March Event - CYBER STRIKE WORKSHOP
The training will offer attendees a hands-on, simulated demonstration of a cyber-attack, drawing from elements of the December 2015 Ukraine cyber incident. The workshop will be conducted by utilizing a series of exercises/labs listed below that workshop attendees will have to work through in teams. Other topics that will be referenced include the North American Electric Reliability Corporation (NERC) alert related to the 2015 Ukraine cyber incident and the applicability of NERC Critical Infrastructure Protection (CIP) reliability standards* for such an incident. However, the primary focus will not be standards, but rather understanding the Ukraine cyber incident from a technical perspective to enhance cyber preparedness.
experts will come together to share ideas, methods, and techniques for defending control systems. In-depth
presentations and interactive panel discussions will highlight real-world approaches that work and make a difference
for the individuals fighting this fight every day.
Update to OE-417
The updated OE-417 form is going through the White House Office of Management and Budget (OMB) review now after two rounds of public comment. Since the updated form is under review, the current version will stay in effect until the new version is approved. DOE will update the website with a message noting the continued use of the current version pending recertification.
A new program aims to increase involvement and enhance collaboration and information sharing between member utilities of The North American Electric Reliability Corporation (NERC) Electricity Information Sharing and Analysis Center (E-ISAC). E-ISAC, in partnership with the Large Public Power Council, began an initiative in January called the Industry Augmentation Program, which invites utility staff for multi-day visits to work with E-ISAC personnel. The Industry Augmentation Program aims to raise awareness of E-ISAC cyber and physical security analysis processes, data protection and the separation from NERC’s compliance functions, provide an avenue for the E-ISAC to receive feedback from industry on tools and communications protocols and strengthen utility security programs and staff expertise. “This program highlights the benefit of multi-directional information sharing between the E-ISAC and industry,” Bill Lawrence, director of the E-ISAC, said.
The cyber research firm Dragos today detailed the operations of a suspected Russian hacker group that focuses on penetrating critical infrastructure networks. The group, which Dragos calls ALLANITE, “accesses business and industrial control (ICS) networks, conducts reconnaissance and gathers intelligence in United States and United Kingdom electric utility sectors,” according to a newly published profile, the first in a series about infrastructure-focused hacking teams. Dragos said that ALLANITE hackers “continue to maintain ICS network access” so they can “understand the operational environment necessary to develop disruptive capabilities” and be ready to disrupt those systems when called upon to do so. The company, which does not attribute hacking groups to nation-states, acknowledged that ALLANITE'S “activity closely resembles” a Russian cyber intrusion campaign that U.S. officials have dubbed Palmetto Fusion. “Russian government cyber actors ... targeted small commercial facilities’ networks where they staged malware, conducted spear phishing and gained remote access into energy sector networks,” DHS said in a March 15 alert. Dragos said that ALLANITE uses spearphishing and malware-laden websites to harvest the login information necessary to penetrate networks. So far, the company said, ALLANITE campaigns “limit themselves to information gathering and have not demonstrated any disruptive or damaging capabilities.”
A Radware blog post has identified a new malware campaign- "Nigelthorn"- aimed at the Facebook network that not only steals account credentials, but also installs a covert cryptominer. The malware abuses a legitimate Google Chrome extension called Nigelify, from where the malware campaign derives its name.