Skip to content
  • EC Webcasts
  • Power Perspectives™
  • Special Issues
  • PowerSessions™
  • Sponsors
  • Home
  • Community
    • Q&A
    • Posts
    • Members
    • Experts
  • Groups

    • The Power Industry Network™

      Utility Business Network
      EnergyBiz® Network
      • Utility Professionals
      • Utility Management 
      • Customer Care 
      • HR & Recruitment
      • Resource Management
      Generation Network
      Generation Network
      • Generation Professionals
      • Clean Power Group
      Energy Management Network
      Energy Management Network
      • Load Management
      • Energy Efficiency
      Intelligent Utility Network
      Intelligent Utility® Network
      • Digital Utility
      • Mobile Workforce
      Grid Network
      Grid Network
      • Grid Professionals
      • Transmission Professionals
      Energy & Sustainability Network
      Energy & Sustainability
      Network
      • The Energy Collective
      • Oil & Gas Professionals
      • Clean Energy Business Network
      • Enel Foundation
  • Topics
  • Jobs
  • News
  • Calendar
  • Resources
    • Podcasts
    • Case Studies
    • White Papers
    • Recorded Webinars
  • Subscribe
  • More
    • Subscribe
  • ×
  • Create new content
    • Sign In
    • Apply for Membership
Part of Energy & Sustainability Network »

The Energy Collective Group

This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Join
  • Home
  • Posts
  • Q&A
  • Calendar
  • News
  • Members
  • Experts
  • Sponsors

Author Profile

Richard Brooks's picture
Richard Brooks
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC
Follow
Contact

About me

Successful developer of Energy Industry B2B and Cyber security standards at North American Energy Standards Board (NAESB) (www.naesb.org) since 1995; ANSI Meritorious Service Award Recipient;...

  • Member since 2018
  • 813 items added with 334,035 views

Status

  • Load Management Expert
  • Digital Utility Expert

Top Members

Richard Brooks

Co-Founder and Lead Software Engineer

Reliable Energy Analytics LLC

Charley Rattan

Hydrogen & Offshore Wind, business advisor and trainer

Charley Rattan Associates

Rafael Herzberg

Consultant energy affairs

Self employed

Shared Link

  • Share
  • Sign in to Vote Like (1)
  • Comment (1)
  • Nov 19, 2020 2:13 pm GMTNov 19, 2020 2:30 pm GMT
  • 615 views

The Power And The Peril Of APIs

Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join t

Read More
Source: go.forrester.com

Forrester has a new report available (see link below) on the risks that come with the use of web API's in an application. Web API's are external dependencies which your software relies on for proper operation. These external web API's represent another attack vector that a company must be aware of and include in their risk management plans. It is imperative that any SBOM standard that comes to light MUST include the ability to identify these external web API dependencies so that a software consumer will have the insights and visibility needed to perform an effective and comprehensive software supply chain risk assessment, like the seven step process implemented in SAG-PM, which has been presented as an Energy Central PowerSession, available on demand here

Customers need the ability to protect themselves from harmful software before any attempt at installation. An SBOM is a critical component of an effective software supply chain risk assessment process. The good work of Allan Friedman at NTIA is leading the effort to determine and define an effective SBOM standard to help companies identify and manage software risks.

  • report
  • cybersecurity

Discussions

Sign in to Participate
Bob Meinetz's picture
Bob Meinetz on Nov 19, 2020

Richard, descriptions of the attack on Panera's database sound very much like an avoidable injection attack - ones that have been a problem for at least two decades.

My own experience: a small company, for which I had designed a custom web portal, was the victim of such an attack. Hackers obtained 8 customers' credit card data - but fortunately, customers were notified and cards cancelled before any money was stolen.

Creating hardened websites isn't cheap. For developers it requires spending time and money that isn't recoupable in hourly design rates. Even when clients are made aware of the risks, few are willing to invest in added security.

Every commercial website online today is being targeted by injection attacks (I've seen sites hit by thousands of them in a matter of minutes). After my experience, I can't afford not to invest the time and money - too much on the line.

  • Sign in or Register to post comments
Richard Brooks's picture

Thank Richard for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Sign in to Vote Like this post
Follow
More posts from this member
  • Achieving New England State Energy Goals within an AOCE NEPOOL Wholesale Capacity Market Design
  • California ISO Report on system and market conditions, issues and performance: August and September 2020
  • AOCE under consideration as "Another Approach" for a NEPOOL Wholesale Capacity Market Pathway
  • The Power And The Peril Of APIs

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

Start a Post »                 Learn more about posting on Energy Central »

Your access to Member Features is limited.

Sign InApply for membership
  • Share a link

Related Content

Digital Utility Roundup: Recent Must-Read Posts From Fellow Community Members
122Sign in to Vote Like (1)
Caveat Emptor
102Sign in to Vote Like (2)
5 Digital Transformation-Driven Cybersecurity Considerations
106Sign in to Vote Like (1)
The Need for IT Governance Rises
41Sign in to Vote Like (1)

Recent Comments

Jason Price
Jason commented on ...
From the Energy Central Community Team: Thanks to you all and Happy Thanksgiving
Thank you Matt! Thanks for your hard work and dedication. Have a great Thanksgiving everyone! 
Sid Abma
Sid commented on ...
Will Indiana stick with coal or embrace renewables? Energy task force to decide next week
Hi Ansh
Ansh Nasta
Ansh commented on ...
Will Indiana stick with coal or embrace renewables? Energy task force to decide next week
Hi Sid, I watched your video. Do you have any peer-reviewed, published papers to support the claims made in your video?
Joe Deely
Joe commented on ...
Renewable energy: Could floating turbines power our homes?
Love it Bob... when you make a statement/take a stance. If only I could take whatever you say and bet against it in Vegas. Dang.

Sponsors & Partners

Guidehouse
AESP
EnergyCentralJobs
Esri
Energy Central
Bentley Systems, Inc.
PLMA (Peak Load Management Alliance)
Smart Electric Power Alliance (SEPA)
Anterix
Franklin Energy

Energy Central
Our Mission
Our mission at Energy Central is to help global power industry professionals work better. Our Power Industry Network™ platform is built to help our members connect with each other, share their knowledge & experience and advance their careers in the industry. Membership is open to professionals working at utilities and organizations supporting the industry.

Energy Central

  • Membership
  • Community Standards
  • Participate!
  • Privacy Policy
  • Terms of Service
  • About Us
  • Advertise with Us

Get Social

  • Twitter
  • LinkedIn
  • Facebook

Stay Connected

  • Subscribe
  • Follow via RSS
  • Contact Us