Security Awareness Blog: Category - STH.CIP

NERC CIP Compliance - The Challenge Is Just Beginning

Editor's Note: Today's guest blog is published by Ted Gutierrez, CISSP, GICSP, and GCIH, is the ICS & NERC CIP Product Manager at the SANS Institute and co-author of SANS ICS456 - Essentials for NERC CIP. Anyone familiar with the NERC Critical Infrastructure Protection (CIP) standards is painfully aware that July 1, 2016 is … Continue reading NERC CIP Compliance - The Challenge Is Just Beginning


Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped

Editor's Note: Today's guest blog is published by TedGutierrez, CISSP, GICSP, and GCIH, is the ICS & NERC CIP Product Manager at the SANS Institute and co-author of SANS ICS456 - Essentials for NERC CIP. With the recent release of the E-ISAC and SANS ICS Defense Use Case (DUC) #5 which analyzed the cyber-attack that … Continue reading Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped


Fiction Sometimes Eerily Like Future Reality

Editor's Note: This is a guest Blog Post from Ted Gutierrez, Ted is the ICS & NERC CIP Product Manager at the SANS Institute. In this post he discusses "Anatomy of an ICS Attack". By now anybody who follows cybersecurity news has probably heard about the December 23, 2015 attack on the Ukrainian electric … Continue reading Fiction Sometimes Eerily Like Future Reality


Ukrainian Power Grid Attack -- Not Hype

Editor's Note: This Guest Blog postis byTed Gutierrez, a member of the SANSICS & NERC CIP team. When reports of a December 23, 2015 Ukrainian power outage linked to a coordinated malware attack first began to surface, I was skeptical. I'd previously written about vulnerabilities inherent in the US electric grid but had cautioned against … Continue reading Ukrainian Power Grid Attack -- Not Hype


Not your father's CIP

Michael Assante There are many things that are still fuzzy when thinking ahead to CIPv5, what is clear is that you can't simply take your past V3 experience and apply it forward. NERC and industry have taken a big step forward in designing a set of cybersecurity standards that focus on protecting against cyber compromises … Continue reading Not your father's CIP