their scope (to whom they apply, what do they cover, and under what circumstances); and (2) they define computer security events and incidents, staff roles and responsibilities, levels of authority for response (e.g., authority to disconnect equipment), reporting requirements, requirements and guidelines for external communications and information sharing, and procedures to evaluate performance.” reads the study.

While incident response and recovery (IRR) plans provided by the utilities that contributed to the study present many similarities, such as the compliance NIST framework (SP 800-61), there isn’t an optimal model.

Each utility has developed separate plans for responding to the cyber incident depending on the impact on their operational and business networks.

The goal of the NERC and FERC teams were to identify and consolidate a set of practices that could be adopted by electric utilities as best practices for the development of an IRR plan.

In the preparation phase, an effective IRR plan has to include a clear definition of personnel roles, promote accountability, and, where appropriate, empower personnel to take action without unnecessary delays.

An effective IRR plan leverages technology and automated tools along with well-trained personnel.

In the detection and analysis phase, the study recommends the use of baselining to detect potential cyber incidents, and the adoption of a decision tree or flowchart to quickly assess if a specific risk threshold is reached and if certain circumstances qualify as an event.

In the containment and eradication phase, the IRR plan should analyze the impact of the decision taken in the previous phases. The organization should have a deep knowledge of the potential threats, their potential impact, and the countermeasures to deploy to mitigate them.

The IRR plans should consider the resource implications of incident responses of indeterminate length.

In the post-incident activity an effective IRR plans implement lessons-learned from previous incidents and simulated activities identifying clear shortfalls in the IRR plan.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cyber Incident Response)

[adrotate banner=”5″]

[adrotate banner=”13″]