The “bottom line” of the paper is that the E-ISAC strongly recommends utilities examine their Internet-facing systems to ensure that:
• Internet-facing devices are inventoried and examined for vulnerabilities
• Internet-facing devices have sufficient business justification for being publicly exposed
• Utility-owned and managed systems that are exposed to the Internet have adequate protections in place to prevent the exploit described in the paper
• If you do not have the technical expertise within your utility to take these steps, you should seek assistance.
“I want to emphasize the importance of incorporating the E-ISAC’s recommendations into your cyber security programs and processes, due to the unprecedented scale of these recent attacks,” Kelly noted. “Your immediate attention to these recommendations will help mitigate the risk of your cyber systems being misused or rendered unavailable, with all the actual and reputational damage such an event could cause.”
If you have not done so already, IAMU encourages its electric members to sign up for the E-ISAC portal to receive further details on this and other cyber risks. You may also utilize the E-ISAC forum to stay informed and to share information on any cyber or physical attacks, so those in the electricity industry can learn from each other and better defend themselves. To sign up, please contact the E-ISAC for further information at firstname.lastname@example.org or www.eisac.com.