Thursday, May 23, 2013

House of Reps Report Reams Utilities on Cybersecurity

Was trying to capture spirit of Jesse Berst's headline on the same subject:
Utilities to FERC: Take your security measures and shove it
That's not very nice, is it?  I think they toned it down with a later change, but this headline was what was in my inbox in this morning's SmartGridNews.com newsletter. The subject is a recent report published by the House of Representatives that's highly critical of electric utilities behavior to date re: grid cybersecurity.

Moving on! The Wall Street Journal's Rachel King did a fine write-up of recent testimony from the CEO of the American Gas Association (AGA), Dave McCurdy. King began by noting that:
The oil and gas sector faces many of the same cyber security challenges as the electric industry. Yet, there’s one major difference between the industries, both of which need to secure software-based industrial control systems from intruders. There are no regulations governing cyber security among the oil and gas companies.
She also heard McCurdy say that no regulations were needed and that the sector’s voluntary approach is working just fine, and:
AGA remains concerned that prescriptive cyber security regulations will have little practical impact on cyber security and, in fact, will hinder implementation of robust cyber security programs.
If you know this subject pretty well, you're aware that there is some interesting psychology and rhetoric going on here. Most agree that mandatory, prescriptive cybersecurity rules are painful to implement and audit, and too slow to adapt to new types of attack. So in a major sense, the AGA CEO's quote is dead on. 

But the rub is that "robust cyber security programs," loosely defined, are not commonplace in the natgas distribution sector, and it's hard to imagine that market forces alone will drive companies to move of the schneid.  And the same dynamic largely holds true for the electric power sector.

The language is getting a little saucy. What's going to give?

URLs for the above, below:

House Report on Electric Grid Cyber Vulnerability

http://markey.house.gov/sites/markey.house.gov/files/documents/Markey%20Grid%20Report_05.21.13.pdf

SmartGridNews.com on Utilities' Unhappiness with Cybersecurity Regulation

http://www.smartgridnews.com/artman/publish/Technologies_Security/Utilities-to-FERC-Take-your-security-measures-and-shove-it-5778.html/?fpt#.UZ4dcSt4ZyE

WSJ: Oil and Gas Lobby Resists Regulation Despite Cyber Risk

http://blogs.wsj.com/cio/2013/05/22/oil-and-gas-lobby-resists-regulation-despite-cyber-risk/

No comments: