Kelly alerts public power utilities to Heartbleed vulnerability
Originally published April 22, 2014
APPA President and CEO Sue Kelly on April 18 alerted public power utility managers to the Heartbleed cybersecurity vulnerability and said APPA is working to develop material to help utilities with this vulnerability. The North American Electric Reliability Corp. (NERC) is hosting a webinar today (April 22) on Heartbleed, from 11 a.m. to 12:30 p.m., Eastern time. For more information on the NERC webinar, see the April 21 Public Power Daily. APPA and N-Dimension Solutions Inc. are hosting a webinar tomorrow (April 23) called "Heartbleed Vulnerability Webinar for Public Power Systems." See below for details about Wednesday's webinar.
The Heartbleed vulnerability, which was disclosed publicly on April 7, "allows attackers to have direct access to the working memory of applications of the widely used encryption library known as OpenSSL," Kelly said in an email to public power utility leaders. "This software is used commonly across various computer applications including web servers, email servers, network infrastructure, VPN gateways, and embedded devices."
The Electricity Sector Information Sharing and Analysis Center (ES-ISAC), operated by NERC, issued an industry advisory on April 11 related to Heartbleed. Since then, Kelly said, "APPA has been in conversation with the Department of Energy, NERC, and our other industry partners through the Electricity Sub-sector Coordinating Council (ESCC), which is comprised of high-level government officials and CEOs from various utilities and electric trade associations, to discuss the ramifications of this vulnerability to our sector. APPA is working with the ES-ISAC and DOE to develop a second alert that lists recommendations for all utilities."
"In the meantime, I urge you to assess your systems to identify if you have any products that rely on the OpenSSL library," Kelly said. "If you do have such products, I recommend patching them immediately and following recommendations in the NERC alert. Additionally, if you have not done so already, please consider having someone from your staff join the ES-ISAC to follow developments on Heartbleed and future alerts to keep your system protected."
April 23 Webinar: Heartbleed Vulnerability Webinar for Public Power Systems
APPA member utilities are invited to a webinar on the Heartbleed vulnerability on Wednesday, April 23 from 1 to 2 p.m., Eastern time. N-Dimension Solutions, Inc. will go over the potential impacts of the vulnerability to public power systems and answer specific questions that participants may have. Advance registration is required. Register at http://cc.readytalk.com/r/h82rbdjndx9x&eom.
The APPA point of contact for Heartbleed-related questions is Puesh Kumar at 202/467-2985 or email@example.com. If he is unavailable, you may contact Allen Mosher at 202/467-2944 or firstname.lastname@example.org. For information on joining the ES-ISAC, please contact either Puesh Kumar, Allen Mosher or Nathan Mitchell, who can be reached at 202/467-2925 or email@example.com.
Please Sign in to rate this.
Vice President, Integrated Media and Communications
Editor, Public Power Daily
Fallon W. Forbush
Manager, Integrated Media
David L. Blaylock
Integrated Media Editor
- House hearing examines capacity market flaws, rising grid costs
- Hamilton Utilities’ urban forestry program boosts safety, reliability
- Kansas City BPU exceeds 45 percent renewable energy threshold
- Generators appeal judge’s ruling on Illinois nuclear support
- California lawmakers pass bill extending cap-and-trade program
- Eighteen individuals, ten utilities win national public power awards
- Officials urge public power utilities to be prepared for cyberattacks
- Public power utilities recognized for high customer satisfaction
- SMUD board approves new Time-of-Day standard residential rates
- Report sees more than seven million plug-in EVs in U.S. by 2025