Blogs

This week, APGA staff participated in two briefings that provided updates on the federal government’s response to the ongoing cyber incident related to the compromise of SolarWinds Orion software. For those not familiar, identification of a breach was recognized in December of last year, and the impacts are wide ranging, including effects on the Department of Energy (DOE), as well as utilities like Kansas City Power and Light Company. The focus is now on mitigation of the breach and preventing a similar occurrence. To learn more, review the following materials, which are from the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA):

• DHS CISA Cybersecurity Advisory AA20-352A: https://us-cert.cisa.gov/ncas/alerts/aa20-352a

• Supplemental Guidance to Emergency Directive 21-01: https://us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency

The above materials will be updated by CISA as more information becomes available. Further information can also be found on one of the many Information and Sharing Analysis Centers (ISACs). If your utility is not already a part of one of these, this may be a good time to join. APGA staff will continue to monitor and provide pertinent updates to members.

For questions on this article, please contact Stuart Saulters of APGA staff by phone at 202-544-1334 or by email at ssaulters@apga.org.