See All Nexus 2024 Sessions
Claroty Nexus Logo
Topics:
See all in Cyber Resilience See all in Articles
See all in Videos
See all in Podcasts
In this episode of Claroty's Nexus podcast, Manny Cancel, CEO of the Electricity Information Sharing and Analysis Center (E-ISAC) and a NERC senior vice president, discusses the Biden Administration's 100-day plan to improve cybersecurity in the electric industry.

Nexus Podcast: E-ISAC on Biden 100-Day Plan for Power Grid Cybersecurity

Michael Mimoso
/
May 18, 2021

The Biden administration's recently announced 100-day plan to improve cybersecurity in electric utilities comes at a time when critical infrastructure is reeling from recent high-profile incidents, including the Colonial Pipeline ransomware attack. The plan unites privately and publicly held electric utilities, the Department of Energy (DOE), and CISA in an effort to improve defenses at a time when not only nation-states but also criminal organizations operating online are taking targeted swipes at critical infrastructure.

In this episode of Claroty's Nexus podcast, Manny Cancel, CEO of the Electricity Information Sharing and Analysis Center (E-ISAC) and a NERC senior vice president, discusses the 100-day plan and why this is a critical time for the electricity industry and critical infrastructure.

"What the plan is pushing for is a partnership with the electricity sector. It wasn't super prescriptive, but that provides an opportunity for both the government and the sector to work collaboratively to decide how we can best address this critical risk we face," Cancel said.

The plan instructs the DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to partner with utilities to modernize cybersecurity defensive measures. The plan asks utility owners—many of whom are in the private sector—to improve detection, mitigation, and forensic capabilities, to lock down IT networks and improve visibility into operational technology (OT) networks and industrial control systems (ICS).

The plan also includes a request for information (RFI) from the DOE seeking input from the electricity industry—including academia, research labs, and other stakeholders—on recommendations to improve supply chain security.

"The biggest challenges come from the diversity of technologies we use across the sector. What do we bite off and chew first from a risk perspective is one of the first orders of business," Cancel said. "The RFI is a great way to start this thing off where we're not dictating what we're going to do, but learn a little bit and try to address this in a risk-based way to make sure whatever we put in place really does a good job of providing a high level of protection for the sector."

Cancel added that he's encouraged to see the Biden administration push so early in its administration for cybersecurity improvements for the power grid, that he hopes to see a more deliberate focus on the security of OT and ICS systems.

"It's where our greatest risk is," he said. "Visibility into control systems and taking a more deliberate focus on the risk facing control systems is a paramount piece to this."

You'll also hear more about:

  • Risks introduced by IT/OT convergence

  • Threats specifically targeting electricity utilities

  • How to best build cyber resilience into the grid and utilities' IT and OT systems

  • Opportunities for cybersecurity careers in the electric sector

  • The mission of the E-ISAC and how it fosters threat intelligence sharing among its 1,100 member organizations.

Subscribe, rate, and review the Nexus podcast on all major platforms, including Apple Podcasts and Spotify.

Michael Mimoso
Editorial Director

Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.

Stay in the know Get the Nexus Connect Newsletter
Subscribe
Listen on Apple Podcasts. Listen on Spotify Podcasts.
Share
LinkedIn Twitter Facebook Email
Featured Articles
Considerations for Medical Device Vulnerability Remediation Technical Debt in OT Environments: How It's Different and Why it Matters The Purdue Model's Risky Blindspot
Featured Videos
Browse by Topics
Cyber Resilience Cybersecurity Insurance Federal Food & Beverage Healthcare Industrial Internet of Things Nexus Conference Operational Resilience Operational Technology Ransomware Risk Management Technical Debt Vulnerability Management Zero Trust
You might also like… Read more
nexus_munish.jpg
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents

Michael Mimoso
nexus_brian-foster.jpg
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid

Michael Mimoso
matthew-rogers-cisa.jpeg
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT

Michael Mimoso
noam-moshe-headshot.jpeg
Internet of Things
Operational Technology

Nexus Podcast: Noam Moshe on the IOCONTROL Malware

Michael Mimoso
Team82’s Noam Moshe discusses state actor targeting of OT, why it’s so challenging to develop ransomware for OT and industrial control systems, and the mitigation strategies available to defenders of cyber-physical systems.
Cyber Resilience
Internet of Things

Nexus Podcast: Team82 on Attacking the Insecure IoT Cloud

Michael Mimoso
nexus_steven-adair.jpg
Cyber Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Volexity’s Steven Adair on the Nearest Neighbor Attack

Michael Mimoso
In this episode of the Nexus Podcast. Runsafe Security CEO and cofounder Joe Saunders examines the motivations of these adversaries, the targeting of memory-based vulnerabilities in embedded systems prevalent in OT and healthcare, and how initiatives such as secure-by-design/default/demand can make a dent in ensuring the resilience of critical infrastructure.
Cyber Resilience
Industrial
Healthcare

Nexus Podcast: Joe Saunders on Advanced Attacks Against Critical Infrastructure

Michael Mimoso
nexus_grant1.jpg
Industrial
Healthcare
Ransomware
Cyber Resilience
Operational Resilience
Operational Technology

Nexus Podcast: Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Michael Mimoso
In this episode of the Nexus Podcast, Alethe Denis, a senior security consultant at Bishop Fox, joins to discuss the ongoing effectiveness of open-source intelligence analysis and social engineering tactics as a precursor to larger intrusions against critical infrastructure.
Cyber Resilience
Healthcare
Industrial
Risk Management

Nexus Podcast: Alethe Denis on Social Engineering, Red-Teaming

Michael Mimoso
On this episode of the Nexus Podcast, Alon Dankner of the Technion Institute in Israel explains his research into the Siemens S7 protocol and PLCs. A vulnerability uncovered during research allows an attacker to expose and steal private cryptographic keys by leveraging a severe vulnerability and configuration error.
Operational Technology

Nexus Podcast: Alon Dankner on Extracting Private Crypto Keys from PLCs

Michael Mimoso
In this episode of the Nexus Podcast, Claroty Team82 researcher Noam Moshe explains the challenges involved in gathering attack forensic artifacts from OT devices, in this case, Unitronics PLCs that were exploited in 2023 in attacks against water facilities in the U.S. and Israel.
Operational Technology
Industrial

Nexus Podcast: Noam Moshe on Extracting Forensic Data from Unitronics PLCs

Michael Mimoso
In this episode of the Claroty Nexus Podcast, Alexander Antukh, the chief information security officer at AboitizPower, the Philippines’ largest owner and operator of renewable energy, discusses one path toward translating risk and losses into business terms: cyber risk quantification (CRQ).
Risk Management

Nexus Podcast: Alexander Antukh on Cyber Risk Quantification

Michael Mimoso
Latest on Nexus Podcast
See all episodes
The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.
nexus_munish.jpg
Industrial
Operational Resilience
Operational Technology
Risk Management

Nexus Podcast: Munish Walther-Puri on Developing a Scale for OT Cybersecurity Incidents
nexus_brian-foster.jpg
Industrial
Internet of Things
Operational Technology
Cyber Resilience

Nexus Podcast: Brian Foster on the Risks of a Hyperconnected Power Grid
matthew-rogers-cisa.jpeg
Cyber Resilience
Operational Technology
Industrial

Nexus Podcast: CISA on Secure-by-Demand for OT