U.S. power grid is a big, soft target for cyberattack, MIT study shows

Forget fake Illinois 'hack;' report shows security gaps widening, risk increasing as power nets improve

By  

Utility company managers, however, seem more concerned with the cost of fossil fuels and environmental regulations than they are with the risk of cyberattack. Many utility companies are lobbying the Obama administration for more leeway in complying to environmental regulations after complaining that Environmental Protection Agency rules may force them to shut down some coal- and oil-fired plants, according to BusinessWeek.

Attacks on the network are "a greater threat to our reliability" than the cost of adhering to anti-pollution rules, according to the Federal Energy Regulatory Commission's John Norris, also quoted by BusinessWeek.

The utilities aren't pushing for any real solution to that, though they may be the only ones.

No one in charge to enforce rules that are too lax about security anyway

One big problem: there isn't one agency in charge of security regulation for the whole national grid, according to the two leading researchers on the MIT report, John G. Kassakian, provessor of electrical engineering and computer science and Richard Schmalensee, a professor of economics and management.

Right now responsibility for physical and digital security is split between the North American Electric Reliability Corp. (NERC) in Atlanta and the National Institute of Standards and Technology (NIST).

Another big problem: Regulations aren't tight enough to balance the level of actual threat, and may not any time soon, according to the MIT study led by John G. Kassakian, a professor of electrical engineering and computer science, and Richard Schmalensee, a professor of economics and management.

Though NIST and NERC as well as a scrum of other agencies are looking into cybersecurity for utilities, NIST is pushing for the creation of regulations that mirror what are currently considered "best practices" in the industry, rather than rules based on actual risks and data on countering them.

The effort is backed by the Electric Power Research Institute – a consortium of utilities and their representatives – and regulators who want better regulations in place right now even at the cost of making them less effective.

Photo Credit: 

Reuters

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness