Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/20/2015
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Waverley Labs and the Energy Production Infrastructure Center at UNC Charlotte Successfully Quantify Digital Risks for Power Grids

Waverley Labs and the Energy Production Infrastructure Center at UNC Charlotte Successfully Quantify Digital Risks for Power Grids

CHARLOTTE, NC – January 20, 2015 — Waverley Labs, a leading digital risk management (DRM) company, and the Energy Production and Infrastructure Center (EPIC) at the University of North Carolina at Charlotte, today announced an innovative risk management solution based upon a research and technology collaboration focused on modeling relationships between cyber-attacks and the electric and physical infrastructures associated with the power grid.

During the past year, researchers in EPIC’s Duke Energy Smart Grid Laboratory working with Waverley Labs conducted a systematic analysis of risks and associated threats to power transmission systems to identify critical points of failure. The collaboration leveraged advanced knowledge processing that integrated IT systems and cyber security data with operational and physical data. It resulted in a new and innovative solution that will enable energy companies to model consequences and quantify business impact associated with each risk.

“Concerns regarding grid resilience are increasing as computers, communications networks and electric sensors continue to merge,” noted Dr. Madhav Manjrekar, Associate Professor of Electrical and Computer Engineering and EPIC Associate. “EPIC, in partnership with the Waverley Labs, is focused on advancing digital risk management for the energy industry to help identify critical points of failure and recommending risk mitigation initiatives before they become targets for attack.”

Waverley’s risk-based approach supports the National Institute of Standards and Technology (NIST) Cyber Security Framework and aims at building digital resilience.  This new model delivers key information that enables energy companies to identify and prioritize which risks need to be mitigated based on possible consequences, ranging from business interruptions to loss of human lives. Results are prioritized and quantified in an easy to interpret “visual score-card.” The model is currently under evaluation for wider use within the energy industry.

“The nation’s electric power grids are arguably the most important assets to protect from attacks,” said Juanita Koilpillai, Founder of Waverley Labs. “Only through understanding the relationships between computers and the electric grid, and the ability to quantify failure scenarios, can we develop effective solutions for mitigating risks and maximizing protection of this critical infrastructure.”

The Digital Risk Management Institute is a nonprofit organization led by business executives, risk officers and security executives to analyze digital failure scenarios, create standard DRM knowledge, and promote best practices for managing digital business risk. 

“We applaud EPIC and its collaboration with Waverley Labs to develop solutions that effectively model relationships between cyber and electrical infrastructure,” stated Nicola Sanna, President of the DRM Institute. “The Energy industry stands to benefit from this groundbreaking new approach capable of measuring and quantifying risks according to business impact and recommended risk mitigations.”

About EPIC

The Energy Production and Infrastructure Center (EPIC) at UNC Charlotte was formed in response to the need from industry to supply highly trained engineers qualified to meet the demands of the energy industry through traditional and continuing education, and provide sustainable support to the Carolina energy industry by increasing capacity and support for applied research. EPIC is a highly collaborative industry/education partnership that produces a technical workforce and advancements in technology for the global energy industry while supporting the Carolinas’ multi-state economic and energy security. For more information visit http://epic.uncc.edu.

About Waverley Labs

Waverley Labsis a leading Digital Risk Management company that helps organizations reduce their exposure to digital risk. Its range of services include the assessment, the quantification, and the mitigation of digital risk from the business perspective.

Waverley Labs’ unique knowledge processing and automated risk quantification capabilities provide business leaders, risk officers and CISOs an at-a-glance view of business risks prioritized according to business impact and recommended risk mitigations. Waverley Labs works closely with NIST and the Cloud Security Alliance to provide thought leadership in digital risk management. For more information visit http://www.waverleylabs.com.                

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...