Today’s LiveWire Spotlight looks at the second summary report providing the high-level accounts of the cyber security incidents reported to the Electricity Information Sharing and Analysis Center (E-ISAC) in 2022 pursuant to CIP-008-6. Out of the eight incident notifications, malware was the most common attack vector. Two other forms of attack exploited known vulnerabilities (Log4j and Fortinet) and managed to infect EACMS assets. The last two hacks were conducted through the supply chain – one blinded a backup SCADA vendor; the second blocked a third-party from submitting forecasts to a BA.
NERC states in the report that a project team has been formed to implement the Standards Authorization Request (SAR) for Project 2022-05. They are reviewing stakeholder feedback to the SAR and expect to deliver a revised version to the Standards Committee in May.
