US federal entities are trying to help energy companies improve their security strategies after a series of hacks of US companies intensified concern. The attacks followed one last year that lead to a blackout in Kiev and attacks in 2015 on power plant Prykarpattyaoblenergo, blamed on Russian hacking group ‘Sandworm.’
The US National Institute of Standards and Technology (NIST) is calling attention to the need for cybersecurity standards, especially in the industrial sector, by asking for suggestions to help energy companies fight off attacks, suggestions due April 17.
A strong supporter of US tech innovation, NIST has already issued a project entitled ‘Situational Awareness’ to give companies suggestions on how to avoid cyber strikes similar to those on power distribution companies in Ukraine.
To prevent breaches, or at least detect them early, companies should regularly monitor their operational technology “investigate the chain of events that led to the anomalies, and share findings with other energy companies,” and invest in “’security incident and event management,’ including processes for managing outages, and any products that could “ensure the integrity and accuracy of data collected from remote facilities.”