skip to Main Content
GridSME Welcomes Mark Rabuano as Director of Regulatory Compliance
October 12, 2018

GridSME Welcomes Mark Rabuano as Director of Regulatory Compliance

Grid Subject Matter Experts is excited to announce its new addition to the team, Mark Rabuano, as the Director of Regulatory Compliance. Mark has a strong legal background and substantial experience in energy regulation and compliance for public utilities and independent power producers. By joining GridSME, Mark will assist our GO/GOP clients by maintaining programs that mitigate and manage the risk of potential NERC compliance violations.

Prior to joining GridSME, Mark worked for the NAES Corporation from 2016 to 2018 as the Manager of NERC Services, where he directed management and oversight of 70+ NERC GO/GOP compliance programs, including implementation of procedures and internal controls necessary to maintain NERC compliance. Mark also worked at PacifiCorp from 2010 to 2016 in various roles including Senior Counsel of Pacific Power.

Mark graduated from UCLA Anderson School of Management with a Master’s in Business Administration, the University of Pennsylvania Law School, Juris Doctor, and Wake Forest University, Bachelor of Arts in History and Communication.

Mark currently resides in Redmond, Washington and will telecommute with frequent visits to the GridSME office.

Welcome Mark!

NERC Webinar on Inverter Disturbances

On February 15, NERC hosted the first in a series of webinars titled “Inverter-Based Resource Disturbance Analysis Key Findings and Recommendations” which highlights the work of NERC’s Inverter Based Resource Performance Task Force (IRPTF). The webinar focused on the IRPTF’s analysis of two recent system events in Southern California.

GridSME has prepared a short summary of the webinar and report, which you can read here.

CAISO’s RIMS5 Changeover

Does your organization interact with CAISO?

If so, you may be aware that CAISO is updating its interconnection process and making the Resource Interconnection Management System v5 (“RIMS5”) the sole location for the transmittal of information pertaining to interconnection applications, interconnection studies, meter installation and maintenance projects (that are not Scheduling Quality Meter Data (SQMD) or Distributed Energy Resource Provider (DERP) projects), and New Resource Implementation (NRI) projects.

What does this mean to you?

You will no longer be able to email, mail, or physically deliver to CAISO documents or information related to the project types noted above. The transmittal of those documents will need to be done through RIMS.

When is this change effective?

December 31, 2017

If you aren’t ready for this change, don’t panic. GridSME can help.

Read the full write-up here

Kaspersky NERC Alert: Free Verification Tool

In response to the recent NERC Alert, GridSME compiled a tool that functions as a relatively quick way of identifying if Kaspersky software is on a system or verifying that Kaspersky is no longer installed after using their product removal tools. The tool recursively hashes the contents of the directory you tell it to, and compares each file hash to the NIST NSRL database of known Kaspersky file hashes , which is included in the zip archive available for download below. It can also be used “offline” by using a txt hash input list that is then compared to the NSRL database.

DISCLAIMER: By downloading this tool, user agrees and accepts that GridSME grants no express or implied warranty or guarantee of any kind, including, but not limited to, warranty of quality, merchantability, or fitness for a particular use or purpose. GridSME makes no representations as to the effectiveness of the tool. GridSME is not liable for any damage this tool may cause to your systems. While GridSME tested and verified the usage of this tool on its own systems, scanned with anti-virus tools, and provided integrity verification methods, GridSME strongly recommends that users take the appropriate precautions before introducing into any critical or production environment to ensure both security and compliance requirements are upheld.

If you have any questions about the NERC Alert, mitigation strategies, or need help using the tool, don’t hesitate to reach out to security@gridsme.com

Instructions

Tool download

Signature verification

GridSME to feature at PV O&M USA 2017
October 9, 2017

GridSME to feature at PV O&M USA 2017

We’re excited to announce that GridSME team members Matt Barnes and John Franzino will be joining the likes of EDF, 8minutenergy, PG&E, Nautilus Solar, RES, Lendlease, MidAmerican, and many more at PV O&M USA 2017.

Matt will be exploring the business case and revenue streams for solar+storage projects with a panel of industry experts.

John will be explaining how to leverage available data to drive cyber security decision making for PV facility operations.

More information on the event, agenda, speakers, and attendees can be found here.

If you are interested in attending the 4th Annual PV O&M USA 2017 conference & exhibition this Nov 2-3 in San Jose CA, GridSME has a $200 discount code (GRIDSME200) for affiliates to utilize. To register at this rate, members need only quote the code when they register online or message Kerr Jeferies directly at kerr@newenergyupdate.com ahead of Oct 27 to secure this discount before the early bird rates also expire.

The Recent Attacks on U.S. Nuclear Plants – Perspective for Your Environment

Throughout the first two weeks of July, news articles with sensational headlines warning of cyber attacks targeting nuclear plants were found throughout news outlets across the world. Keen readers may have noticed some parallels between those articles and the recent NERC Alert regarding the advanced persistent threat (APT) detected by the FBI and DHS—if you assumed both were describing the same threat, you were right.

So if the threats are credible, and they are in fact targeting nuclear plants on U.S. soil, why shouldn’t you be freaking out just yet?

Read the full post here.

NERC Alert – Advanced Persistent Threat – Remediation Recommendations

When it rains, it pours—and its pouring in the cyber security world right now. Below is the first of many detailed cyber security recommendations and implementation guidelines we are releasing to help raise awareness, share information, and collectively improve our security posture as an interconnected grid. We are taking these threats seriously and we hope you are too.

An advanced persistent threat (APT) has been identified by the FBI and DHS, and documented in both a Joint Analysis Report (JAR) and the NERC Alert issued June 30, 2017.

Read the full post here.

NERC Alert – Crash Override – Challenging Beliefs

A NERC Alert issued June 13, 2017 advises on the Crash Override malware found to be behind the December 2016 attack on the Ukrainian power grid. While the NERC Alert provides many great details on the malware’s technical characteristics, the fact of the matter is Crash Override is among the most sophisticated ICS-specific malware variants ever detected, with the ability to “cause loss of visibility, loss of control, manipulation of control, interruption of communications, and deletion of local and networked critical configuration files.” Perhaps most concerning is the malware’s ability to be easily tailored to specific ICS environments, communication protocols, and devices.

This type of sophisticated malware forces us to rethink some common predisposed cybersecurity beliefs:

Read the full post here.

Back To Top