In a bid to assess the resilience of North America’s power sector, the North American Electric Reliability Corp (NERC) has revealed finalisation of cybersecurity stress-tests.
The comprehensive simulation played out over two days, comprising emergency response plans and recovery strategies designed to combat potential physical and cyber security strikes.
The measures follow a series of alarming incidents of cybercriminals targeting power facilities across Washington state, South Carolina, Maryland and other parts of the US, which left thousands of citizens without power.
Manny Cancel, NERC’s senior VP leading the Electricity Information Sharing and Analysis Center (E-ISAC), highlighted the efforts being made to mitigate growing risks associated with bad actors trying to infiltrate the national network; the biggest US-wide security operation to date took place in mid-November, with over 250 participants from government agencies, electric and natural gas industries collaborating.
The rapid evolution of technology, geopolitical events and increasing sophistication of hacking techniques have been listed by NERC as major contributors to the growing cyber menace currently facing the electric grid in the US and wider business communities.
In sync with these messages, the Federal Energy Regulation Commission has been outspoken of the potentially disastrous effects that a coordinated cyberattack could have on vulnerable infrastructures, particularly as winter sets in and resources stretch.
The US Department of Energy’s records reveal a spike in human-related incidents, including physical vandalism and cyber events, with 95 reported through the first two quarters of 2022. The figures surpass those of previous years since the turn of the millennium. This summer, a NERC report put a call out for stronger cybersecurity training for business workforces, and for improved standards in the power sector to mitigate risks from AI tech, and cloud migration.
Speaking exclusively to PrivSec Global, “The Privacy CIO” Martin Gomberg commented on the challenges posed by cloud usage:
“We face new risk. We do business in the cloud where our visibility is minimal. Our defences in the cloud are not technical defences that we select, implement, configure, monitor, and control, they are technologies implemented by others. It is not our teams watching out for our interests, it is others…”
Know the risks
As businesses worldwide navigate complex and evolving cyber threats, it’s never been more critical to bolster digital defences and optimise strategy.
The themes fall into focus at PrivSec Global this November, where experts discuss key web-based threats to look out for and how companies must adapt to combat them successfully.
Dive into the conversation at these exclusive sessions at PrivSec Global:
→ Zero trust: Rethink security, and redefine resilience
- Day 1: Wednesday 29th November 2023
- 11:30am - 12:15pm GMT
With the rise of remote and hybrid work, organisations have grappled to secure their digital ecosystems, providing cybercriminals with fresh grounds in unsecured home networks, personal devices, and weak authentication practices.
To navigate the hybrid world securely, traditional cybersecurity approaches may no longer suffice in protecting organisations from the increasing sophistication of cyber threats. As cyber threats continue to evolve, Zero Trust is set to play a critical role in safeguarding organisations and ensuring a resilient cybersecurity strategy for the modern era.
→ Ransomware as a Service (RaaS)
- Day 2: Thursday 30th November 2023
- 17:00 - 17:45pm GMT
Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities.
RaaS is pay-for-use malware enabling attackers to use a platform that provides the necessary hacking code and infrastructure to launch a ransomware campaign.
Take a deep-dive into these evolving tactics, their impacts on businesses, and countermeasures against this digital extortion ecosystem.
→ Cyber risks to critical infrastructure are on the rise
- Day 2: Thursday 30th November 2023
- 17:30 - 18:15pm GMT
Given the Russia-Ukraine war, cyber-attacks and threats have grown exponentially, and the level of sophistication of these attacks is permanently evolving.
Companies now need to be extra prepared, with devices such as cameras, smart speakers, or locks and commercial appliances being potential entry points for attackers. Join us to find out how to survive this chronic state of cyber fear.
Discover more at PrivSec Global
As regulation gets stricter – and data and tech become more crucial – it’s increasingly clear that the skills required in each of these areas are not only connected, but inseparable.
Exclusively at PrivSec Global on 29 & 30 November 2023, industry leaders, academics and subject-matter experts unite to explore these skills and the central role they play within privacy, security and GRC.