Dr. Kristin Bennett’s Post

📣 Attention if you work at a company in the energy sector, the U.S. Department of Energy just released Supply Chain Cybersecurity Principles. Suppliers and end users in the sector are encouraged to maintain a coordinated vulnerability disclosure process aligned to industry best practices. HackerOne conducts continuous monitoring through our world-class vulnerability disclosure and bug bounty programs. Find out more about the Cybersecurity Principles at HackerOne. 📣

Electric vehicle extreme fast charging infrastructure must be secure from cyber and physical threats. National Institute of Standards and Technology (NIST)’s Cybersecurity Framework Profile for EV/XFC Infrastructure is designed to supplement existing risk management programs. The profile can aid organizations to identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data. This project is jointly funded by CESER and Office of Energy Efficiency and Renewable Energy (EERE), U.S. Department of Energy’s Vehicle Technologies Office (VTO). Read more about the draft framework profile, which is open for public comment through 8/28: https://lnkd.in/ds_StDeZ

The Office of Cybersecurity, Energy Security, and Emergency Response of the US Department of Energy released today the "Supply Chain Cybersecurity Priniciples." Start with the White House briefing at https://lnkd.in/g4qw2vg3 Excerpt: "The Supply Chain Cybersecurity Principles characterize the foundational actions and approaches needed to deliver strong cybersecurity throughout the vast global supply chains that build energy automation and industrial control systems (ICS). The principles aim to create an enduring framework to drive best practices today, while informing international coordination to advance those practices into the future. " Link to the principles: https://lnkd.in/gvJbssNT Stel Valavanis Scott M. Giordano, Esq., AIGP, FIP, CISSP, CCSP

🔐Let's prioritize cyber resilience in our infrastructure sectors! Amid rising cyber threats, it's crucial for infrastructure organizations to bolster their defenses. The Cyber-Informed Engineering #CIE & Consequence-driven Cyber-informed Engineering #CCE methodologies, pioneered by Idaho National Laboratory, offer a robust solution. Check out this insightful new piece on Industrial Cyber from Anna Ribeiro features inputs from experts Sarah Freeman Edward Suhler Tony Turner MITRE Mission Secure Opswright🛡️ https://lnkd.in/dcM-V89i   🌐 Key Takeaways: > CIE/CCE methodologies focus on eliminating cyber-attack routes, ensuring resilience during attacks. > Traditional engineering often overlooks cyber threats. CIE/CCE integrates cybersecurity from the start. > These methodologies are adaptable across sectors like water, transportation, and manufacturing. > Experts highlight real-world success stories in the energy sector, emphasizing the importance of an 'engineering first' mindset. > Small businesses can also benefit, from tailored approaches like CCE Lite. Resources, training, and partnerships are vital for widespread adoption.   #icsCybersecurity #otcybersecurity #CIE #CCE #Infrastructure #Resilience

ACS Cyber Security Incident Response Playbook Canadian companies that operate critical Industrial Automation and Control Systems (IACS) need acomprehensive incident response plan to deal with cyber security incidents. If a cyber-attack compromises field control devices, it could create safety hazards that put employees and the public at risk.This IACS Cyber Security Incident Response Playbook provides a plan that integrates various internationally recognized cyber security IT and OT incident response standards with the Incident Command System (ICS), an industry-agency proven, and internationally accepted, emergency management system. This playbook is developed to accompany the advancement of thestandards, best practices, and guidelines related to cyber security in the critical infrastructure sectors. The targeted stakeholders are companies operating IACS in the following industries: Water, Energy & Utilities Download & read the complete document in 👉 CISO2CISO.COM 👈 or clicking here in the image below 👇, if you find this information useful and valuable share it with your professionals contacts & networks and leave your comments. Thanks https://lnkd.in/d4HEUkJ7 #CISO2CISO #CYBERSECURITY

"Translating CIE or CCE principles across critical infrastructure sectors The experts also explore how the concepts and principles of CIE or CCE can be translated and applied to other crucial infrastructure sectors beyond energy, including healthcare, transportation, and finance." https://lnkd.in/gH3-dzUQ #cybersecurity #criticalinfrastructure #cyberresilience #CIE #CCE #industrialcyber #icssecurity #ics

"Translating CIE or CCE principles across critical infrastructure sectors The experts also explore how the concepts and principles of CIE or CCE can be translated and applied to other crucial infrastructure sectors beyond energy, including healthcare, transportation, and finance." https://lnkd.in/g4NM3VPJ #cybersecurity #criticalinfrastructure #cyberresilience #CIE #CCE #industrialcyber #icssecurity #ics

"Translating CIE or CCE principles across critical infrastructure sectors The experts also explore how the concepts and principles of CIE or CCE can be translated and applied to other crucial infrastructure sectors beyond energy, including healthcare, transportation, and finance." https://lnkd.in/e7Tt4QTQ #cybersecurity #criticalinfrastructure #cyberresilience #CIE #CCE #industrialcyber #icssecurity #ics

Great initiative on "Supply Chain Cybersecurity Principles" from the U.S. Department of Energy (DOE) and highlighted by the White House to strengthen the resilience of the #electricitygrid. They suggest 10 principles for suppliers and end users. Here are a few to highlight: ✳ Impact-Driven Risk Management (embed consideration of impacts) ✳ Transparency & Trust Building (share appropriate information) ✳ Proactive vulnerability management (maintain risk-informed vulnerability management. In other words, you don't have to fix everything but fix vulnerabilities that drive major risks.) Those are good ones to evolve to a risk-based approach to cybersecurity. #energy #OTcyberrisk #CRQM #securitystrategy https://lnkd.in/gVNamDjG

"Translating CIE or CCE principles across critical infrastructure sectors The experts also explore how the concepts and principles of CIE or CCE can be translated and applied to other crucial infrastructure sectors beyond energy, including healthcare, transportation, and finance." https://lnkd.in/dTgGYJqn #cybersecurity #criticalinfrastructure #cyberresilience #CIE #CCE #industrialcyber #icssecurity #ics