Utility fined for 120 security violations


It has been reported that the North American Electric Reliability Corp (NERC) has issued a record $10 million fine to a utility for more than 120 security violations occurring over a period of four years.

According to NERC, the violations “collectively posed a serious risk to the security and reliability of the bulk power system.” This is despite the fact that there are no direct incidents associated with the lapses.

“Many of the violations involved long durations, multiple instances of noncompliance, and repeated failures to implement physical and cyber security protections,” NERC report in a notice posted Friday.

Most of the offences occurred between 2015 and 2018, NERC representatives would not identify the utility, saying there were ongoing safety concerns and risks.

The 127 violations listed in the penalty represent an “ad hoc, informal, inconsistent, chaotic” approach to a retired NERC regulator.

The penalty notice runs to 765-pages lists violations including issues with software updates to badly configured firewall settings which could have allowed hackers access to the company computer network.