Utility company managers, however, seem more concerned with the cost of fossil fuels and environmental regulations than they are with the risk of cyberattack. Many utility companies are lobbying the Obama administration for more leeway in complying to environmental regulations after complaining that Environmental Protection Agency rules may force them to shut down some coal- and oil-fired plants, according to BusinessWeek.
Attacks on the network are "a greater threat to our reliability" than the cost of adhering to anti-pollution rules, according to the Federal Energy Regulatory Commission's John Norris, also quoted by BusinessWeek.
The utilities aren't pushing for any real solution to that, though they may be the only ones.
No one in charge to enforce rules that are too lax about security anyway
One big problem: there isn't one agency in charge of security regulation for the whole national grid, according to the two leading researchers on the MIT report, John G. Kassakian, provessor of electrical engineering and computer science and Richard Schmalensee, a professor of economics and management.
Right now responsibility for physical and digital security is split between the North American Electric Reliability Corp. (NERC) in Atlanta and the National Institute of Standards and Technology (NIST).
Another big problem: Regulations aren't tight enough to balance the level of actual threat, and may not any time soon, according to the MIT study led by John G. Kassakian, a professor of electrical engineering and computer science, and Richard Schmalensee, a professor of economics and management.
Though NIST and NERC as well as a scrum of other agencies are looking into cybersecurity for utilities, NIST is pushing for the creation of regulations that mirror what are currently considered "best practices" in the industry, rather than rules based on actual risks and data on countering them.
The effort is backed by the Electric Power Research Institute – a consortium of utilities and their representatives – and regulators who want better regulations in place right now even at the cost of making them less effective.