Sunday, January 29, 2023

What I am Reading 1/29/2023

 NERC-CIP Stuff - Alexa, can you tell me when my grid is hacked?

Within the next 2-3 years, if you are a NERC Registered Entity with high impact or medium impact with ERC BES cyber systems, you will need to baseline your network traffic for all applicable cyber assets inside the ESP and look for anomalies beyond the traditional anti-malware and port-restriction controls already in place as part of the existing CIP standards. Examples of anomalies could be, among other things, accounts used in ways they shouldn’t be or new unexpected devices on the network or sending legitimate commands to control systems in ways that could stop or degrade the system. Further, you will need to record/log the traffic information and protect that information from misuse.

RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach

Race to zero: Can California’s power grid handle a 15-fold increase in electric cars?

EVs Are Essential Grid-Scale Storage

Russia’s Sandworm hackers blamed in fresh Ukraine malware attack

National Security Agency | Cybersecurity Information Sheet | IPv6 Security Guidance

Trained developers get rid of more vulnerabilities than code scanning tools

Microsoft will stop selling Windows 10 on January 31, but workarounds remain

NIST working on ‘potential significant updates’ to cybersecurity framework

The Concept Paper - NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch

Why are so many tech companies laying people off right now?

Kevin Mitnick Hacked California Law in 1983

Google Is Screwed, Even If It Wins Its Antitrust Case

Two Supreme Court Cases That Could Break the Internet

Hackers abuse legitimate remote monitoring and management tools in attacks

No comments: