This is an updated novel coronavirus (or COVID-19) Resource Guide for the electric power industry. This living document was developed under the direction of the Electricity Subsector Coordinating Council (ESCC), with participation from all segments...

This is an updated novel coronavirus (or COVID-19) Resource Guide for the electric power industry. This living document was developed under the direction of the Electricity Subsector Coordinating Council (ESCC), with participation from all segments of the industry and the natural gas sector. It provides information and options to consider when making localized decisions in response to the current global health emergency.

The updated OE-417 form is going through  the White House Office of Management and Budget (OMB) review now after two rounds of public comment. Since the updated form is under review, the current version will stay in effect until the new...

The updated OE-417 form is going through the White House Office of Management and Budget (OMB) review now after two rounds of public comment. Since the updated form is under review, the current version will stay in effect until the new version is approved. DOE will update the website with a message noting the continued use of the current version pending recertification.

Last week, Tenable published a broad-ranging vulnerability assessment report that claimed to identify four distinct assessment “styles” leveraged by organizations. According to their research, the results provide insight on...

Last week, Tenable published a broad-ranging vulnerability assessment report that claimed to identify four distinct assessment “styles” leveraged by organizations. According to their research, the results provide insight on vulnerability assessment maturation and how to measure it.

In the report, Tenable indicates that the “utilities industry had the highest proportion of the low-maturity Minimalist style overall.” The report also stated that the “utilities industry showed no representatives who followed the mature Diligent style.”

The company states that the report was based on compiling data (methods and results) from 300,000+ scans on 2,100+ individual organizations across 66 countries over a three-month period (March to May 2018). Their report states that they used machine learning algorithms against that data to develop their findings.

Tenable did not clarify what criteria was used to select participant organizations or how each organization was categorized into the eighteen industry categories detailed in the report. They also did not clarify the number of organizations within the “utility” group that were electricity companies.

Tenable is the company behind the commercial version of Nessus, a vulnerability scanner.

On Friday, March 13, the President of the United States (POTUS) held a news conference regarding the global pandemic COVID-19 and declared a national emergency. This declaration will open up $60 billion to help the fight against the virus. Every...

On Friday, March 13, the President of the United States (POTUS) held a news conference regarding the global pandemic COVID-19 and declared a national emergency. This declaration will open up $60 billion to help the fight against the virus. Every state has been requested to set up Emergency Operations Centers and every hospital in the United States is activating emergency preparedness plans to meet the needs of Americans everywhere. The declaration also allows officials at the Department of Health and Human Services the ability to waive laws to enable telehealth so that remote doctor visits are feasible. The National Guard has said that it will deploy a maximum of 1,000 troops in six states by the end of the day (Friday). The Guard is also evaluating military bases across the country to use for “isolation housing” to stock medical supplies.

An announcement was made regarding a new partnership with the private sector to increase the capacity to test for COVID-19. 1.4 million tests are to be available next week and 5 million within a month. Pharmacies and retailers are planning to make drive thru tests available in critical locations so that individuals are able to get tested for the virus while remaining in their vehicles. Google is in the process of developing a website to determine whether or not a test is warranted and if so, to facilitate testing at a convenient location. Labs are to provide results within 24-36 hours after testing. On Sunday evening, the public will receive specific guidance on when the website will be operational.

The President also announced a few emergency Executive actions that have been implemented such as waiving interest in all student loans via helped from federal government agencies. Based on the price of oil, the Secretary of Energy has also purchased large quantities of crude oil for storage in the U.S. strategic reserve. Ultimately, these measures are aiming to save the American taxpayer billions of dollars, improve the oil industry, and help establish energy independence. When questioned about other specific targeted measures that the Administration is taking, the President stated that a report will be released in two hours regarding additional steps.

When questioned on the President’s photograph with an individual that was tested positive for COVID-19, he stated that he has no symptoms. When asked about how long the American people will have to remain in an emergency state, the President stated that it is impossible to predict the time element.

For situational awareness, below please find a message from the Department of Homeland Security regarding working with NASA to secure Drone traffic. U.S. DEPARTMENT OF HOMELAND SECURITY Science and Technology   Snapshot: Working with NASA to...

For situational awareness, below please find a message from the Department of Homeland Security regarding working with NASA to secure Drone traffic.

U.S. DEPARTMENT OF HOMELAND SECURITY

Science and Technology


 

Snapshot: Working with NASA to Secure Drone Traffic [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&100&&&hXXps://www.dhs.gov/science-and-technology/news/2019/02/12/snapshot-working-nasa-secure-drone-traffic]

02/12/2019 09:06 AM EST

In a couple of years, the number of drones in the U.S. national airspace is projected to grow to more than seven million. So many drones together in the air at once has the potential to create serious safety, efficiency and security issues if not regulated. NASA, the Federal Aviation Administration (FAA) and industry have partnered to develop a capability to manage national airspace drone traffic in the future, called the Unmanned Aircraft Systems (UAS) Traffic Management (UTM) infrastructure, rolling out in phases over time.

The UTM is a cloud-based software architecture that promises organized flight of drones registered with the FAA (think of it as air traffic management, but automated and in the cloud). Anyone flying in the UTM system will need an interface to a UAS Service Supplier (USS) to submit flight intent to other users and receive authorizations for specific access.  This will allow the drones to communicate with UTM for pre-flight schedules and announce airspace use.

Because heightened drone traffic also produces challenges for law enforcement as they try to identify and interdict illicit activity, the Department of Homeland Security (DHS) Science and Technology Directorate [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&101&&&hXXps://www.dhs.gov/science-and-technology] (S&T) is working closely with NASA and the FAA to develop its own independent USS to monitor traffic and enable greater transparency.

Anonymous no more

USS interfaces could be developed in-house by a drone user that has the resources to develop their own, or more likely, they would connect through a third-party interface—in this respect, a USS works like an email server where you send your email on the internet through your internet provider.

Communication between UTM and different USS interfaces is meant to support the needs of the FAA, such as the managing flight plans. In addition, counter-drone systems can potentially use flight information and assist in discriminating friend from foe.

One S&T-supported counter-drone system in development, the Urban Counter-UAS Operational Prototype (UCOP), will be connected to UTM via the aforementioned DHS USS. The UCOP USS software processes flight information and notes any drones not identified as registered in UTM.

“If you have eleven drones in the air, but UTM only has ten of them registered, we can look further at what the eleventh drone is doing,” said Jeff Randorf, an S&T engineering advisor. “We’ll be able to query who is flying and find out specifics that support the interests of Homeland Security and the rest of the homeland security enterprise.”

Through the Low Altitude Authorization Notification Capability (LAANC) drone operators can get authorization(s) in near real-time to operate in controlled airspace, eliminating a sometimes days- or months-long manual process. UTM USS’s that are integrated with LAANC will communicate with each other over the Internet while operators connect to a USS via mobile devices, wired internet, or other electronic means.  Core features of a USS interface will be automated communication with FAA information systems, notification of events in airspace, and sharing of operational plans to de-conflict flights. Other services may be offered by a USS or other data providers and may include monitoring of weather and terrain data.

S&T’s USS and UCOP systems will work to ensure drones that are not authenticated receive special attention while flying in the national airspace.

Flying forward

NASA’s UTM system can serve as a resource to help counter any illicit drone activity arising from a higher volume of drone traffic, and the DHS USS, paired with UCOP and other tools like it is a step further in that effort.

Drone demonstrations and trials through S&T’s Robotic Aircraft Sensor Program (RASP) will provide DHS and suppliers of drone technologies a picture of how law enforcement drones will function in the national airspace, UCOP and other counter-UAS systems connected to UTM will help DHS, Department of Defense (DoD) and First Responders keep the national airspace safe.

“The community of stakeholders around small aircraft in lower altitudes has kicked up,” said Joseph Rios, Chief Engineer of the NASA UTM project. “UTM will create a system for enabling safe, efficient access to low-altitude airspace.”

UTM began as a NASA concept and evolved to a NASA research project that continues today.  This research is building the theoretical foundation for getting drones operating in airspace not typically controlled by FAA Air Traffic Control. Through S&T’s work with DoD, NASA and the FAA, there is a pathway to support a stronger security posture in our nation’s skies. 

Topics: Science and Technology [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&102&&&hXXps://www.dhs.gov/topics/science-and-technology]
Keywords: drone [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&103&&&hXXps://www.dhs.gov/keywords/drone], R&D [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&104&&&hXXps://www.dhs.gov/keywords/rd], Science and Technology [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&105&&&hXXps://www.dhs.gov/keywords/science-and-technology], UAS [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&106&&&hXXps://www.dhs.gov/keywords/uas], unmanned aircraft systems [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&107&&&hXXps://www.dhs.gov/keywords/unmanned-aircraft-systems]

Having trouble viewing this message? View it as a webpage [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&108&&&hXXps://content.govdelivery.com/accounts/USDHS/bulletins/22f0f89].

Connect with DHS:

Facebook [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&112&&&hXXps://www.dhs.gov/facebook?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Twitter [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&113&&&hXXps://www.dhs.gov/twitter?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Instagram [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&114&&&hXXps://www.dhs.gov/instagram?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  LinkedIn [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&115&&&hXXps://www.dhs.gov/linkedin?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Flickr [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&116&&&hXXps://www.dhs.gov/flickr?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  YouTube [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&117&&&hXXps://www.dhs.gov/youtube?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]

U.S. Department of Homeland Security
www.dhs.gov [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&118&&&hXXps://www.dhs.gov]

The spread of the global pandemic COVID-19 has resulted in many organizations adopting work-from-home policies. This professional change in shifting to an entirely remote workforce may be new for many businesses, which means they could lack the...

The spread of the global pandemic COVID-19 has resulted in many organizations adopting work-from-home policies. This professional change in shifting to an entirely remote workforce may be new for many businesses, which means they could lack the processes, policies, and technologies required for business continuity. In an effort to assist businesses in creating a secure remote workforce, SANS published a “Securely Working From Home Deployment Kit,” which can be found here [hXXps://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit?utm_medium=Email&utm_source=HL&utm_content=SANS+Resources+WFH+deployment+kit&utm_campaign=SANS+Resources].

Johns Hopkins Applied Physics Laboratory just released a report by Dr. Paul Stockton entitled (and linked here): Resilience for Grid Security Emergencies: Opportunities for Industry–Government Collaboration . The report discusses potential...

Johns Hopkins Applied Physics Laboratory just released a report by Dr. Paul Stockton entitled (and linked here): Resilience for Grid Security Emergencies: Opportunities for Industry–Government Collaboration [hXXp://www.jhuapl.edu/Content/documents/ResilienceforGridSecurityEmergencies.pdf].

The report discusses potential Emergency Orders from the US Department of Energy that come from changes to the Federal Power Act as modified by the Fixing America’s Surface Transportation (FAST) Act.  The statute authorizes the Secretary of Energy to order emergency measures, following a Presidential declaration of a grid security emergency, to protect or restore the reliability of critical electric infrastructure or defense critical electric infrastructure during the emergency. A grid security emergency could result from a physical attack, a cyber-attack using electronic communication, an electromagnetic pulse (EMP), or a geomagnetic storm event, damaging certain electricity infrastructure assets and impairing the reliability of the Nation's power grid.

For awareness, the Department of Homeland Security has several free resources available that may be of assistance in preventing or mitigating physical security incidents within the electricity subsector. While these are not sector-specific, they...
On August 4, 2019, news sources reported that one individual died and another is in critical condition due to a copper theft attempt at a radio transmitter site in Oklahoma. The Tulsa County Sheriff’s office reported that they were called to...

On August 4, 2019, news sources reported that one individual died and another is in critical condition due to a copper theft attempt at a radio transmitter site in Oklahoma.

The Tulsa County Sheriff’s office reported that they were called to the KRMG AM Transmitter Site in Oklahoma the morning of August 4. They found two individuals who appeared to have been electrocuted while attempting to access the building through a conduit. Based on the tools and materials discovered at the site, the sheriff’s office believe they were attempting to steal copper. One of the individuals died, and the other is in critical condition.

Source: hXXps://www.krmg.com/news/local/dead-critical-condition-after-incident-krmg-sand-springs-transmitter-site/95HVjg1jXEWpEzjUKGmDEM/

E-ISAC Analyst Comment: While this is not a member site or related to the electricity industry, it is a good example of how dangerous copper theft can be – not only when stealing the copper itself, but even in accessing sites that contain copper. It is essential to increase awareness of the dangers of copper theft to assist in prevention and mitigation. A few suggested prevention tips provided by members include:

  • Create local groups to address copper theft, such as a coalition to increase public awareness and/or community watches to keep an eye on nearby facilities.
  • Discuss and develop alert or reporting systems to make it easier for residents to report suspicious activity.
  • Increase community awareness by issuing informational brochures and alerts on copper theft.
  • Advocate for stricter laws when dealing with copper theft, such as charging thieves with endanger life to increase penalties, thereby deterring future thefts.

For additional copper theft prevention best practices, please reference the TLP:White Copper Theft Prevention White Paper here [hXXps://www.eisac.com/portal-home/document-detail?id=119770] (119770) developed by the E-ISAC Physical Security Analysis Team in coordination with the Physical Security Advisory Group. This paper aims to provide copper theft prevention best practices and lessons learned that asset owners and operators have implemented successfully in North America.

Recommendation: Be vigilant about suspicious behavior in your area. Please continue sharing this type of activity with the E-ISAC and law enforcement. 

The E-ISAC is providing this bulletin for situational awareness. If further information becomes available, it will be added as an update to this post.

Summary :                                                                  ...

Summary:                                                                    

North Korea-associated Lazarus Group could begin a global phishing campaign as early as June 20th.

Impact Statement/Analysis:

Security Firm Cyfirma released analysis showing the Lazarus Group (associated with Dragos’ COVELLITE) may launch a phishing campaign globally starting as early as June 20th. The attack is expected to focus on countries which provided stimulus funding to combat COVID-19 caused economic damage. While not explicitly named, NERC entities and employees could be among those targeted and are at moderate risk.

The hackers are likely to impersonate government agencies tasked with disbursing financial aid and target persons/businesses likely to be in need of financial assistance. Cyfirma has identified several email addresses created by the threat actors meant to mimic legitimate email addresses of government agencies. Lazarus Group claims to have 1.4 million curated email IDs for the US alone with a plan to send a spoofed email luring targets with fake direct payment offers to incite them to provide personal data. 

This is consistent with previous Lazarus Group activities, which have shown the capability to accomplish phishing campaigns as well as an interest in stealing funds. Lazarus Group is responsible for the 2014 cyber attack on Sony Pictures and various Bitcoin heists. Aside from disrupting adversaries, using intelligence and cyber activities to procure funds has been a longstanding staple of North Korean government policy to circumvent international sanctions, to the extent that a separate intelligence agency (known as Office 39) has been operating for decades with that specific mission. 

Comments:

The E-ISAC will continue to monitor this situation and provide relevant updates when necessary.  If you have any questions or comments, please reach out to us at operations[@]eisac.com [mailto:operations[@]eisac.com] or at 202-790-6000.

References:

Cyfirma. June 18, 2020. Global COVID-19-Related Phishing Campaign by North Korean Operatives Lazarus Group Exposed by Cyfirma Researchers hXXps://www.cyfirma.com/early-warning/global-covid-19-related-phishing-campaign-by-north-korean-operatives-lazarus-group-exposed-by-cyfirma-researchers/

Eileen Yu. ZDNet. June 19, 2020. North Korean state hackers reportedly planning COVID-19 phishing campaign targeting 5M across six nations hXXps://www.zdnet.com/article/north-korean-state-hackers-reportedly-planning-covid-19-phishing-campaign-targeting-5m-across-six-nations/

Dragos, Inc. Covellite hXXps://www.dragos.com/resource/covellite/

MITRE Partnership Network. Group: Lazarus group, COVELLITE hXXps://collaborate.mitre.org/attackics/index.php/Group/G0008

John Walcott. Time. April 29, 2020. Cash, Yachts, and Cognac: Kim Yo-Jong’s Links to the Secretive Office Keeping North Korea’s Elites in Luxury hXXps://time.com/5829508/kim-yo-jong-money-office-39/

Matthew Carney. ABC News. January 05, 2018. Defector reveals secrets of North Korea’s Office 39, raising cash for Kim Jong-un hXXps://www.abc.net.au/news/2018-01-06/north-korea-defector-reveals-secrets-of-office-39/9302308