One of the key findings from the report was that no loss-of-load occurred due to cyber or physical security events, despite continually evolving threats.
While no loss-of-load was reported in 2017, continued innovation and development of enhanced security standards is essential to long-term grid reliability. As components of the bulk power system become increasingly connected and networked, unprotected by traditional, centralized security systems, threats by malicious actors continue to rapidly evolve and expand in scope.
The report noted specific concern around advancements in malware design targeting major hardware vendors that represent more than half of the market share, the advancement of persistent threat actors targeting the electrical industry, and phishing activities with the potential to compromise trusted business partners.
In order to combat such continually evolving threats, NERC recommends that industry must drive improvements in its own security posture by way of technological hardening, fostering a culture of security, and facilitating effective information exchange between entities.
In line with NERC’s recommendations, The Xage Security Suite distributes authentication and private data across a network of devices, creating a tamper-proof, any-to-any security fabric for communication, authentication, and trust that ensures security at scale. Helping energy operators to meet standards and increase operational awareness, Xage furthermore offers SCADA protection to detect malware and prevent zero-day attacks, as well as security for RBAC to eliminate unmanaged passwords, legacy protocols, and only allow authorized access based on role based permissions.
