Part of Energy & Sustainability Network »

The Energy Collective Group

This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Shared Link

A moment of reckoning: the need for a strong and global cybersecurity response - Microsoft On the Issues

Richard Brooks's picture
Richard Brooks 101,868
Co-Founder and Lead Software Engineer, Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,540 items added with 672,601 views
  • Dec 18, 2020
  • 1150 views

The Solarwinds incursion has damaged government credibility with regard to our ability to defend against sophisticated, nation state cyber threats and software supply chain risks. This posting from Brad Smith of Microsoft has several recommendations that are worthy of consideration, to help prevent more attacks. But one recommendation in particular can have real and immediate effect that improves our collective ability to protect and defend against cyber attacks: First, we need to take a major step forward in the sharing and analysis of threat intelligence.

Of all his recommendations this one, in particular, can be implemented by every person that receives software and can detect potential threats that may be present. We have the facilities to report suspected software via the existing CVE/NVD repositories and other channels, i.e. *-ISAC. We don't need a government mandate to make this happen, but it does take discipline and the ability to detect when risks are present. There are several vendors of software supply chain risk assessment solutions, i.e. SAG-PM, that can help to detect potentially risky software packages. It's up to the consumers of software to take advantage of these solution offerings and help stop the spread of bad software by applying comprehensive software supply chain risk assessments and reporting any issues that are identified, which raise doubt as to the Trustworthiness of a software package.

Energy Central hosted a PowerSession on 8/12 that echo many of Brads points, available on demand at: https://energycentral.com/o/energy-central/demand-energy-central-powersession-series-cybersecurity-us-power-grid-software

Never trust software, always verify and report!

A moment of reckoning: the need for a strong and global cybersecurity response - Microsoft On the Issues

The recent spate of cyberattacks require the government and the tech sector in the United States to look with clear eyes at the growing threats we face. At Microsoft, we are committed to being at the forefront of these efforts. A posting by Brad Smith of Microsoft.

Read More
Source: blogs.microsoft.com
Discussions
Matt Chester's picture
Matt Chester on Dec 18, 2020

I wonder if the depth and severity of the SolarWinds incident will jolt this to the top of the new Administration's priority list-- both specific to addressing what happened and overall grid cybersecurity. 

Nathan Wilson's picture
Nathan Wilson on Dec 19, 2020

For computer systems that require maximum security, the gold standard security technique is the "air gap".  That means keeping mission essential systems physically disconnect (not just via a software firewall) from the public internet!

We should recognize the mission essential status our electric grid, and resist the temptation to create demand-response systems over the public network.  That means that under no circumstances should BEV chargers, home water heaters, or PV system batteries be allowed to come under control of utilities or DR aggregators via remote control.

That will be bad news to many who envision certain types of future smart grids, but we have to take computer security seriously, or the cyber attacks of the future will be even more damaging.

Rick Engebretson's picture
Rick Engebretson on Dec 19, 2020

I just spent time trying to upgrade a bios of an old intel motherboard. Included in a boot cdrom image was this text;

mkisofs 2.01a32-3-bootcd.ru -o fdoem.iso -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -J -r -c _$ -hide-joliet ...

It is part of a linux command line to construct a boot cdrom image to change the motherboard bios. What caught my attention was the ".ru". This particular motherboard had a large bios to include the "intel management engine (spyware)" and required a large file size cdrom. Thus using the linux command "mkisofs," to boot a "freedos" kernel" using "isolinux" memory disk.

It seemed to me ironic we need to hire the Russians to implant spyware in our PCs because we are too dumb to program a computer anymore.

An old joke is we Americans are lucky the foreign software experts still speak fluent English.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »

Your access to Member Features is limited.

Apply for membership
Related Content
“None of our products is affected by the log4j vulnerabilities” and other fairy stories
Short Article on US Power Grid Attacks
CISA’s public-private cyber collaborative to focus on energy, water
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
Recent Comments
Matt Chester
Matt commented on ...
Big Changes Afoot for Heat Pumps
Heat pumps are definitely poised to be one of the big stories of 2023 in our sector (I wonder if we'll be hearing about them in the
Michael Keller
Michael commented on ...
Analyzing the Most Severe Risks of Climate Change and Climate Alarmism
The claims of distant planetary temperature increases are essentially based on religious beliefs.
Matt Chester
Matt commented on ...
NRC Requires New License Renewal Effort for Diablo Canyon
Great insights as always, Dan-- but I have to especially commend using the pictures of waffles.
Julian Silk
Julian commented on ...
Social cost of co2 emission
It's very important to know who is doing the calculation for the social cost of carbon, because certain items may be weighed such that they...