"NERC regularly collects information from utilities in response to cyberthreats. But this particular questionnaire exemplifies how the hunt for information related to the suspected Russian hacking operation is very much ongoing in the private sector as it is in government."
“At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise....
"However, the presence of SolarWinds Orion Products in the enterprise networks of registered entities exposes them to the vulnerability and exploitation by the [advanced persistent threat] actor and poses a potential threat to BPS reliability.”
• • •
Missing some Tweet in this thread? You can try to
force a refresh
An update to this story from last night: Among the Iranians' alleged attempts to sow discord after the election was a fake letter purporting to be from Chris Krebs to Matt Gorham, assistant director of the FBI's cyber division. cyberscoop.com/fbi-iran-cisa-…
.@TomBossert at @AuburnCyber event: It's "premature" to frame the #SolarWinds hack exclusively as espionage. As for the espionage side of things, “the scale and scope of this is not excusable.”
Melissa Hathaway, ex-cyber adviser to GWB & Obama, praises FireEye for its transparency in dealing with the #SolarWinds breach, but calls for SolarWinds itself to be more transparent, saying the firm is responsible for intro-ing a considerable amount of risk into the supply chain
"The world was on fire before this wind blew through," ex-NSA deputy Chris Inglis says, somewhat poetically, in reference to #SolarWinds. He cites NotPetya and election interference as previous examples of disruptive/impactful cyber operations.
ICYMI. Yesterday was a wild day of infosec news. Allow me to recap our coverage:
Dragos raised $110M from the investment arms of Koch Industries, Saudi Aramco and others. ICS security has hit the big stage: cyberscoop.com/dragos-raises-…
The Norwegians implicated Fancy Bear in the hack on Norwegian parliament. The intrusion techniques were none too fancy, though: cyberscoop.com/norwegian-poli…
FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame cyberscoop.com/fireeye-says-h…
“The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation-state,” said Matt Gorham, assistant director of the FBI Cyber Division.
This is a rare case of the FBI commenting on an ongoing investigation...
NEW: Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts cyberscoop.com/norwegian-poli…
Thanks to @martingund for the translation help. You should read his story on the Fancy Bear revelation here (in Norwegian): nrk.no/norge/storting…
Fancy Bear’s use of brute-forcing is the latest example of how so-called advanced persistent threat groups “don’t necessarily use advanced techniques,” said @likethecoins: cyberscoop.com/norwegian-poli…
Trump fires CISA chief Chris Krebs, who guarded the 2020 election from interference and domestic misinformation cyberscoop.com/trump-chris-kr…
Private-sector experts,& Democratic lawmakers "protested loudly that Krebs’ dismissal risked hurting national security @ a perilous moment for the country. But Republican lawmakers who have previously praised Krebs, a Trump appointee, were notably silent." cyberscoop.com/trump-chris-kr…
"He was a fixture at DEF Con and Black Hat, the Las Vegas security conferences, sporting brightly colored pants and adopting a self-deprecating style to connect with the crowd." (Also known as TLP Red Pants) cyberscoop.com/trump-chris-kr…