Created on: 5/22/2018 TLP WHITE - Daily Aviation Memo, May 22, 2018 Attached please find the Aviation-ISAC Daily Aviation Memo for Tuesday May 22, 2018. Should you have any questions concerning content in the Aviation-ISAC Daily Aviation Memo , please contact operations@eisac.com . 
Created on: 5/22/2018 CYBER SECURITY RISKS POSED BY UNMANNED AIRCRAFT SYSTEMS The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining...

The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.

Created on: 3/29/2018 TLP: WHITE GridEx IV Public Lessons Learned Report NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and...

NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and government agencies, GridEx IV consisted of a two-day distributed play exercise and a separate executive tabletop on the second day. The exercise provided an opportunity for various stakeholders in the electricity sector to respond to simulated cyber and physical attacks that affect the reliable operation of the grid, fulfilling NERC’s mission to assure the effective and efficient reduction of risks to the reliability and security of the BPS. Led by NERC’s E-ISAC, GridEx IV was the largest geographically distributed grid security exercise to date. Electric utilities continue to use the planning materials for separate exercises with NERC, government, and consultant support.

Created on: 3/26/2018 Army Cyber Institute Bi-Weekly Cyber Threat Report (Mar 1 - 16 2018) Russian Cyber Activity Targeting Critical Infrastructure Chinese Hackers Hit U.S. Firms Linked to South China Sea Iranian Threat Group Tactics New Developments in Cyber-Crime as a Service  
Created on: 1/19/2018 CPUC White Paper on Security and Resilience for California Electric Distribution Infrastructure California Public Utilities Commission (CPUC) recently published the following white paper discussing post-Metcalf physical security initiatives, processes, and procedures. The following excerpt serves as an executive summary of the document. The...
California Public Utilities Commission (CPUC) recently published the following white paper discussing post-Metcalf physical security initiatives, processes, and procedures. The following excerpt serves as an executive summary of the document. The white paper in it’s entirety is attached for download. Executive Summary: The April 2013 sniper attack on Pacific Gas and Electric’s Metcalf substation has been described as a “wake-up call” or an alarm for the electric utility industry to apply closer scrutiny to the vulnerability of key infrastructure to various kinds of attack – whether physical, as in the Metcalf shooting, or in the form of cyber-attacks that might impair physical operations. The white paper goes into detailed discussion of three major topics. The first is about identifying a process for the prioritization of strategic electrical facilities and determining appropriate security measures or approaches to ensuring resiliency of the system. The second discusses establishing practices for the exchange of highly-confidential or “sensitive” information between utilities and the Commission. The last topic goes into confirming whether existing incident reporting requirements are adequate. These three subject areas are examined with an eye toward ensuring appropriate regulatory oversight of jurisdictional utility operational performance, and providing a mechanism for entities not subject to CPUC ratemaking authority to identify their own most appropriate measures.
Created on: 8/2/2017 TLP_WHITE_E-ISAC_SANS_Ukraine_DUC_6_Modular_ICS_Malware Final.pdf The Electricity Information Sharing and Analysis Center (E-ISAC) has been working closely with Ukrainian authorities to investigate the December 2016 cyber events which affected Industrial Control Systems (ICS) controlling parts of the country's...
The Electricity Information Sharing and Analysis Center (E-ISAC) has been working closely with Ukrainian authorities to investigate the December 2016 cyber events which affected Industrial Control Systems (ICS) controlling parts of the country's electric infrastructure. This document contains the results of research into the technical nature of the attacks and is a summary of information compiled from multiple publicly available sources as well as analysis performed by the SANS ICS team. Elements of the event provide an important learning opportunity for ICS defenders.
Created on: 5/30/2017 TLP_WHITE_E-ISAC_Portal Access_Control.pdf This document outlines the E-ISAC's current portal access control process.
Created on: 5/12/2017 TLP_WHITE_E-ISAC Long-term Strategic Plan 4-24-2017.pdf The North American Electric Reliability Corporation had its quarterly Board of Trustees meeting on May 11. One issue the meeting focused on was NERC's long-term strategic efforts with the Electricity Information Sharing and Analysis Center...

The North American Electric Reliability Corporation had its quarterly Board of Trustees meeting on May 11. One issue the meeting focused on was NERC's long-term strategic efforts with the Electricity Information Sharing and Analysis Center (E-ISAC). John McAvoy, chair of the Electricity Subsector Coordinating Council's Member Executive Committee, addressed the Board in support of the E-ISAC Long-Term Strategic Plan, saying security is an integral part of industry operations and we live in a dynamic threat environment. In order to continue evolving, we must improve cross-sector collaboration and information sharing. The long-term plan will help the E-ISAC reach its goals, he added. Some of the plan's action items include:

  • Replacing the current web portal with a new “platform” that will enable automatic information sharing, the creation of private discussion groups, data visualization, among other features;
  • Increasing the E-ISAC's capability to collect security intelligence;
  • Hiring specialized analysts;
  • Acquiring additional data storage, management, and sharing technologies; and
  • Increasing the E-ISAC's access to classified networks and facilities.

The plan, which was developed working closely with NERC leadership and the Member Executive Committee, builds on the ESCC's 2015 recommendations and discusses improvements needed in 2017 to address current threats, a look at the mid-term range of 2018-2022 to address emerging threats, and what the E-ISAC might look like beyond 2023 if the forecasted issues continue to develop. The NERC Board of Trustees accepted the plan at the May 11 quarterly meeting.

Created on: 4/7/2017 TLP_WHITE_E_ISAC_Guidance_4_2017.pdf The E-ISAC employs the Traffic Light Protocol (TLP) developed by DHS US-CERT for designating the information/documents posted to the E-ISAC Portal, and as a way to instruct entities as to whether and with whom they may share such...
The E-ISAC employs the Traffic Light Protocol (TLP) developed by DHS US-CERT for designating the information/documents posted to the E-ISAC Portal, and as a way to instruct entities as to whether and with whom they may share such information/documents. The TLP definitions were updated in September 2016.