Update on Energy Threats and Responses in Cyber War

Array
(
    [field_authors] => Array
        (
            [#theme] => field
            [#weight] => 0
            [#title] => Author(s)
            [#access] => 1
            [#label_display] => hidden
            [#view_mode] => full
            [#language] => und
            [#field_name] => field_authors
            [#field_type] => entityreference
            [#field_translatable] => 0
            [#entity_type] => node
            [#bundle] => wp_blog
            [#object] => stdClass Object
                (
                    [vid] => 8320
                    [uid] => 115
                    [title] => Update on Energy Threats and Responses in Cyber War
                    [log] => 
                    [status] => 1
                    [comment] => 1
                    [promote] => 0
                    [sticky] => 0
                    [nid] => 2955
                    [type] => wp_blog
                    [language] => und
                    [created] => 1481658247
                    [changed] => 1531354768
                    [tnid] => 0
                    [translate] => 0
                    [revision_timestamp] => 1531354768
                    [revision_uid] => 1
                    [body] => Array
                        (
                            [und] => Array
                                (
                                    [0] => Array
                                        (
                                            [value] => 

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[summary] => [format] => full_html [safe_value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[safe_summary] => ) ) ) [taxonomy_wp_blog_tags] => Array ( ) [field_intro_image] => Array ( [und] => Array ( [0] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) ) ) [field_blog_author] => Array ( [und] => Array ( [0] => Array ( [value] => Christina Simeone [format] => [safe_value] => Christina Simeone ) ) ) [field_image_caption] => Array ( [und] => Array ( [0] => Array ( [value] => Image Courtesy of Blogtrepreneur [format] => [safe_value] => Image Courtesy of Blogtrepreneur ) ) ) [field_set_as_featured_] => Array ( [und] => Array ( [0] => Array ( [value] => no ) ) ) [field_authors] => Array ( [und] => Array ( [0] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) ) ) [field_addthis] => Array ( [und] => Array ( [0] => Array ( [value] => Dummy value ) ) ) [field_teaser] => Array ( ) [field_primary_theme] => Array ( [und] => Array ( [0] => Array ( [tid] => 205 ) ) ) [field_secondary_themes] => Array ( ) [field_exclude] => Array ( ) [field_more_like_this] => Array ( ) [field_show_cropped_image] => Array ( [und] => Array ( [0] => Array ( [value] => 1 ) ) ) [field_voices] => Array ( ) [field_paragraph_sections] => Array ( ) [metatags] => Array ( [und] => Array ( [robots] => Array ( [value] => Array ( [0] => 0 [index] => 0 [follow] => 0 [noindex] => 0 [nofollow] => 0 [noarchive] => 0 [nosnippet] => 0 [noodp] => 0 [noydir] => 0 [noimageindex] => 0 [notranslate] => 0 ) ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => Christina Simeone [picture] => 0 [data] => a:6:{s:18:"htmlmail_plaintext";i:0;s:16:"ckeditor_default";s:1:"t";s:20:"ckeditor_show_toggle";s:1:"t";s:14:"ckeditor_width";s:4:"100%";s:13:"ckeditor_lang";s:2:"en";s:18:"ckeditor_auto_lang";s:1:"t";} [entity_view_prepared] => 1 ) [#items] => Array ( [0] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) ) [#formatter] => entityreference_label [0] => Array ( [#theme] => entityreference_label [#label] => Christina Simeone [#item] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) [#uri] => Array ( [path] => node/62 [options] => Array ( [entity_type] => node [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) ) ) [#settings] => Array ( [display] => Array ( [bypass_access] => 0 [link] => 1 ) [field] => Array ( [target_type] => node [handler] => base [handler_settings] => Array ( [target_bundles] => Array ( [people_bio] => people_bio [people_no_bio] => people_no_bio ) [sort] => Array ( [type] => none ) [behaviors] => Array ( [views-select-list] => Array ( [status] => 0 ) ) ) ) ) ) ) [links] => Array ( [#theme] => links__node [#pre_render] => Array ( [0] => drupal_pre_render_links ) [#attributes] => Array ( [class] => Array ( [0] => links [1] => inline ) ) [node] => Array ( [#theme] => links__node__node [#links] => Array ( ) [#attributes] => Array ( [class] => Array ( [0] => links [1] => inline ) ) ) ) [field_intro_image] => Array ( [#theme] => field [#weight] => 1 [#title] => Intro Image [#access] => 1 [#label_display] => hidden [#view_mode] => full [#language] => und [#field_name] => field_intro_image [#field_type] => image [#field_translatable] => 0 [#entity_type] => node [#bundle] => wp_blog [#object] => stdClass Object ( [vid] => 8320 [uid] => 115 [title] => Update on Energy Threats and Responses in Cyber War [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 2955 [type] => wp_blog [language] => und [created] => 1481658247 [changed] => 1531354768 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1531354768 [revision_uid] => 1 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[summary] => [format] => full_html [safe_value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[safe_summary] => ) ) ) [taxonomy_wp_blog_tags] => Array ( ) [field_intro_image] => Array ( [und] => Array ( [0] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) ) ) [field_blog_author] => Array ( [und] => Array ( [0] => Array ( [value] => Christina Simeone [format] => [safe_value] => Christina Simeone ) ) ) [field_image_caption] => Array ( [und] => Array ( [0] => Array ( [value] => Image Courtesy of Blogtrepreneur [format] => [safe_value] => Image Courtesy of Blogtrepreneur ) ) ) [field_set_as_featured_] => Array ( [und] => Array ( [0] => Array ( [value] => no ) ) ) [field_authors] => Array ( [und] => Array ( [0] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) ) ) [field_addthis] => Array ( [und] => Array ( [0] => Array ( [value] => Dummy value ) ) ) [field_teaser] => Array ( ) [field_primary_theme] => Array ( [und] => Array ( [0] => Array ( [tid] => 205 ) ) ) [field_secondary_themes] => Array ( ) [field_exclude] => Array ( ) [field_more_like_this] => Array ( ) [field_show_cropped_image] => Array ( [und] => Array ( [0] => Array ( [value] => 1 ) ) ) [field_voices] => Array ( ) [field_paragraph_sections] => Array ( ) [metatags] => Array ( [und] => Array ( [robots] => Array ( [value] => Array ( [0] => 0 [index] => 0 [follow] => 0 [noindex] => 0 [nofollow] => 0 [noarchive] => 0 [nosnippet] => 0 [noodp] => 0 [noydir] => 0 [noimageindex] => 0 [notranslate] => 0 ) ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => Christina Simeone [picture] => 0 [data] => a:6:{s:18:"htmlmail_plaintext";i:0;s:16:"ckeditor_default";s:1:"t";s:20:"ckeditor_show_toggle";s:1:"t";s:14:"ckeditor_width";s:4:"100%";s:13:"ckeditor_lang";s:2:"en";s:18:"ckeditor_auto_lang";s:1:"t";} [entity_view_prepared] => 1 ) [#items] => Array ( [0] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) ) [#formatter] => image [0] => Array ( [#theme] => image_formatter [#item] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) [#image_style] => new_hero [#path] => ) [#printed] => 1 [#children] =>
) [field_image_caption] => Array ( [#theme] => field [#weight] => 2 [#title] => Image Caption/Source [#access] => 1 [#label_display] => hidden [#view_mode] => full [#language] => und [#field_name] => field_image_caption [#field_type] => text [#field_translatable] => 0 [#entity_type] => node [#bundle] => wp_blog [#object] => stdClass Object ( [vid] => 8320 [uid] => 115 [title] => Update on Energy Threats and Responses in Cyber War [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 2955 [type] => wp_blog [language] => und [created] => 1481658247 [changed] => 1531354768 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1531354768 [revision_uid] => 1 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[summary] => [format] => full_html [safe_value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[safe_summary] => ) ) ) [taxonomy_wp_blog_tags] => Array ( ) [field_intro_image] => Array ( [und] => Array ( [0] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) ) ) [field_blog_author] => Array ( [und] => Array ( [0] => Array ( [value] => Christina Simeone [format] => [safe_value] => Christina Simeone ) ) ) [field_image_caption] => Array ( [und] => Array ( [0] => Array ( [value] => Image Courtesy of Blogtrepreneur [format] => [safe_value] => Image Courtesy of Blogtrepreneur ) ) ) [field_set_as_featured_] => Array ( [und] => Array ( [0] => Array ( [value] => no ) ) ) [field_authors] => Array ( [und] => Array ( [0] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) ) ) [field_addthis] => Array ( [und] => Array ( [0] => Array ( [value] => Dummy value ) ) ) [field_teaser] => Array ( ) [field_primary_theme] => Array ( [und] => Array ( [0] => Array ( [tid] => 205 ) ) ) [field_secondary_themes] => Array ( ) [field_exclude] => Array ( ) [field_more_like_this] => Array ( ) [field_show_cropped_image] => Array ( [und] => Array ( [0] => Array ( [value] => 1 ) ) ) [field_voices] => Array ( ) [field_paragraph_sections] => Array ( ) [metatags] => Array ( [und] => Array ( [robots] => Array ( [value] => Array ( [0] => 0 [index] => 0 [follow] => 0 [noindex] => 0 [nofollow] => 0 [noarchive] => 0 [nosnippet] => 0 [noodp] => 0 [noydir] => 0 [noimageindex] => 0 [notranslate] => 0 ) ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => Christina Simeone [picture] => 0 [data] => a:6:{s:18:"htmlmail_plaintext";i:0;s:16:"ckeditor_default";s:1:"t";s:20:"ckeditor_show_toggle";s:1:"t";s:14:"ckeditor_width";s:4:"100%";s:13:"ckeditor_lang";s:2:"en";s:18:"ckeditor_auto_lang";s:1:"t";} [entity_view_prepared] => 1 ) [#items] => Array ( [0] => Array ( [value] => Image Courtesy of Blogtrepreneur [format] => [safe_value] => Image Courtesy of Blogtrepreneur ) ) [#formatter] => text_default [0] => Array ( [#markup] => Image Courtesy of Blogtrepreneur ) ) [body] => Array ( [#theme] => field [#weight] => 4 [#title] => Body [#access] => 1 [#label_display] => hidden [#view_mode] => full [#language] => und [#field_name] => body [#field_type] => text_with_summary [#field_translatable] => 0 [#entity_type] => node [#bundle] => wp_blog [#object] => stdClass Object ( [vid] => 8320 [uid] => 115 [title] => Update on Energy Threats and Responses in Cyber War [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 2955 [type] => wp_blog [language] => und [created] => 1481658247 [changed] => 1531354768 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1531354768 [revision_uid] => 1 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[summary] => [format] => full_html [safe_value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[safe_summary] => ) ) ) [taxonomy_wp_blog_tags] => Array ( ) [field_intro_image] => Array ( [und] => Array ( [0] => Array ( [fid] => 1525 [uid] => 115 [filename] => Image Courtesy of Blogtrepreneur.jpg [uri] => public://Image Courtesy of Blogtrepreneur.jpg [filemime] => image/jpeg [filesize] => 121986 [status] => 1 [timestamp] => 1481658247 [focus_rect] => [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 640 [height] => 544 ) ) ) [field_blog_author] => Array ( [und] => Array ( [0] => Array ( [value] => Christina Simeone [format] => [safe_value] => Christina Simeone ) ) ) [field_image_caption] => Array ( [und] => Array ( [0] => Array ( [value] => Image Courtesy of Blogtrepreneur [format] => [safe_value] => Image Courtesy of Blogtrepreneur ) ) ) [field_set_as_featured_] => Array ( [und] => Array ( [0] => Array ( [value] => no ) ) ) [field_authors] => Array ( [und] => Array ( [0] => Array ( [target_id] => 62 [entity] => stdClass Object ( [vid] => 62 [uid] => 1 [title] => Christina Simeone [log] => [status] => 1 [comment] => 1 [promote] => 0 [sticky] => 0 [nid] => 62 [type] => people_bio [language] => und [created] => 1414774970 [changed] => 1552675041 [tnid] => 0 [translate] => 0 [revision_timestamp] => 1552675041 [revision_uid] => 90 [body] => Array ( [und] => Array ( [0] => Array ( [value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[summary] => [format] => full_html [safe_value] =>

Christina Simeone is a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. She is also the former director of policy and external affairs at the Kleinman Center for Energy Policy. While at the Kleinman Center, Christina engaged in applied research—bringing together analytics, academics, and industry insights—to further the center's mission.

Prior to joining the Kleinman Center, Simeone served as the director of the PennFuture Energy Center for Enterprise and the Environment, where she focused on energy and climate issues that impact Pennsylvania. Simeone worked on federal energy and climate legislation as policy director at the Alliance for Climate Protection in Washington, D.C., after spending several years in Harrisburg at the Pennsylvania Department of Environmental Protection (PA DEP), where she worked on climate and energy issues in the Policy Office and as special assistant to the secretary. Additionally, she has experience in private environmental consulting and in the financial management sector.

Simeone holds a master's degree in environmental studies from the University of Pennsylvania, a B.A. in economics from the University of Miami, and B.S. in music industry from Drexel University (with a concentration in opera and piano performance). She is a board member of Philadelphia's Sustainable Energy Fund, former chair of the Climate Change Advisory Committee to the PA DEP, and former co-chair to Governor Wolf's transition team for the PA DEP.

[safe_summary] => ) ) ) [field_headshot] => Array ( [und] => Array ( [0] => Array ( [fid] => 1836 [uid] => 10 [filename] => IMG_2538.JPG [uri] => public://IMG_2538_0.JPG [filemime] => image/jpeg [filesize] => 1884043 [status] => 1 [timestamp] => 1495475902 [focus_rect] => 269,241,1135,1134 [crop_rect] => [rdf_mapping] => Array ( ) [alt] => [title] => [width] => 1766 [height] => 2047 ) ) ) [field_org_title] => Array ( [und] => Array ( [0] => Array ( [value] => Advanced Energy Systems, PhD Student [format] => [safe_value] => Advanced Energy Systems, PhD Student ) ) ) [field_email] => Array ( [und] => Array ( [0] => Array ( [email] => csimeone@upenn.edu ) ) ) [field_phone_number] => Array ( [und] => Array ( [0] => Array ( [value] => 215.573.4096 [format] => [safe_value] => 215.573.4096 ) ) ) [field_people_designation] => Array ( [und] => Array ( [0] => Array ( [value] => fellow ) ) ) [field_adboard_organization] => Array ( [und] => Array ( [0] => Array ( [value] => Colorado School of Mines and the National Renewable Energy Laboratory [format] => [safe_value] => Colorado School of Mines and the National Renewable Energy Laboratory ) ) ) [field_project_years] => Array ( ) [field_bio_type] => Array ( [und] => Array ( [0] => Array ( [tid] => 187 ) ) ) [field_omit] => Array ( [und] => Array ( [0] => Array ( [value] => 0 ) ) ) [field_biodepartment] => Array ( ) [field_teaser] => Array ( [und] => Array ( [0] => Array ( [value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

[format] => full_html [safe_value] =>

is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program. 

) ) ) [field_label_above_name] => Array ( [und] => Array ( [0] => Array ( [value] => Senior Fellow [format] => [safe_value] => Senior Fellow ) ) ) [field_year] => Array ( ) [metatags] => Array ( [und] => Array ( [article:published_time] => Array ( [value] => ) [article:modified_time] => Array ( [value] => ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => admin [picture] => 0 [data] => b:0; ) [access] => 1 ) ) ) [field_addthis] => Array ( [und] => Array ( [0] => Array ( [value] => Dummy value ) ) ) [field_teaser] => Array ( ) [field_primary_theme] => Array ( [und] => Array ( [0] => Array ( [tid] => 205 ) ) ) [field_secondary_themes] => Array ( ) [field_exclude] => Array ( ) [field_more_like_this] => Array ( ) [field_show_cropped_image] => Array ( [und] => Array ( [0] => Array ( [value] => 1 ) ) ) [field_voices] => Array ( ) [field_paragraph_sections] => Array ( ) [metatags] => Array ( [und] => Array ( [robots] => Array ( [value] => Array ( [0] => 0 [index] => 0 [follow] => 0 [noindex] => 0 [nofollow] => 0 [noarchive] => 0 [nosnippet] => 0 [noodp] => 0 [noydir] => 0 [noimageindex] => 0 [notranslate] => 0 ) ) ) ) [rdf_mapping] => Array ( [rdftype] => Array ( [0] => sioc:Item [1] => foaf:Document ) [title] => Array ( [predicates] => Array ( [0] => dc:title ) ) [created] => Array ( [predicates] => Array ( [0] => dc:date [1] => dc:created ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [changed] => Array ( [predicates] => Array ( [0] => dc:modified ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) [body] => Array ( [predicates] => Array ( [0] => content:encoded ) ) [uid] => Array ( [predicates] => Array ( [0] => sioc:has_creator ) [type] => rel ) [name] => Array ( [predicates] => Array ( [0] => foaf:name ) ) [comment_count] => Array ( [predicates] => Array ( [0] => sioc:num_replies ) [datatype] => xsd:integer ) [last_activity] => Array ( [predicates] => Array ( [0] => sioc:last_activity_date ) [datatype] => xsd:dateTime [callback] => date_iso8601 ) ) [path] => Array ( [pathauto] => 1 ) [name] => Christina Simeone [picture] => 0 [data] => a:6:{s:18:"htmlmail_plaintext";i:0;s:16:"ckeditor_default";s:1:"t";s:20:"ckeditor_show_toggle";s:1:"t";s:14:"ckeditor_width";s:4:"100%";s:13:"ckeditor_lang";s:2:"en";s:18:"ckeditor_auto_lang";s:1:"t";} [entity_view_prepared] => 1 ) [#items] => Array ( [0] => Array ( [value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[summary] => [format] => full_html [safe_value] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

[safe_summary] => ) ) [#formatter] => text_default [0] => Array ( [#markup] =>

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

) ) [submitted_by] => Array ( [0] => Array ( ) [#weight] => 14 [#access] => ) )
Image Courtesy of Blogtrepreneur
December 13, 2016

Back in June, I wrote a short blog about cyberattacks on the energy sector. The blog emphasized spear phishing and ransomware as contemporary cyber espionage concerns for energy companies, with disruption of critical energy infrastructure as a real, but lower probability threat.

Threats and responses to protect critical energy networks and infrastructure continue to develop, warranting a quick update.

At the federal level…

Some in the U.S. Senate Intelligence Committee believe manual analogue technologies should serve as a strategic protection mechanism for critical infrastructure, going so far as to introduce legislation for such retro-style investments. And other experts think “manual control” is a good fall back plan.

The October 2016 “distributed denial of service” cyberattack on web services provider Dyn Inc. - where armies of hacked home electronics devices (or “internet of things” devices) blocked access to popular websites like Twitter and Netflix – raised major concerns about similar strategies to impact critical energy infrastructure.

Luckily, in July, FERC approved an order requiring NERC to develop standards for industrial devices that connect to the transmission grid.  The subsequent “supply chain” security standards will help manage and mitigate risks associated with industrial control system hardware, software, and computing and networking systems that help run the bulk power system. The standards are not intended to be a one-size-fits-all solution, rather, will require certain parties to develop plans to meet specific security objectives. The NERC standards, due in 2017, could prove instructional for other agencies dealing with standards for consumer “internet of things” products.

And just this week, the White House and the Government of Canada released a strategy report on how the two countries would work together to protect and strengthen the electricity grid from cyberattacks and climate change related impacts. The White House also released its action plan for implementing the joint strategy.

More broadly on cybersecurity…

In July, the Obama Administration issued Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination, identifying roles and responsibilities in the event of a significant cyber incident. However, some believe the directive focuses too much on the government response, failing to recognize the private sector owns much of the critical infrastructure assets.

Earlier this month, the nonpartisan Commission on Enhancing National Cyber Security, released its “Report on Securing and Growing the Digital Economy”. The report identifies a variety of imperatives and recommendations for improving cybersecurity and response, including protection of critical infrastructure, as well as recommendations for the first 100 days of the new administration.

The Obama Administration also is rushing to finalize its revised National Cyber Incident Response Plan - which identifies threat, asset, and intelligence responses to cyberattacks – before the inauguration.

But huge gaps remain at the distribution utility level…

While the bulk power system has to adhere to mandatory critical infrastructure protection (CIP) rules issued by FERC and developed by NERC, distribution utilities are mainly protected by voluntary standards issued by state agencies or cooperative utility boards. And some utilities are doing better than others.

Avangrid, Inc. has gained attention for its engagement with Phishme, implementing secretly fake phishing campaigns to train employees and raise awareness about cyber espionage.

Iowa-based MidAmerican Energy Co. has run cyberattack simulations that disabled computers, corporate networks, and even generation plants, in order to test a cyber mutual assistance program created by the electric power industry.  The program enables other utilities to provide expertise and assistance to a utility under cyberattack.

In November, the Michigan Public Service Commission directed staff to develop new cybersecurity rules including annual reporting on cybersecurity investments, employee training, data breaches, and other requirements.

NREL’s Cyber Physical Systems Security and Resilience Center has developed a distribution grid-level test bed for smart grid technologies, allowing hackers to attack the system to identify vulnerabilities, enabling solutions to be developed. But, they also found solutions can be expensive.

And physical threats still exist…

A July article from the Wall Street Journal highlighted how distribution utilities are still extremely vulnerable to physical threats of sabotage.

In September, someone shot a transformer at Garkane Energy Cooperative substation, cutting out power to 13,000 customers. Damage was estimated at $1 million and would take six months to fully repair.

Lastly, a course change on cyber may be coming…

President-elect Trump’s campaign plans on cybersecurity included, for example, establishing a Cyber Review Team to assess and make recommendations to improve cyber defenses and vulnerabilities, enhancing U.S. Cyber Command, and developing offensive cyber capabilities. Trump has been critical of Obama’s cyber approach, as well as critical of cyber intelligence writ large.

Like many countries, the U.S. is already in catch up mode with respect to cyber defense, and it seems the energy sector has significant room for improvement to address risks.

Our blog highlights the research, opinions, and insights of individual authors. It does not represent the voice of the Kleinman Center.

More Like This

Podcast | January 18, 2017 The Energy Sector Confronts Cyber Risk
Policy Digest | March 7, 2018 Energy and the Blockchain