It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives requires time-consuming, diligent and often a multi-team effort.Now imagine amplifying that responsibility over a power plant that extends over a broad geographic region, and you start to get an idea of the challenge that awaits you. In recent years, plenty of power plants have struggled to strengthen their digital security and suffered digital attacks in the process. Back in 2016, for instance, Reuters reported that investigators had found the W32.Ramnit and Conficker computer viruses hiding in a computer system at the B unit of the Gundremmingen nuclear power plant. It was a year later when BBC News reported that the nuclear power plant in Chernobyl resorted to manually monitoring radiation levels after suffering a NotPetya attack. A couple of years after that, the Nuclear Power Corporation of India Limited confirmed the breach of the administrative network at the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India, as reported by The Washington Post.Cybersecurity and the NERC CIP Reliability StandardsIf you work in cybersecurity for a power company, you are most likely familiar with the North American Electric Reliability Corporation (
Support the originator by clicking the read the rest link below.
