Created on: 3/26/2018 Army Cyber Institute Bi-Weekly Cyber Threat Report (Mar 1 - 16 2018) Russian Cyber Activity Targeting Critical Infrastructure Chinese Hackers Hit U.S. Firms Linked to South China Sea Iranian Threat Group Tactics New Developments in Cyber-Crime as a Service  
Created on: 1/19/2018 CPUC White Paper on Security and Resilience for California Electric Distribution Infrastructure California Public Utilities Commission (CPUC) recently published the following white paper discussing post-Metcalf physical security initiatives, processes, and procedures. The following excerpt serves as an executive summary of the document. The...
California Public Utilities Commission (CPUC) recently published the following white paper discussing post-Metcalf physical security initiatives, processes, and procedures. The following excerpt serves as an executive summary of the document. The white paper in it’s entirety is attached for download. Executive Summary: The April 2013 sniper attack on Pacific Gas and Electric’s Metcalf substation has been described as a “wake-up call” or an alarm for the electric utility industry to apply closer scrutiny to the vulnerability of key infrastructure to various kinds of attack – whether physical, as in the Metcalf shooting, or in the form of cyber-attacks that might impair physical operations. The white paper goes into detailed discussion of three major topics. The first is about identifying a process for the prioritization of strategic electrical facilities and determining appropriate security measures or approaches to ensuring resiliency of the system. The second discusses establishing practices for the exchange of highly-confidential or “sensitive” information between utilities and the Commission. The last topic goes into confirming whether existing incident reporting requirements are adequate. These three subject areas are examined with an eye toward ensuring appropriate regulatory oversight of jurisdictional utility operational performance, and providing a mechanism for entities not subject to CPUC ratemaking authority to identify their own most appropriate measures.
Created on: 5/22/2018 CYBER SECURITY RISKS POSED BY UNMANNED AIRCRAFT SYSTEMS The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining...

The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.

Created on: 2/13/2017 E-ISAC 2016 End of Year Report.pdf Throughout 2016, the E-ISAC collected, analyzed, and shared information on physical and cyber security issues, and this report is a review of the main issues covered over the year. The information came from open source reporting, electricity...

Throughout 2016, the E-ISAC collected, analyzed, and shared information on physical and cyber security issues, and this report is a review of the main issues covered over the year. The information came from open source reporting, electricity members, and federal partners and includes the E-ISAC's analytical summary of those collective reports. This report looks at how the E-ISAC may further identify trends and patterns benefitting members.

Created on: 12/14/2018 For Awareness: NIAC Report on Power Outages   The President’s National Infrastructure Advisory Council (NIAC) recently published a draft report titled: Surviving a Catastrophic Power Outage: How to Strengthen the Capabilities of the Nation . The EISAC is working with the...

 

The President’s National Infrastructure Advisory Council (NIAC) recently published a draft report titled: Surviving a Catastrophic Power Outage: How to Strengthen the Capabilities of the Nation. The EISAC is working with the Electricity Subsector Coordinating Council and our members to address the report’s recommendations. Please find it attached and available online here.

Created on: 8/10/2018 GridSecCon Agenda GridSecCon 2018 Agenda - a great lineup, we look forward to seeing you there!
Created on: 5/22/2018 TLP WHITE - Daily Aviation Memo, May 22, 2018 Attached please find the Aviation-ISAC Daily Aviation Memo for Tuesday May 22, 2018. Should you have any questions concerning content in the Aviation-ISAC Daily Aviation Memo , please contact operations@eisac.com . 
Created on: 3/29/2018 TLP: WHITE GridEx IV Public Lessons Learned Report NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and...

NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and government agencies, GridEx IV consisted of a two-day distributed play exercise and a separate executive tabletop on the second day. The exercise provided an opportunity for various stakeholders in the electricity sector to respond to simulated cyber and physical attacks that affect the reliable operation of the grid, fulfilling NERC’s mission to assure the effective and efficient reduction of risks to the reliability and security of the BPS. Led by NERC’s E-ISAC, GridEx IV was the largest geographically distributed grid security exercise to date. Electric utilities continue to use the planning materials for separate exercises with NERC, government, and consultant support.

Created on: 4/7/2017 TLP_WHITE_E_ISAC_Guidance_4_2017.pdf The E-ISAC employs the Traffic Light Protocol (TLP) developed by DHS US-CERT for designating the information/documents posted to the E-ISAC Portal, and as a way to instruct entities as to whether and with whom they may share such...
The E-ISAC employs the Traffic Light Protocol (TLP) developed by DHS US-CERT for designating the information/documents posted to the E-ISAC Portal, and as a way to instruct entities as to whether and with whom they may share such information/documents. The TLP definitions were updated in September 2016.