The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Post

From the wonderful folks who brought you NotPetya

Tom Alrich's picture
Supply chain Cybersecurity Risk Management and NERC CIP-013 consulting Tom Alrich LLC

Currently with Tom Alrich LLC, I provide strategy and compliance consulting to electric power industry clients and vendors to the power industry, focusing on the NERC CIP cybersecurity standards....

  • Member since 2018
  • 170 items added with 39,829 views

 

A good friend of mine, who will soon take an important cybersecurity position in the Biden administration, emailed me this article last week. He accompanied it with a note that said “A friend sent this to me last week; I was clenching my teeth as I read the article and the referenced report.”

At first, I was reluctant to read the article, since my dentist has warned me I’m clenching my teeth too much (although I told her I think the problem will abate with the new administration). But I did read it, and I also found it teeth-clenchingly outrageous. I also found this article from The Register, which – as usual with that publication – brought some nice insights to the story.

I can’t say anybody’s at fault here, and I can’t say the company in question, Positive Technologies, does in fact work hand-in-glove with the GRU. But they do tout their relationship with the Russian military on their web site, and my guess is they’re not in the business of securing the motor pool.

Of course, the worst part of the story is they were part of a group of firms given early access to vulnerability information by Microsoft (they also had relationships with VMWare, Intel, HP and IBM, and their customers include “major European banks Societe Generale and ING, as well as Samsung, SK Telecom of South Korea and BT, the British telecommunications giant”). Earth to Microsoft: There’s nothing wrong with having a relationship with a Russian firm. But to give early vulnerability information to a firm that advertises its relationship with the Russian military…What were you thinking? Or more to the point, were you thinking at all?

I’ve been intending to write a post on the cluelessness of Microsoft in another area, so this gives me reason to write that post in the near future . I have maybe 10-15 posts in my “backlog”, but something new always keeps coming up, so often they get pushed back – and some of the new topics just get added to the backlog. So much cluelessness, so little time…

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

Tom Alrich's picture
Thank Tom for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Discussions

Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »