On the 28th of April, I read an article dealing with a drill to see what could be hacked or taken control of in the space that is the electric space.
I’m happy to see that this drill took place, but I’m saddened at the fact that the supply chain venders had nothing to say for themselves.
In recent articles through the years, we’ve found that the supply chain brings a big part in to how things work in our world. Let us take the breach at Target for example. In this breach, we’ll remind you that an HVAC contractor had access to Target’s billing system in some way, and when people swiped their cards, hackers who went in through the already existing hole found in the HVAC contractor’s permission set, they were able to get in and make off with a bunch of data.
Whether I have the facts correct exactly or not is not the point, and I am willing to be corrected because I don’t remember the exact story. Suffice it to say, the supply chain where the HVAC company was doing some type of work had this access, and it came back to bite them all in the long run.
A November drill involving electric utilities across North America mimicked the disruptive malware used to cut power in Ukraine in 2016, testing operators’
ability to expunge the malicious code from their systems.The fictional scenario, revealed Tuesday in a press briefing on the exercise, saw the malware compromise the industrial control systems that utilities
use to manage their operations. An electric equipment vendor helped the utilities replace some of the industrial computers that had been “bricked,” or
rendered useless, by the malware. (The code was not actually executed on live systems; it was all simulated.)The intense scenario forced participants to “start implementing their incident response plans” and “really upped the training value for many utilities,”
said Matt Duncan, an official at the North American Electric Reliability Corp., the regulator that runs the biennial drill, known as GridEx.
In the breach of Target, it wasn’t any type of code, but it was the making off of all that data which was the problem. I’m happy to see that this drill took place, but the supply chain must be a part of this work.
What do you think?
Read more from Cyber Scoop: North American utilities drill ‘GridEx’ brings record turnout — except from supply chain vendors is the article.