On August 10-14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) conducted Cyber Storm 2020 (CS 2020), the seventh iteration of the national capstone cyber exercise that brings together the public and private sectors to simulate response to a cyber crisis impacting the Nation’s critical infrastructure.
Cyber Storm exercises are part of CISA’s ongoing efforts to assess and strengthen cyber preparedness and examine incident response processes. The exercise findings contribute to safeguarding the Nation’s security and cyber infrastructure by identifying ways to strengthen coordinated incident response along the whole-of-Nation approach outlined in the National Cyber Incident Response Plan (NCIRP).
CISA sponsors the exercise series to improve capabilities of the cyber incident response community, encourage the advancement of public-private partnerships within the critical infrastructure sectors, and strengthen the relationship between the Federal Government and its government partners at the state, local, and international levels.
On February 11th, 2021, a join cybersecurity advisory, which was co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on the recent compromise of a U.S. water treatment facility, was released.
The E-ISAC is re-sharing that advisory for your situational awareness:
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cyber-security weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).
For more information, please see the full document attached to this bulletin.
The Electricity Information Sharing and Analysis Center’s (E-ISAC) Long-Term Strategic Plan has three primary focus areas—Engagement, Information Sharing, and Analysis—and embraces the following ongoing needs: review priorities under each focus area, ensure alignment between priorities, optimize resource allocation, and develop, refine, and track metrics to measure progress.
In 2019, the E-ISAC took steps to improve the efficiency of operations and prioritize higher impact activities. The E-ISAC strengthened its leadership and security operations and reorganized to align and optimize cyber and physical security teams as part of an integrated watch operations team. The E-ISAC also focused on developing Portal postings and products that offer greater context and more actionable information. In addition, the E-ISAC created a performance management group to oversee the implementation of process improvements, technology, and metrics to improve the quality, timeliness, and value of information sharing, data management, and analysis.
This plan provides updates to reflect those improvements and identifies near- and long-term focus areas.
NERC conducted its fifth biennial Grid Security Exercise (GridEx), a grid security and emergency response exercise, November 13–14, 2019. The exercise was structured as two days of distributed play and it provided an opportunity for stakeholders in the electricity industry to respond to simulated cyber and physical attacks that affected the reliable operation of the grid, fulfilling NERC’s mission to assure the reliability of the North American BPS. Led by NERC’s Electricity Information Sharing and Analysis Center (E-ISAC), GridEx V was the largest geographically distributed grid security exercise to date.
Additionally, NERC’s E-ISAC conducted the GridEx V executive tabletop on November 14, 2019, complementing the separate North American-wide operational exercise. The Canadian Electricity Association (CEA) conducted a separate executive tabletop with the government of Canada the same day with a different, Canada-specific, scenario.
This report is labeled Traffic Light Protocol (TLP) WHITE, a designation meaning that recipients may share this report freely without restriction.
The goal of Cyber Yankee 2019 was to continue the successful execution of a realistic cyber exercise for Army National Guard Defensive Cyberspace Operations Elements (DCOE) and other Cyber units to further train and apply their skills as cyber defenders. This year, we also integrated the several agencies from the State of New Hampshire, the 229th COS, additional legal support, and elements of the 91st Cyber Brigade. Exercise planners used lessons learned from Cyber Yankee 2015-2018 to improve the exercise. The exercise focused on developing strong collaboration across all of the New England Cyber elements, state, and federal government partners in cyber defense. Cyber Yankee ’19 was part of the Federal Emergency Management Agency (FEMA) National Exercise Program.
The end state was continued development of a more robust capacity and capability for the Defensive Cyberspace Operations Elements and other Guard and Reserve cyber units in the New England states as well as a growth in partnerships across multiple levels of government throughout the region. Conducting the exercise at the unclassified level (leveraging open source intelligence information) ensured maximum relevant and current training for all government and non-government participants.
Attached are the GridEx V participation numbers, suitable for sharing.
More electricity industry security professionals participated than ever, with over 7,000 participants from 527 entities (including 266 electricity entities, 29 FBI Field Offices, 26 state governments, 16 gas industry participants). Key to this increase was the substantial participation by distribution utilities, the natural gas industry (to include midstream pipeline operators), FBI field offices, Canadian entities, and our partners in U.S. state government.
More detailed information on the exercise will be published in the Lessons Learned report, which will be available by March 2020.
The E-ISAC has published a Guide for Information Sharing that includes examples of information to be shared with the E-ISAC.
The E‐ISAC serves as the primary security communications channel for industry, and enhances the ability to prepare for and respond to cyber and physical threats, vulnerabilities, and incidents. The E‐ISAC gathers, analyzes, and shares security information from members and partners; coordinates incident management; enables member to member sharing; and shares mitigation strategies with interdependent sectors and government partners. Information that members share with the E‐ISAC helps create an understanding about security threats that may impact the industry.
If you have questions or comments, contact the E-ISAC at firstname.lastname@example.org.
The E-ISAC Brochure describes the products and services provided to asset owners and operators and select government and cross-sector partners in North America.
The brochure is intended to provide potential E-ISAC Portal members an overview of the benefits of joining the E-ISAC Portal, what types of information to share, and how to share with the E-ISAC.
The E-ISAC Physical Security Analysis Team in coordination with the Physical Security Advisory Group has developed the attached Copper Theft Prevention White Paper using insight from industry experts, as well as open source resources. This paper aims to provide copper theft prevention best practices and lessons learned that asset owners and operators (AOOs) have implemented sucessfully in North America. Please feel free to submit any additional prevention and mitigation techniques to email@example.com for future updates.