Data Exposure by Vendor Leads to Two Million Dollar NERC Penalty for Utility

A public filing by the North American Electric Reliability Corporation (NERC) on Feb. 28 reported that an unidentified electric utility agreed to pay a $2.7 million penalty to resolve violations of the Critical Infrastructure Protection (CIP) reliability standards related to the exposure of the sensitive data. The violations of the case stemmed from improper data handling practices by the utility and its vendor, leading to the exposure of sensitive utility data on a public server. According to the Notice of Penalty, a third-party vendor improperly copied sensitive data from the utilitys network to its own network environment.

Read more

Post By Nix (1,198 Posts)