Industry sonar and radar detect nothing but collision ahead as these orgs plow ahead on their respective vectors: FERC wants more security faster for utilities; NERC wants to hold steady with slow, incremental changes. There's some method to each approach, though they're clearly not compatible. I summarized thusly in this week's HuffPo article:
The case for going faster rests on a couple of basic facts and observations. Here are just a few:
- Attacks on energy systems are increasing in tempo and sophistication (for those who haven't heard of it yet, the recently emerging Stuxnet virus has provided a real wake up call for industry in terms of attackers' advanced capabilities
- Other industries/sectors have much more substantial security controls and governance already in place and have only benefitted from them
- Emphasizing security early in the Smart Grid window will yield benefits including cost savings and much better efficacy
- Oh yeah, and one more little thing: and our entire economy and the well being of our nation depend on secure and reliable power infrastructure
- Cultural challenges inside utility co's will hinder attempts to make them change too much too quickly
- Regulatory impediments need to be resolved before the whole system can be secured. For example, the fact that the Feds only have jurisdiction over generation and high-voltage transmission assets, while policy for low-voltage distribution is left to the states, and there's little/no standardization of state policy at present) Security standards are still taking shape. NERC's CIP standards are still in their infancy, and NIST just released the 1.0 version of its "Smart Grid Cyber Security Strategy and Requirements"
- Lastly, it costs money to significantly ratchet up the security posture of any complex system, not to mention the one that's been called the greatest engineering achievement of the 20th Century
Photo credit: Rosmary on Flickr.com
No comments:
Post a Comment