russia - Power Utilities - Red Sky Alliance2024-03-29T10:07:10Zhttps://redskyalliance.org/power-utilities/feed/tag/russiaIt's About Time, But Wait more Evidencehttps://redskyalliance.org/power-utilities/it-s-about-time-but-wait-more-evidence2022-01-23T18:44:53.000Z2022-01-23T18:44:53.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10035854891,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10035854891,RESIZE_400x{{/staticFileLink}}" alt="10035854891?profile=RESIZE_400x" width="250" /></a>The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.</p>
<p>The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.<a href="#_ftn1">[1]</a></p>
<p>Under existing CIP reliability standards, network security monitoring is focused on defending the electronic security perimeter of networks. FERC is seeking to address concerns that the existing standards do not address potential vulnerabilities of the internal network to cyber threats.</p>
<p>INSM addresses situations where vendors or individuals with authorized access that are considered trustworthy might still introduce a cybersecurity risk. For example, the SolarWinds attack in 2020 demonstrated how an attacker can bypass network perimeter-based security controls used to identify and thwart attacks. This supply chain attack leveraged a trusted vendor to compromise the networks of public and private organizations.</p>
<p>Incorporating INSM requirements into the CIP Reliability Standards would help to ensure that utilities maintain visibility over communications in their protected networks, FERC said. Doing so can help detect an attacker’s presence and movements and give the utility time to take action before an attacker can fully compromise the network. INSM also helps to improve vulnerability assessments and can speed recovery from an attack.<a href="#_ftn2">[2]</a></p>
<p>The NOPR seeks comment on all aspects of the proposed directive to develop and submit new or modified Reliability Standards for INSM for high- and medium-impact cyber systems. Comments on the NOPR are due 60 days after publication in the Federal Register.</p>
<p>Red Sky Alliance totally supports these proposed regulations. If the electric grid shuts down, everything in cyber and in essence, an entire country will shut down. </p>
<p><strong>But wait</strong>, e<a href="https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html">xperts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine</a>. On 22 January 2021, TheHackerNews provided a report that the latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPetya malware</a> that was unleashed against the country's infrastructure and elsewhere in 2017.<a href="#_ftn3">[3]</a></p>
<p><a href="{{#staticFileLink}}10035855073,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10035855073,RESIZE_400x{{/staticFileLink}}" alt="10035855073?profile=RESIZE_400x" width="400" /></a>The malware, titled <a href="https://thehackernews.com/2022/01/a-new-destructive-malware-targeting.html">WhisperGate</a>, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an emerging threat cluster codenamed "DEV-0586." "While WhisperGate has some strategic similarities to the notorious NotPetya wiper that attacked Ukrainian entities in 2017, including masquerading as ransomware and targeting and destroying the master boot record (MBR) instead of encrypting it, it notably has more components designed to inflict additional damage," Cisco Talos <a href="https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html">said</a> in a report detailing its response efforts.</p>
<p>Stating that stolen credentials were likely used in the attack, the cybersecurity company also pointed out that the threat actor had access to some of the victim networks months in advance before the infiltrations took place, a classic sign of sophisticated APT attacks.</p>
<p>The WhisperGate infection chain is fashioned as a multi-stage process that downloads a payload that wipes the master boot record (<a href="https://en.wikipedia.org/wiki/Master_boot_record">MBR</a>), then downloads a malicious DLL file hosted on a Discord server, which drops and executes another wiper payload that irrevocably destroys files by overwriting their content with fixed data on the infected hosts.</p>
<p>The findings come a week after roughly 80 Ukrainian <a href="https://thehackernews.com/2022/01/massive-cyber-attack-knocks-down.html">government agencies' websites</a> were defaced, with the Ukrainian intelligence agencies confirming that the twin incidents are part of a <a href="https://thehackernews.com/2022/01/ukraine-recent-cyber-attacks-part-of.html">wave of malicious activities</a> targeting its critical infrastructure, while also noting that the attacks leveraged the recently disclosed Log4j vulnerabilities to gain access to some of the compromised systems.</p>
<p><a href="{{#staticFileLink}}10035854488,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10035854488,RESIZE_400x{{/staticFileLink}}" alt="10035854488?profile=RESIZE_400x" width="400" /></a>"Russia is using the country as a cyberwar testing ground — a laboratory for perfecting new forms of global online combat," Wired's Andy Greenberg <a href="https://www.wired.com/story/russian-hackers-attack-ukraine/">noted</a> in a 2017 deep-dive about the attacks that took aim at its power grid in late 2015 and caused unprecedented blackouts. "Systems in Ukraine face challenges that may not apply to those in other regions of the world, and extra protections and precautionary measures need to be applied," Talos researchers said. "Making sure those systems are both patched and hardened is of the utmost importance to help mitigate the threats the region faces."</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://ferc.gov/news-events/news/ferc-moves-close-gap-reliability-standards-electric-grid-cyber-systems%C2%A0%C2%A0%C2%A0">https://ferc.gov/news-events/news/ferc-moves-close-gap-reliability-standards-electric-grid-cyber-systems </a> Docket No. RM22-3</p>
<p><a href="#_ftnref2">[2]</a> <a href="https://news.bloomberglaw.com/privacy-and-data-security/ferc-seeks-to-boost-power-grid-cyber-security-standards">https://news.bloomberglaw.com/privacy-and-data-security/ferc-seeks-to-boost-power-grid-cyber-security-standards</a></p>
<p><a href="#_ftnref3">[3]</a> <a href="https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html">https://thehackernews.com/2022/01/experts-find-strategic-similarities-bw.html</a></p></div>Russia’s Floating Nuke Power Planthttps://redskyalliance.org/power-utilities/russia-s-floating-nuke-power-plant2019-12-26T13:12:19.000Z2019-12-26T13:12:19.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3785260048,RESIZE_710x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3785260048,RESIZE_710x{{/staticFileLink}}" width="274" height="155" alt="3785260048?profile=RESIZE_710x" /></a>A floating nuclear power plant has been connected to the Russian electric power grid and has commenced electricity energy for the first time in a remote region of Russia. </p>
<ul><li>The vessel Akademik Lomonosov set sail from the port of Murmansk in August. </li>
<li>The history of this technology stretches back many years to the 1960s. The US has also successfully converted a ship into a floating nuclear power plant.</li>
</ul><p>In a statement last week, Russia’s state-owned nuclear company Rosatom said the Akademik Lomonosov had started to produce electricity in the “isolated Chaun-Bilibino network” in the Port of Pevek, Chukotka, which is located in the Far East area of Russia. Rosatom explains this vessel as the world’s “only floating power unit,” it is envisions that the M/V Akademik Lomonosov, which set sail from the Russian Port of Murmansk last August, will become an important part of the Chukotka area’s power supply. It has two KLT-40C reactors which have a capacity of 35 megawatts each. Rosatom describes the facility as a “first of a kind”, the history of floating power plants stretches back decades, yet the US converted a ship called the M/V STURGIS into a floating nuclear power plant during the 1960s.<a href="#_ftn1">[1]</a></p>
<p>As a symbolic gesture, the first volts of electricity pumped out by the plant lit up a Christmas tree on the icebound village’s central square.</p>
<p>Rosatom says the floating nuclear power plant is suited to remote areas and “island states” which need stable and in Russia’s own words, “green,” sources of energy. Rosatom boasts that interest in this floating technology is coming from North Africa, the Middle East and Southeast Asia. Rosatom has previously said that it is already working on second-generation floating power units that will be constructed in a series and available for export.</p>
<p>In a statement issued at the end of August, the Director General of Rosatom described the launch of the floating power plant as a “momentous occasion for our company and for the Chukotka region.” They added that the M/V Akademik Lomonosov would “guarantee clean and reliable energy supplies to people and businesses across the region.” While there is excitement in some quarters surrounding the scheme there are concerns surrounding nuclear power projects. This is in part due to high profile events such as the Japanese Fukushima disaster of 2011, when a powerful earthquake and tsunami resulted in a meltdown at the Fukushima Daiichi nuclear power plant. Rosatom said that its floating nuclear power plant has been designed with a “great margin of safety” which exceeds “all possible threats,” and makes the nuclear reactors invincible to tsunamis and “other natural disasters.” It adds that the nuclear processes at the facility meet requirements from the International Atomic Agency and do not pose an environmental threat. The University College London’s Energy Institute issued statement saying, that while the M/V Akademik Lomonosov was not all that significant in terms of energy productions, it is “significant in terms of risk.” All nuclear power plants are vulnerable to unforeseen external events through human or engineering-based fault conditions, which include accidental or deliberate harm.</p>
<p>The university added that whatever your views on nuclear power, it is clear that “the possibility of catastrophic accidents must be factored in — and the risk to people and the environment as a consequence of a major incident to a floating reactor is very significant indeed.”<a href="#_ftn2">[2]</a></p>
<p>Red Sky Alliance is in New Boston, NH. We are a cyber threat analysis and intelligence service organization. For questions, comments or assistance, please contact Red Sky directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.oilandgas360.com/a-floating-nuclear-power-plant-has-started-to-produce-electricity-in-a-remote-region-of-russia/">https://www.oilandgas360.com/a-floating-nuclear-power-plant-has-started-to-produce-electricity-in-a-remote-region-of-russia/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.maritime-executive.com/editorials/russia-s-floating-nuclear-plant-plugged-in-at-pevek">https://www.maritime-executive.com/editorials/russia-s-floating-nuclear-plant-plugged-in-at-pevek</a></p></div>