Part of Grid Network »

The Grid Professionals Group covers electric current from its transmission step down to each customer's home. 

593 Members

Post

NERC Lessons Learned from 2019 Grid attack: Know your exploitable vulnerabilities so you can pursue fixes

Author trademark

One of the key features of the Software Assurance Guardian™ (SAG™) method for verifying software object integrity and authenticity is to conduct a thorough “background check” of a software object, before installing any software. Part of this background check includes searches for known software vulnerabilities and compromises that can affect a software vendor’s integrity, i.e. stolen signing keys. The firewall software that was installed and enabled this Grid disruption was known to contain the very vulnerability that was exploited, which means had the Company employed the SAG method they would have been warned of this vulnerability before it could have been installed, preventing this disruption from occurring in the first place. NERC’s recommendations within the findings report for this event makes it clear that Companies should search for known vulnerabilities of a software object and prevent vulnerable software from being exploited. This is precisely the type of attack that SAG is designed to prevent from occurring, as a result of its thorough background check methodology and SAGScore™, which quantifies the level of risk (trustworthiness) associated with a software object, before it ever gets installed.

Never trust software, always verify and report!

Richard Brooks's picture

Thank Richard for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »