Big Data Needs Bigger Security

Big Data Needs Bigger Security (http://www.usnews.com)

Technology

The Equifax breech shows why data companies must be held accountable.
The age of big data is here, along with a growing list of big data breaches and the big mess created for millions of affected consumers. The only thing missing is big consequences for companies that are causing these big losses. Last week, Equifax lost highly confidential personal and financial data on as many as 143 million people. The worst part? You didn’t even give them permission to obtain this information. They can legally collect, store and share it regardless. Although banks have a self-serving track record of their own (Wells Fargo, anyone?) at least as a client, you have a direct relationship that permits you to use the law to hold them accountable……Continue reading at www.usnews.com

My Two Cents: After reading this I would have to agree. If corporations are going to store highly confidential personal and financial data and they lose this data based on hacking which means this data was exposed to the internet, then this company would be responsible. What bothers me about Equifax is the time it took to notify everyone, and I mean everyone’s personal information in the USA has been exposed. This is huge. Sadly security software systems do exist that would have secured this data, but these Big Companies appear to not care to invest in these systems.

Global Cyber Attack Imminent

A devastating global cyber attack is imminent (http://www.dailymail.co.uk/)

Technology

Experts have warned that a devastating global cyber attack is imminent.
The hack, called ‘ExplodingCan’, targets computers running on Microsoft Windows 2003, which means that it could be used to attack 375,000 computers worldwide.
This puts it in the same risk category as last month’s WannaCry ransomware attack which caused mayhem around the world, crippling vital servers such as those used by the NHS.
ShadowBrokers, the group behind the WannaCry hack, stole the ExplodingCan from the NSA, along with an arsenal of other cyber weapons.

The hack targets Microsoft Windows 2003 servers running the Internet Information Services version 6.0 (IIS 6.0) web server.
According to Manchester-based security company, Secarma, Exploding Can exploits a known flaw in the IIS 6.0 servers, triggering a buffer overflow.
This in turn can be used for remote access to the computer, and could allow hackers to plant ransomware in a similar fashion to the WannaCry worm.

Continue reading at http://www.dailymail.co.uk/

My Two Cents:
Another reason supporting moving to the Adept Secure Platform. Microsoft Windows Server 2003 has been retired for many years, outdated software is just one little problem…

Reliable Grid Operations – NERC

Reliable Grid Operations – NERC (http://www.nerc.com)

Technology

Electricity is unique in that it can’t be conventionally stored for later use. It’s produced and consumed in real time.

Electricity must be produced and delivered at the same time consumers need it.

While most people take reliable electric service for granted, it is something the electrical industry makes a daily priority. Disruptions to electric service are more than an inconvenience, they are matters of health and safety. In addition, power disruptions can be costly to consumers and businesses.

The sustained dependability of electric service is a crucial component of modern life and a key to the economic vitality of the world.

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability of the bulk power system in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the electric reliability organization for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 334 million people.

Cyber Security is enforced via the CIP – Critical Infrastructure Protection Reliability Standards.

Reliability Standard Violations in New England Result in $3 Million Penalty, March 30 – After completing its fact-finding, FERC’s Office of Enforcement concluded that Berkshire Power Company LLC (Berkshire) and Power Plant Management Services LLC (PPMS) violated the FPA, jurisdictional tariffs, various FERC regulations, and NERC Reliability Standards.

My Two Cents:
NERC can issue large fines if you get into their crosshairs. I understand why NERC exists today with regard to Cyber Security. My question would be will NERC help you after an event like what happened in the Ukraine last December, or would they issue you a $3 Million Penalty? Will they share information to others or fine them too? Will this type of enforcement help or make it worse?

We are at a point, where Cyber Security is going to change big time. The way it is being handled today is not the way it will be handled after a successful Cyber 911 attack takes the power grid down… Electricity must be produced and delivered at the same time consumers need it, cyber security will be a HUGE part of making sure it happens…

German nuclear plant suffers cyber attack designed to give hackers remote access

German nuclear plant suffers cyber attack designed to give hackers remote access (http://www.telegraph.co.uk)

Technology – Security

German nuclear plant suffers cyber attack designed to give hackers remote access

A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility’s operations because it is isolated from the Internet, the station’s operator said on Tuesday.

The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE.

The viruses, which include “W32.Ramnit” and “Conficker”, were discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualisation software associated with equipment for moving nuclear fuel rods, RWE said.

Malware was also found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems. RWE said it had increased cyber-security measures as a result.

W32.Ramnit is designed to steal files from infected computers and targets Microsoft Windows software, according to the security firm Symantec.

First discovered in 2010, it is distributed through data sticks, among other methods, and is intended to give an attacker remote control over a system when it is connected to the Internet.

Conficker has infected millions of Windows computers worldwide since it first came to light in 2008. It is able to spread through networks and by copying itself onto removable data drives, Symantec said.

RWE has informed Germany’s Federal Office for Information Security (BSI), which is working with IT specialists at the group to look into the incident.

The BSI was not immediately available for comment.

My Two Cents:
Again…The DOE, and FERC need to address cyber security problems as a national security clear and present danger issue (TLP) RED level. I personally feel that the DOE and FERC are NOT the type of government agencies that mission statements are for this type of national security challenge (Protecting the USA Power Grid(s)). The DHS, US-CERT and FBI need to take control and get some move on in this power industry…

Talen Energy completes power plant sales, Holtwood and Lake Wallenpaupack

Talen Energy completes power plant sales, Holtwood and Lake Wallenpaupack (http://www.mcall.com)

Technology – Hydro

Talen Energy of Allentown has completed a series of power plant divestitures required by federal regulators last year when the company was launched.

The independent power producer announced Friday that, as anticipated, it had completed the sale of its Holtwood and Lake Wallenpaupack hydroelectric plants to a subsidiary of Brookfield Renewable Energy Partners L.P. for $860 million.

The two Pennsylvania hydroelectric plants – Holtwood in Lancaster County and Lake Wallenpaupack in the Pocono Mountain region – have a combined generating capacity of 292 megawatts.

The Federal Energy Regulatory Commission required the divestitures when PPL Corp. spun off its PPL Supply power plant and energy marketing division, combining it with certain power plants owned by Riverstone Partners, to form Talen Energy.

My Two Cents:
Should be a good move for Brookfield Renewable Energy Partners L.P.