Identified as Duke Energy Corp. in recent reports, one energy company experienced a cybersecurity inadequacy that is costing them a whopping fine of $10 million dollars. Said to be the largest imposed fine for the offense, the company was told to pay up by The North American Electric Reliability Corp. for the infraction.
According to the Charlotte Business Journal, “The corporation lists close to 130 violations against the unnamed company and its regional entities in the public version of a report sent to the Federal Energy Regulatory Commission on Jan. 25. It says that, ‘although the risk posed … by the violations ranged from minimal to serious, … the 127 violations collectively posed a serious risk to the security and reliability’ of the power system.”
While it is claimed a majority of the infractions were self-reported by Duke Energy Corp., 16 of them were exposed by Critical Infrastructure Protection audits performed by NERC. The incidents took place from 2015 to 2018.
Duke spokesman Dave Scanzoni said, “Due to the potential physical and cybersecurity risks that a disclosure could pose to the industry, it’s industry practice and Duke Energy’s policy not to confirm, deny or comment on any enforcement filings — regarding any company — submitted by NERC to FERC.”
Duke CEO Lynn Good was approached with a question regarding cybersecurity at the Charlotte Rotary event on January 29, responding,
“One thing I would say to you is that the electric utility industry has mandatory requirements around this issue — mandatory standards that we must comply with, and we have been complying with for a number of years… It has the highest degree of attention, as you can imagine, in this industry.”