Statement on Ukraine Malware Discovery
NERC is aware of the vulnerability discovered in Ukraine that has the potential to impact industrial control systems. To date, there are no reported instances of the malware in North America.
The Electricity Information Sharing and Analysis Center (E-ISAC) has shared information with industry via the E-ISAC secure portal. A public Level 1 NERC alert is being developed and will be shared as soon as possible. The previously shared Ukraine Defense Use Case report will be updated accordingly. The E-ISAC routinely monitors all threats to the grid and provides alerts to industry as needed when new or continuing threats emerge. 
Cyber threats are constantly emerging and changing, therefore our efforts must also allow for flexibility and quick response. NERC’s mandatory and enforceable security standards, including security management controls and authorized personnel and training controls; network segmentation; and the use of licensed anti-virus software, among other things, work to protect against the dynamic cyber threat environment.
Information sharing continues to be a key tool and NERC’s E-ISAC has long been at the forefront of cyber intelligence sharing. There is no question that cyber threats like the one in Ukraine are real and that constant vigilance is needed to protect the reliability of the North American grid. NERC and industry remain committed to the security and reliability of the North American bulk power system.
Posted On: 06/12/2017