- NERC and Power Company Reach Settlement on Violations of Cybersecurity Standards
- March 26, 2018
A power company has reached an agreement with the North American Electric Reliability Corporation (NERC) to pay $2.7 million for violations of a cybersecurity reliability standard.
- This violation resulted from the online exposure of the company’s data due to a vendor’s mishandling of the data, allowing unrestricted third-party access to 30,000 asset records.
- The violation posed a “serious” risk to the reliability of the bulk power system because it allowed physical and remote access to the power company’s network.
- This case highlights the need for supply chain management and sufficient proactive measures against breaches, including active oversight of all vendors and third parties with access to sensitive data and electronic systems.