Friday, May 24, 2013

Looking Again at the Markey-Waxman Grid Vulnerability Publication

Where would I be without feedback? Many thanks to SGSB readers who chimed in on this.

I recently published a post titled "House of Reps Report Reams Utilities on Cybersecurity." Not accurate and all you have to do is read the cover page which, just below the House seal, says "A Report written by the staff of congressmen Edward J. Markey (D-MA) and Henry A. Waxman (D-CA)". Mea Gulpa.

So on second look I looked a little closer and found some things to like and some things I had to wonder about. For example, I'm happy to see congressmen seeking more information about the current state of security in our sector. Who could argue with that?

But their methods are not fully sound.
For example, in the cover letter to the questionnaire their staffers mailed out, it asks utilities: "... to provide responses from your entity ... and request that you submit your response electronically." But unless I'm much mistaken, the types of detailed information they sought regarding breaches and ensuing damage to bulk power systems should not and can not be shared in plain text via standard email. Please tell me if I'm wrong about that.

See question 10 which asks for info for the past 5 years re: breaches and damage, as well as how many incidents listed were and were not reported to FERC, NERC and DHS. We're still in the middle of a huge information sharing debate in this country and I don't believe we've reached agreement that this type of very sensitive information is fare game for staffers or the general public.

To sum, this curious document is the product of 2 and only 2 congressman, not the entire House, not the House Energy & Commerce Committee (which is where you'd expect something like this to have its origins), nor anywhere else. There are definitely a few good things in there, though. But my bet is most of what it tells you you already know.

So if you read it please do so with a generous helping of NaCl.
URLs for the above, below:

House Report on Electric Grid Cyber Vulnerability

SGSB post "House of Reps Report Reams Utilities on Cybersecurity."

1 comment:

Mehmona Ruby said...

systems and information is not secure ,internet security is very important. UMUTs Technologies provide a service of cyber security, and secure your computer from unauthorized access .