United States:
FERC And NERC Publish Whitepaper On SolarWinds And Related Supply Chain Compromise
To print this article, all you need is to be registered or login on Mondaq.com.
On July 6, 2021, the staff of the Federal Energy Regulatory
Commission (FERC) and the North American Electric Reliability
Corporation (NERC) Electricity Information Sharing and Analysis
Center (E-ISAC) issued a whitepaper entitled “SolarWinds and
Related Supply Chain Compromise – Lessons for the North
American Electricity Industry.” The whitepaper “describes
these major supply chain-related cyber security events and the key
actions to take to secure systems”1 and is
“intended for electric industry stakeholders and vendors as
they consider their next steps in continued response to the
SolarWinds cyberattack”2 and “other recently
identified cybersecurity vulnerabilities [that] have the potential
to compromise electric industry cybersecurity.”3 The
whitepaper:
- “primarily focuses on the significant and ongoing cyber
event related to the SolarWinds Orion platform and the related
Microsoft 365/Azure Cloud compromise, [and] also addresses
vulnerabilities in products such as Pulse Connect Secure,
Microsoft’s on-premise Exchange servers, and F5’s
BIG-IP;”4 - “offers key actions to take and key questions to ask to
ensure the electricity industry is taking all necessary steps to
mitigate compromises related to these incidents and
vulnerabilities;”5 and - “highlights the need for continued vigilance by the
electricity industry related to supply chain compromises and
incidents, identifies key elements of adversary tradecraft,
highlights specific malwares and tools to remediate, and recommends
actions to ensure the reliability and security of the [bulk-power
system].”6
With regard to the SolarWinds attack specifically,
“[c]onsidering the sophistication, breadth, and
persistence” of that attack,7 the whitepaper recommends
“electric industry stakeholders fully consider the available
diagnostics and mitigation measures to [e]ffectively address the
software compromise,” including considering the
recommendations in the U.S. Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency (CISA) Emergency
Directive 21-01 (directed toward federal agencies) and CISA Alert AA20-352A (directed toward the private
sector).8 Such recommendations include
“disconnecting affected systems, conducting deep forensics,
performing risk analyses, and consulting with CISA before
reconnecting [or rebuilding] affected systems.”9 The
whitepaper also includes its own specific recommended industry
actions, which are extensive and detailed.10
Of particular note, the whitepaper states that “[b]ecause
of SolarWinds’ wide use and the adversarial tactics used,
even entities that did not install SolarWinds on their
networks could still be impacted. For example, the
indicators of compromise (IOCs) have been found on networks without
SolarWinds. In addition, although SolarWinds may not have been used
by entities, their key suppliers may use the product. Should the
suppliers be compromised, the supplier in turn could compromise
their customers, including those without SolarWinds. In fact, there
is evidence technology firms were targeted for this
reason.”11 Accordingly, electricity industry
participants should carefully review the recommended actions in the
whitepaper and the alerts it references and consider implementing
those that apply to them.
The whitepaper also notes that “[t]he E-ISAC is working
closely with its members, FERC, and other partners in the Canadian
and United States governments to produce timely, actionable, and
useful defense information for all segments of the electric
industry.”12 Going forward, the E-ISAC
“anticipates supplementing its current information sharing
with new [Cybersecurity Risk Information Sharing Program]
capabilities, enhanced cross-border sharing, and collaboration with
the U.S. Department of Energy’s office of Cybersecurity, Energy
Security and Emergency Response,” and FERC staff “stands
ready to assist in the dissemination of actionable information that
supports the electric industry in proactively responding to cyber
attacks and other cyber vulnerabilities.” The whitepaper is
available here. Stay tuned.
Footnotes
1.
Whitepaper at 17.
2. Id. at
6.
3. Id. at
13.
4. Id. at
6.
5.
Id.
6.
Id.
7. Id. at
4.
8. Id. at
4-5.
9. Id. at
5, 9.
10.
Id. at 5, 10-18.
11.
Id. at 4 (emphasis added).
12.
Id. at 17.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Energy and Natural Resources from United States
