top of page

Lapsus$ data extortion group leaks more data, this time from Samsung Electronics


Cyber hackers have stolen sensitive source code, this time from Samsung. If reports are accurate, hackers have released information about sensitive operations (e.g. hardware cryptography, binary encryption, access control). Why would we care within the utility business?


I have found it an interesting process where NERC CIP-013 Cyber Security Supply Chain Risk Management Plans mandate assessments of their supply chain with essentially no guidance on how utilities are to execute it. Perhaps it is unclear as to what should be the priority? Is it because the topic is too broad to precisely manage? Regardless of the reason, it is a tough problem.


NATF questionnaires are the closest agreed upon documentation on how utilities might address supply chain management, however, questionnaires are broad in scope, covering many aspects of the topic. If I were to offer an opinion, supplier protection of proprietary source code and access controls for storage and delivery of firmware should be of highest importance to utilities. A utility would not want nation state actors to have access to security features that protect their electric grid with the ability to launch an attack such as the 2015 Ukrainian power grid attack.


29 views0 comments

Comments


bottom of page