Created on: 9/30/2020 GridEx VI Fact Sheet The GridEx VI Fact Sheet provides an overview of the goal and objectives, planning, participation, and key dates for GridEx VI.
Created on: 10/15/2020 2020 E-ISAC Long-Term Strategic Plan The Electricity Information Sharing and Analysis Center’s (E-ISAC) Long-Term Strategic Plan has three primary focus areas—Engagement, Information Sharing, and Analysis—and embraces the following ongoing needs: review priorities...

The Electricity Information Sharing and Analysis Center’s (E-ISAC) Long-Term Strategic Plan has three primary focus areas—Engagement, Information Sharing, and Analysis—and embraces the following ongoing needs: review priorities under each focus area, ensure alignment between priorities, optimize resource allocation, and develop, refine, and track metrics to measure progress.

 

In 2019, the E-ISAC took steps to improve the efficiency of operations and prioritize higher impact activities. The E-ISAC strengthened its leadership and security operations and reorganized to align and optimize cyber and physical security teams as part of an integrated watch operations team. The E-ISAC also focused on developing Portal postings and products that offer greater context and more actionable information. In addition, the E-ISAC created a performance management group to oversee the implementation of process improvements, technology, and metrics to improve the quality, timeliness, and value of information sharing, data management, and analysis.

 

This plan provides updates to reflect those improvements and identifies near- and long-term focus areas.

Created on: 2/11/2021 FBI, CISA, EPA, and MS-ISAC Issue Joint Cybersecurity Advisory on Compromise of Water Treatment Facility Summary: On February 11 th , 2021, a join cybersecurity advisory, which was co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the...

Summary:
On February 11th, 2021, a join cybersecurity advisory, which was co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on the recent compromise of a U.S. water treatment facility, was released.

The E-ISAC is re-sharing that advisory for your situational awareness:

Advisory Summary:

On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cyber-security weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have observed cyber criminals targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems. Desktop sharing software, which has multiple legitimate uses—such as enabling telework, remote technical support, and file transfers—can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Windows 7 will become more susceptible to exploitation due to lack of security updates and the discovery of new vulnerabilities. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Continuing to use any operating system within an enterprise beyond the end of life status may provide cyber criminals access into computer systems.

For more information, please see the full document attached to this bulletin. 

Created on: 3/1/2021 CYBER STORM 2020 Final Report On August 10-14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) conducted Cyber Storm 2020 (CS 2020), the seventh iteration of the national capstone cyber exercise that brings together the public and private sectors to simulate...

On August 10-14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) conducted Cyber Storm 2020 (CS 2020), the seventh iteration of the national capstone cyber exercise that brings together the public and private sectors to simulate response to a cyber crisis impacting the Nation’s critical infrastructure.

Cyber Storm exercises are part of CISA’s ongoing efforts to assess and strengthen cyber preparedness and examine incident response processes. The exercise findings contribute to safeguarding the Nation’s security and cyber infrastructure by identifying ways to strengthen coordinated incident response along the whole-of-Nation approach outlined in the National Cyber Incident Response Plan (NCIRP).

CISA sponsors the exercise series to improve capabilities of the cyber incident response community, encourage the advancement of public-private partnerships within the critical infrastructure sectors, and strengthen the relationship between the Federal Government and its government partners at the state, local, and international levels.