Public Power Daily Logo

Kelly alerts public power utilities to Heartbleed vulnerability


From the April 22, 2014 issue of Public Power Daily

Originally published April 22, 2014

By Jeannine Anderson
Editor

APPA President and CEO Sue Kelly on April 18 alerted public power utility managers to the Heartbleed cybersecurity vulnerability and said APPA is working to develop material to help utilities with this vulnerability. The North American Electric Reliability Corp. (NERC) is hosting a webinar today (April 22) on Heartbleed, from 11 a.m. to 12:30 p.m., Eastern time. For more information on the NERC webinar, see the April 21 Public Power Daily. APPA and N-Dimension Solutions Inc. are hosting a webinar tomorrow (April 23) called "Heartbleed Vulnerability Webinar for Public Power Systems." See below for details about Wednesday's webinar.
 
The Heartbleed vulnerability, which was disclosed publicly on April 7, "allows attackers to have direct access to the working memory of applications of the widely used encryption library known as OpenSSL," Kelly said in an email to public power utility leaders. "This software is used commonly across various computer applications including web servers, email servers, network infrastructure, VPN gateways, and embedded devices."
 
The Electricity Sector Information Sharing and Analysis Center (ES-ISAC), operated by NERC, issued an industry advisory on April 11 related to Heartbleed. Since then, Kelly said, "APPA has been in conversation with the Department of Energy, NERC, and our other industry partners through the Electricity Sub-sector Coordinating Council (ESCC), which is comprised of high-level government officials and CEOs from various utilities and electric trade associations, to discuss the ramifications of this vulnerability to our sector. APPA is working with the ES-ISAC and DOE to develop a second alert that lists recommendations for all utilities."
 
"In the meantime, I urge you to assess your systems to identify if you have any products that rely on the OpenSSL library," Kelly said. "If you do have such products, I recommend patching them immediately and following recommendations in the NERC alert. Additionally, if you have not done so already, please consider having someone from your staff join the ES-ISAC to follow developments on Heartbleed and future alerts to keep your system protected."
 
April 23 Webinar: Heartbleed Vulnerability Webinar for Public Power Systems

APPA member utilities are invited to a webinar on the Heartbleed vulnerability on Wednesday, April 23 from 1 to 2 p.m., Eastern time. N-Dimension Solutions, Inc. will go over the potential impacts of the vulnerability to public power systems and answer specific questions that participants may have. Advance registration is required. Register at http://cc.readytalk.com/r/h82rbdjndx9x&eom.

The APPA point of contact for Heartbleed-related questions is Puesh Kumar at 202/467-2985 or pkumar@publicpower.org. If he is unavailable, you may contact Allen Mosher at 202/467-2944 or amosher@publicpower.org. For information on joining the ES-ISAC, please contact either Puesh Kumar, Allen Mosher or Nathan Mitchell, who can be reached at 202/467-2925 or nmitchell@publicpower.org.

Ratings

Be the first to rate this item!

Please Sign in to rate this.

Comments

  Add Your Comment

(1000 of 1000 characters remaining)

Vice President, Integrated Media and Communications
Meena Dayak
202/467-2948
MDayak@publicpower.org

Editorial Director
Robert Varela
202/467-2947
RVarela@publicpower.org

Editor, Public Power Daily
Jeannine Anderson
202/467-2977
JAnderson@publicpower.org

Communications Assistant
Fallon W. Forbush
202/467-2958
FForbush@publicpower.org

Manager, Integrated Media 
David L. Blaylock
202/467-2946
DBlaylock@publicpower.org

Integrated Media Editor 
Laura D’Alessandro 
202/467-2955 
LDAlessandro@publicpower.org