{"id":34564,"date":"2020-04-22T19:00:52","date_gmt":"2020-04-22T19:00:52","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=90940"},"modified":"2020-04-22T19:00:52","modified_gmt":"2020-04-22T19:00:52","slug":"defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/","title":{"rendered":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry"},"content":{"rendered":"<p>Over the last fifteen years, attacks against critical infrastructure (figure1) have steadily increased in both volume and sophistication. Because of the strategic importance of this industry to national security and economic stability, these organizations are targeted by sophisticated, patient, and well-funded adversaries. &nbsp;Adversaries often target the utility supply chain to insert malware into devices destined for the power grid. As modern infrastructure becomes more reliant on connected devices, the power industry must continue to come together to improve security at every step of the process.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-90941\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded.png\" alt=\"Aerial view of port and freeways leading to downtown Singapore.\" width=\"1024\" height=\"229\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded-300x67.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded-768x172.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/p>\n<p><em><u>Figure&nbsp;1: Increased attacks on critical infrastructure<\/u><\/em><\/p>\n<p>This is the third and final post in the \u201cDefending the power grid against supply chain attacks\u201d series. In <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/02\/18\/defending-the-power-grid-against-supply-chain-attacks-part-1-the-risk-defined\/\" target=\"_blank\" rel=\"noopener noreferrer\">the first blog I described the nature of the risk<\/a>. Last month I outlined <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/03\/23\/defending-power-grid-against-supply-chain-attacks-part-2-securing-hardware-software\/\" target=\"_blank\" rel=\"noopener noreferrer\">how utility suppliers can better secure the devices they manufacture<\/a>. Today\u2019s advice is directed at the utilities. There are actions you can take as individual companies and as an industry to reduce risk.<\/p>\n<h3>Implement operational technology security best practices<\/h3>\n<p>According to <a href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener noreferrer\">Verizon\u2019s 2019 Data Breach Investigations Report<\/a>, 80 percent of hacking-related breaches are the result of weak or compromised passwords. If you haven\u2019t implemented <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/identity\/mfa\" target=\"_blank\" rel=\"noopener noreferrer\">multi-factor authentication (MFA)<\/a> for all your user accounts, make it a priority. <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/08\/20\/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">MFA can significantly reduce the likelihood that a user with a stolen password can access your company assets<\/a>. I also recommend you take these additional steps to protect administrator accounts:<\/p>\n<ul>\n<li>Separate administrative accounts from the accounts that IT professionals use to conduct routine business. While administrators are answering emails or conducting other productivity tasks, they may be targeted by a phishing campaign. You don\u2019t want them signed into a privileged account when this happens.<\/li>\n<li>Apply just-in-time privileges to your administrator accounts. Just-in-time privileges require that administrators only sign into a privileged account when they need to perform a specific administrative task. These sign-ins go through an approval process and have a time limit. This will reduce the possibility that someone is unnecessarily signed into an administrative account.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-90942\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded-2.png\" alt=\"Image 2\" width=\"758\" height=\"260\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded-2.png 758w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2020\/04\/Defending-the-power-grid-enbedded-2-300x103.png 300w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\"><\/p>\n<p><span><em>Figure 2: A \u201cblue\u201d path depicts how a standard user account is used for non-privileged access to resources like email and web browsing and day-to-day work. A \u201cred\u201d path shows how privileged access occurs on a hardened device to reduce the risk of phishing and other web and email attacks.<\/em><em>&nbsp;<\/em><\/span><\/p>\n<ul>\n<li>You also don\u2019t want the occasional security mistake like clicking on a link when administrators are tired or distracted to compromise the workstation that has direct access to these critical systems.&nbsp; Set up&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/identity\/securing-privileged-access\/privileged-access-workstations#paw-phased-implementation\" target=\"_blank\" rel=\"noopener noreferrer\">privileged access workstations<\/a> for administrative work. A privileged access workstation provides a dedicated operating system with the strongest security controls for sensitive tasks. This protects these activities and accounts from the internet. To encourage administrators to follow security practices, make sure they have easy access to a standard workstation for other more routine tasks.<\/li>\n<\/ul>\n<p>The following security best practices will also reduce your risk:<\/p>\n<ul>\n<li><strong>Whitelist approved applications.<\/strong> Define the list of software applications and executables that are approved to be on your networks. Block everything else. Your organization should especially target systems that are internet facing as well as Human-Machine Interface (HMI) systems that play the critical role of managing generation, transmission, or distribution of electricity<\/li>\n<li><strong>Regularly patch software and operating systems.<\/strong> Implement a monthly practice to apply security patches to software on all your systems. This includes applications and Operating Systems on servers, desktop computers, mobile devices, network devices (routers, switches, firewalls, etc.), as well as Internet of Thing (IoT) and Industrial Internet of Thing (IIoT) devices. Attackers frequently target known security vulnerabilities.<\/li>\n<li><strong>Protect legacy systems.<\/strong> Segment legacy systems that can no longer be patched by using firewalls to filter out unnecessary traffic. Limit access to only those who need it by using Just In Time and Just Enough Access principles and requiring MFA. Once you set up these subnets, firewalls, and firewall rules to protect the isolated systems, you must continually audit and test these controls for inadvertent changes, and validate with penetration testing and red teaming to identify rogue bridging endpoint and design\/implementation weaknesses.<\/li>\n<li><strong>Segment your networks.<\/strong> If you are attacked, it\u2019s important to limit the damage. By segmenting your network, you make it harder for an attacker to compromise more than one critical site. Maintain your corporate network on its own network with limited to no connection to critical sites like generation and transmission networks. Run each generating site on its own network with no connection to other generating sites. This will ensure that should a generating site become compromised, attackers can\u2019t easily traverse to other sites and have a greater impact.<\/li>\n<li><strong>Turn off all unnecessary services.<\/strong> Confirm that none of your software has automatically enabled a service you don\u2019t need. You may also discover that there are services running that you no longer use. If the business doesn\u2019t need a service, turn it off.<\/li>\n<li><strong>Deploy threat protection solutions.<\/strong> Services like <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/threat-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Threat Protection<\/a> help you automatically detect, respond to, and correlate incidents across domains.<\/li>\n<li><strong>Implement an incident response plan:<\/strong> When an attack happens, you need to respond quickly to reduce the damage and get your organization back up and running. Refer to <a href=\"https:\/\/aka.ms\/IRRG\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft\u2019s Incident Response Reference Guide<\/a> for more details.<\/li>\n<\/ul>\n<h3>Speak with one voice<\/h3>\n<p>Power grids are interconnected systems of generating plants, wires, transformers, and substations. Regional electrical companies work together to efficiently balance the supply and demand for electricity across the nation. These same organizations have also come together to protect the grid from attack. As an industry, working through organizations like the Edison Electric Institute (EEI), utilities can define security standards and hold manufacturers accountable to those requirements.<\/p>\n<p>It may also be useful to work with <a href=\"https:\/\/www.ferc.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Federal Energy Regulatory Committee (FERC),<\/a> <a href=\"https:\/\/www.nerc.com\/Pages\/default.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">The North American Electric Reliability Corporation (NERC),<\/a> or <a href=\"https:\/\/www.nrc.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">The United States Nuclear Regulatory Commission (U.S. NRC)<\/a> to better regulate the security requirements of products manufactured for the electrical grid.<\/p>\n<h3>Apply extra scrutiny to IoT devices<\/h3>\n<p>As you purchase and deploy IoT devices, prioritize security. Be careful about purchasing products from countries that are motivated to infiltrate critical infrastructure. Conduct penetration tests against all new IoT and IIoT devices before you connect them to the network. When you place sensors on the grid, you\u2019ll need to protect them from both cyberattacks and physical attacks. Make them hard to reach and tamper-proof.<\/p>\n<h3>Collaborate on solutions<\/h3>\n<p>Reducing the risk of a destabilizing power grid attack will require everyone in the utility industry to play a role. By working with manufacturers, trade organizations, and governments, electricity organizations can lead the effort to improve security across the industry. For utilities in the United States, several public-private programs are in place to enhance the utility industry capabilities to defend its infrastructure and respond to threats:<\/p>\n<p>Read Part 1 in the series: \u201c<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/02\/18\/defending-the-power-grid-against-supply-chain-attacks-part-1-the-risk-defined\/\" target=\"_blank\" rel=\"noopener noreferrer\">Defending the power grid against cyberattacks<\/a>\u201d<\/p>\n<p>Read \u201c<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/03\/23\/defending-power-grid-against-supply-chain-attacks-part-2-securing-hardware-software\/\" target=\"_blank\" rel=\"noopener noreferrer\">Defending the power grid against supply chain attacks: Part 2 \u2013 Securing hardware and software<\/a>\u201d<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/threat-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Read how Microsoft Threat Protection<\/a> can help you better secure your endpoints.<\/p>\n<p>Learn how <a href=\"https:\/\/msrc-blog.microsoft.com\/2019\/07\/01\/inside-the-msrc-building-your-own-security-incident-response-process\/\" target=\"_blank\" rel=\"noopener noreferrer\">MSRC developed an incident response plan<\/a><\/p>\n<p>Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. For more information about our security solutions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<p>READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/04\/22\/defending-power-grid-against-supply-chain-attacks-3-risk-management-strategies-utilities-industry\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.<br \/>\nThe post Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34565,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[6642,347,8037,2564,101,6598,6599,5345,6445,7220,6717,8264,7221,1061,1064,1065,6681,6715],"class_list":["post-34564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-advanced-threat-analytics","tag-cybersecurity","tag-cybersecurity-deployment","tag-cybersecurity-policy","tag-data-privacy","tag-evolution-of-microsoft-threat-protection","tag-evolution-of-microsoft-threat-protection-page","tag-incident-response","tag-information-data-protection","tag-microsoft-defender-advanced-threat-protection","tag-microsoft-defender-atp","tag-microsoft-detection-and-response-team-dart","tag-microsoft-security-intelligence","tag-network-security","tag-security-intelligence","tag-security-response","tag-security-strategies","tag-windows-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-22T19:00:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"229\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry\",\"datePublished\":\"2020-04-22T19:00:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/\"},\"wordCount\":1228,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png\",\"keywords\":[\"Advanced Threat Analytics\",\"Cybersecurity\",\"Cybersecurity deployment\",\"Cybersecurity Policy\",\"Data Privacy\",\"Evolution of Microsoft Threat Protection\",\"Evolution of Microsoft Threat Protection page\",\"incident response\",\"Information\\\/data protection\",\"Microsoft Defender Advanced Threat Protection\",\"Microsoft Defender ATP\",\"Microsoft Detection and Response Team (DART)\",\"Microsoft security intelligence\",\"Network Security\",\"Security Intelligence\",\"Security Response\",\"Security strategies\",\"Windows Security\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/\",\"name\":\"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png\",\"datePublished\":\"2020-04-22T19:00:52+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png\",\"width\":1024,\"height\":229},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Advanced Threat Analytics\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/advanced-threat-analytics\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/","og_locale":"en_US","og_type":"article","og_title":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-22T19:00:52+00:00","og_image":[{"width":1024,"height":229,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry","datePublished":"2020-04-22T19:00:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/"},"wordCount":1228,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png","keywords":["Advanced Threat Analytics","Cybersecurity","Cybersecurity deployment","Cybersecurity Policy","Data Privacy","Evolution of Microsoft Threat Protection","Evolution of Microsoft Threat Protection page","incident response","Information\/data protection","Microsoft Defender Advanced Threat Protection","Microsoft Defender ATP","Microsoft Detection and Response Team (DART)","Microsoft security intelligence","Network Security","Security Intelligence","Security Response","Security strategies","Windows Security"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/","url":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/","name":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png","datePublished":"2020-04-22T19:00:52+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry.png","width":1024,"height":229},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/defending-the-power-grid-against-supply-chain-attacks-part-3-risk-management-strategies-for-the-utilities-industry\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Advanced Threat Analytics","item":"https:\/\/www.threatshub.org\/blog\/tag\/advanced-threat-analytics\/"},{"@type":"ListItem","position":3,"name":"Defending the power grid against supply chain attacks: Part 3 \u2013 Risk management strategies for the utilities industry"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34564"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34564\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34565"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}