Category: Cyber Senate News


“The National Cyber Security Strategy set out the Government’s overarching plan “to make Britain confident, capable and resilient in a fast-moving digital world.”2 This strategy specifically supports the Government in ensuring that the UK has a secure and resilient energy system, by ensuring that the civil nuclear sector is able to defend against, recover from, and is resilient to evolving cyber threats. This enables the sector to continue to produce secure, affordable and clean energy. The strategy will also support the safe, responsible and cost effective management of the UK’s energy legacy. This strategy sets out a path to keeping the UK civil nuclear sector ahead of rapidly evolving threats to, and vulnerabilities in, software and equipment in the next five years.”


The Cyber Senate 2nd Annual ICS Cyber Security Nuclear Summit will take place in Warrington on May 22-24th.

Civil Nuclear Strategy can be found here

Cyber Security for Nuclear New Build discussed in UK May 22-24th 2017

Chief Information Security Officer, Graeme Hockey and Lead C&I Engineering Manager, Peter Partington of Nugeneration Limited will present this May 23 and 24th at the 2nd Annual ICS Cyber Security Nuclear Summit  on “New Build. Are we really starting with a blank canvas?
The presentation session will address the following points:
Cybersecurity in a Security context – Integration into the Security environment
Resources – Information, People and Skills
Incident Response – Red Team, Blue Team, Corporate Integration
Strategy – What could it look like?

Don’t forget if your part of the local Warrington Nuclear Hub we have incentives to attend.

2nd Annual
Industrial Control Cyber Security Nuclear Summit 
“Transformation, Preparedness and Developing Cyber Security Assurance ”
www.industrialcontrolsecuritynuclear.comMay 23/24th Warrington United Kingdom
 Co-Sponsors Kroll 
Co-Sponsors Airbus
Associate Sponsors PA Consulting Group

May 22nd Pre-Conference Workshops

Morning Workshop A hosted by Unisys
“Strategic planning for Industrial Control System (ICS) Security and Privacy”

Afternoon Workshop B with PA Consulting Group 
“How examining attack scenarios can help manage your security risk”

All Workshops are FREE to the first 15 qualifying Operators

Thought Leaders include:

  • Chris Roberts, Chief Security Architect at AcalvioTechnologies/Principal AMCyber Org
  • NCSC, Name withheld
  • Paddy Francis, Airbus
  • Chris Blask, Unisys Global Industrial Control Security Director, Chair ICS-ISAC
  • Roger Howsley, Executive Director WINS
  • Eric Knapp, Chief Engineer and Global Director of Solutions and Technology for Honeywell Industrial Cyber Security
  • John Dickinson, Cybersecurity Control Systems Manager, Control Systems Group, Sellafield Ltd 
  • Karen J Frith, Head of Cyber Operations and Risk, Sellafield Ltd
  • John Donald, Superintending Inspector, Office for Nuclear Regulation 
  • Graeme Hockey, Chief Information Security Officer, Peter Partington, Lead C&I Engineering Manager, NuGeneration Limited
  • Andreu Bravo Sanchez, Chief Information Security Officer, Information Security and Cybersecurity, Gas Natural Fenosa
  • Mike St John Green, Honorary Fellow, University of Warwick, Independent Consultant
  • Rakesh Burgul Senior Security Delivery Manager (Information & Personnel) & Chief Information Security Officer, International Nuclear Services
  • Andrew Beckett, Managing Director, Kroll
  • Karl Williams, Security Advisor, PA Consulting Group

Media Partners include The World Institute for Nuclear Security (WINS), The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), CCI, the Industrial Cybersecurity Center, Infosecurity Magazine and the OSGP Alliance.

2nd annual Industrial Control Cybersecurity Nuclear Summit to take place in Birchwood



Warrington chosen to host international nuclear conference
2nd annual Industrial Control Cybersecurity Nuclear Summit to take place in Birchwood

Warrington is set to host the second annual Industrial Control Cybersecurity Nuclear Summit on 22nd – 24th May 2017.

Taking place at The Centre, Birchwood Park, the two-day conference will cover pressing cyber security challenges in the nuclear industry, including managing supply chains, preparing for the Internet of Things (IoT) and what public/private partnerships could mean for the sector.

The event, which is aimed at an international audience, will be structured around presentations and debate from some of the world’s leading cyber security experts and authorities in nuclear security.

Past presenters have included the IAEA, ONR, NDA, BEIS, Engie, Lockheed Martin, Airbus, Horizon Nuclear, EDF and Honeywell.

Discussing the conference, event organiser James Nesbitt, Founder of the Cyber Senate said: “The security landscape is changing and the way we protect the safety, reliability and stability of our critical nuclear infrastructure must change with it.

“This event will address several key areas such as how to reduce vulnerability, detect threats and how IT and operational technology can work in synergy to defend nuclear assets. It will also cover wider issues in the industry, such as the growing skills gap. We’ve brought together an impressive range of world experts on these topics who will be sharing best practice and providing insight as to what the future may hold for this sector.”

“Warrington is home to a number of organisations in the nuclear industry, including Sellafield Ltd, AMEC Nuclear, NNL and Rolls Royce Nuclear, so holding the conference here felt like a natural step. These are big issues that affect not just the security of businesses, but of whole nations and events like these are an important way to share best practice and plan for the future.”


For more information, visit:

New wave of cyberattacks against Ukrainian power industry

“The cyberattacks against the Ukrainian electric power industry continue. Yesterday (January 19th) we discovered a new wave of these attacks, where a number of electricity distribution companies in Ukraine were targeted again following the power outages in December.” – See article by BY POSTED 20 JAN 2016 – 06:59PM

“The attack on energy facilities on 19-20 January 2016. After the fact”

The attack on energy facilities on 19-20 January 2016. After the fact “”Department Incident Response CyS Centrum (CyS-CERT)”

The attack on energy facilities on 19-20 January 2016. After the factNo sooner had the country / industry oklematsya against cyber attacks, which had led to the outage for an impressive number of consumers as something similar and potentially dangerous happened again.Unidentified attackers on 19 and January 20, 2016 was carried out spot “viral distribution” for e-mail addresses (about 100 recipients), a large number of energy companies in Ukraine. Tactics used much like the one that was used before, during already described cyber attacks on critical information infrastructure of our country – emails, documents, bait, macros, droppers, etc.
In this review, designed to further sharpen the question of the need to improve awareness of information security, we propose to review the process of the attack, the technical details of its implementation, as well as measures taken to address the threat and minimize the negative effects.“Viral delivery” began at the end of the day January 19, 2016. Acting consistently, the second wave of malicious emails sent attackers at the start of day on January 20. When on such actions became known among energy companies, NEC “Ukrenergo” Concerned by the fact that the letters are sent, allegedly on her behalf, made ​​a public statement on the official web site (Fig. 1) [1].

The Cyber Senate announce ICS ISAC Alliance

ICS-ISAC Chair Chris Blask noted that Cyber Senate is an example of an information sharing organization which spans key demographics. “The mission of information sharing involves many stakeholders groups across the entire global community. Cyber Senate captures key thought leaders and works to share information among them and with critical communities. We see Cyber Senate as a highly valuable organization and are pleased to support the good work they are doing.”

Cyber security for the digital railway

Join the Cyber Senate on March 16th in London for an in-depth discussion on the current and future threat, how the industry is responding, the absolute importance of “Security by Design,” the challenges that bridging IT and OT bring in deploying enterprise facing architecture and how to further develop a culture of awareness. Cyber threats are growing in frequency and capability across every industry, but none carry more consequences than those carried out against critical national infrastructure. The global rail industry is where the Smart Grid industry was 10 years ago, now realising that through advanced connectivity and digitisation that greater levels of efficiency and optimisation can be achieved, reduction of carbon footprints and greater value can be provided to both asset owners and operators, passengers and shareholders. The rush to next generation infrastructure however is not with out its vulnerabilities. The proliferation of machine to machine sensors, the Internet of Things and the convergence of IT and OT – two very different disciplines, has extended the attack surface dramatically for an industry historically isolated from modern day cyber threats. Join the Cyber Senate on March 16th in Londonfor an in-depth discussion on the advancing threat, the reality of security of our future rail networks, the absolute importance of “Security by Design,” the challenges that bridging IT and OT bring in deploying enterprise facing architecture and more. This is a unique opportunity to address key cyber issues in the design stage within the rail industry, so let us begin. A strong cyber security strategy saves lives. All stakeholders have a responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Information sharing is paramount in educating ourselves and the industry




Anti-IS group’ claims BBC website attack

Reports state the BBC was subject to a DDoS attack by group calling itself “New World Hacking,” targeting IS affiliated web activity. They are reported to have stated “We are based in the US, but we strive to take down Isis [IS] affiliated websites, also Isis members. The reason we really targeted the BBC is because we wanted to see our actual server power. It was a test.”

Source: BBC news

Read more here 

“Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage”

This post was written by Michael J. Assante, SANS ICS Director

“There have been a small number of reports describing a power outage in Eastern Ukraine on the day before Christmas Eve. What makes these reports unique is the cited cause of the outage. A small number of sources in Russia and Ukraine indicate the electrical outage was caused by a cyber attack, specifically a virus from an outside source. I am skeptical as the referenced outage has been hard to substantiate and the cause surfaced relatively quickly (normally, determining root cause analysis of an incident takes time especially when it pertains to activity on the network).” Read more here

IAEA join the ICS Nuclear conference as Key Note speakers

The Cyber Senate are pleased to announce the IAEA will be joining us as Key Note presenters on the Industrial Control Cyber Security Nuclear conference we will be hosting in Warrington UK, May 24-25th 2016.

For further information see

How does trust help improve the cyber resilience of the European energy grid?

JOHANInterview with Johan Rambi, Corporate Privacy & Security Advisor for the Dutch network operator Alliander
Johan will be speaking on Day 1 September 29th and also taking part in our Panel Session: Maturation, Incident Response and Recovery

The official interview can be found here

Johan Rambi is Corporate Privacy & Security Advisor for the Dutch network operator Alliander. In his role of (interim) chair of EE-ISAC, to be launched on 4 November 2015, his task is to lay the foundations of this partnership – namely, trust and commitment. Cyber resilience risks force the energy sector to start sharing sensitive information, both across national borders and between the public and the private sector. This will only happen if you create a safe environment of trust, says Rambi.

  • Alliander is already participating in the Dutch Energy ISAC. Can you explain why, as a regional network operator, you were also pushing for an Energy ISAC at European level?

Cyber security does not stop at national borders. Focusing on Dutch cases only would be unrealistic since the increased interconnectedness to the internet creates a reality in which our national “grid” is no longer independent from the outside world.

We need to address cyber resilience risks at an international (EU) level. Other international ISAC’s (e.g. the European FS-ISAC or United States ES-ISAC) have already proven the importance and benefits of international information sharing. In the end, different international ISACs should work together to realise global information and experience sharing. However, scaling up from national to European level is a good and necessary start.

“Cyber resilience risks force the energy sector to start sharing sensitive information,
both across national borders and between the public and the private sector.
This will only happen if you create a safe environment of trust.”

  • ISACs are based on trust; stakeholders are being asked to share (sometimes confidential) company information. What does an ISAC do to make utilities but also technology providers feel safe about sharing sensitive data?

The trust-based environment in which our members will share data, knowledge and experiences is legally defined by our Terms of Reference (ToR). Every individual member will commit itself to the ToR before participating. We will cooperate with each other under strict participation rules, including those regarding transparency and information sharing, and using the traffic light protocol (TLP) protocol in our meetings.

Topics such as vulnerabilities in ICS/SCADA systems or cyber security incidents in smart meters are classified as RED according to the TLP protocol. These topics will not be shared outside the meeting room.

  • But doesn’t it take more than just the legal boundaries of a trust-based environment that makes people talk about what is worrying them?

Yes, definetely. It is easier to trust those you know. The role of EE-ISAC is to build a good relationship between its members. This will facilitate information and experience sharing in the already legally defined trust-based environment.

Also, EE-ISAC will monitor the mutual benefit of the information shared. This is a very important factor since it creates a situation in which the interests of the different stakeholders are equal. If this situation is out of balance, the willingness to share will diminish.

I think you can put it like this, EE-ISAC brings together top experts dealing with cyber security issues from different perspectives. It creates an environment in which they start talking to each other without legal or social hesitations. This results in a broader view upon the solution to these issues for each indivdual member. In the end we believe that this will strengthen the cyber resilience of energy sector as a whole.

“EE-ISAC creates an environment in which cyber security experts
start talking to each other without legal or social hesitations.”


The 2012 cyber-attacks against Saudi Aramco and the Aramco family

Potentially the first ever presentation on the 2012 Saudi Aramco attacks? Quite possibly. Do not miss this presentation in London on September 29/30th at the 2nd Annual Industrial Control Cybersecurity Europe conference, or the 2nd Annual Industrial Control Cybersecurity USA conference in Sacramento California.
Register here:

Case Study: The 2012 cyber-attacks against Saudi Aramco and the Aramco family of affiliates was a major game changer in IT & ICS Security. The energy sector, relevant markets and governments worldwide shuddered. Although oil production wasn’t directly affected, business operations were greatly interrupted and remain so. This presentation is the story how I implemented the first IT Security unit for Aramco Overseas Company, a Saudi Aramco affiliate which provides all IT services for Saudi Aramco in South America and the EMEA region outside of Saudi Arabia.

  1. Cybergeddon 2012

Description of Shamoon and attack effects on the Aramco family

  1. Starting from Zero to Hero

An offer I couldn’t refuse after “The Incident”

Implementation of basic IT security

Recruitment of skilled in-house IT security staff

  1. Maturization -IT Security to the next level

Development of staff: hackers, lock pickers, geniuses and Harlem Shakers

Exercises and independent operational audits

Building the framework for a functional incident response team and CERT

  1. Lessons Learned

Twitter setbacks

Dealing with panic

What I would do different if I had a Time Machine

Detecting substation cyber-attacks presentation announced for US Cyber Senate conference

We are pleased to announce a new presentation for October’s conference “A Department of Energy-funded physics-based method for detecting substation cyber-attacks” presented by Alex McEachern, President, Power Standards Lab (USA), Fellow, IEEE, Convenor, IEC for the 2nd annual Industrial Control Cyber Security USA conference in Sacramento California held at the Hyatt Regency October 13/14th.
Visit the latest agenda here

ISIS preparing total cyber war on critical US and European systems

“Hooded hackers released a video Monday stating that the Islamic State in Iraq and Syria was preparing to wage all-out “electronic” war on the US and Europe, but the war has not yet begun. Cyber security experts report signs of intensified Islamic State activity on the illicit “dark web” and an interest in methods of sabotaging systems of critical infrastructure in the West, such as power stations, transport networks and government medical facilities. Some of the recent European, American and Australian recruits to ISIS have sophisticated computer backgrounds. “Jihad John,” who was filmed beheading ISIS victims,  has a degree in computer science, according to Tom Kellermann, chief cybersecurity officer at the security firm Trend Micro.”
As reported by

Fukushima nuclear plant ordered to upgrade from Windows XP

Fukushima nuclear plant ordered to upgrade from Windows XP

48,000 PCs running on out-of-date operating system
Thu Apr 23 2015, 14:25

A JAPANESE WATCHDOG has slammed the operators of the Fukushima Daiichi nuclear power plant after an audit revealed that most of its PCs run on Microsoft’s Windows XP.

The plant’s owner might have been expected to ensure that systems are up to date and as secure as possible after the meltdown of three of the plant’s six nuclear reactors in March 2011. But apparently not.

Further details can be found on the news website