NERC v FERC: A symbol of all that’s wrong with securing the Power Grid
Last Updated on Saturday, 7 November 2009 11:30 Written by Jeffreycarr Saturday, 31 October 2009 03:50
The state of affairs in how the U.S. has organized security responsibilities for our most critical infrastructure would be comical if it wasn’t so maddening.
Apart from the lunacy of trusting the owners of power plants to police themselves (NERC), and that, up till now, the Federal government has been enabling that lunacy (FERC), I particularly “love” this comment:
Rep. Fred Upton, R-Mich., warned against what he viewed as overregulation of the industry but also emphasized the need to address vulnerabilities before an attack occurs. (my emphasis added)
That’s how pervasive the illusion is that of the myriad of attacks that are defended against the Grid every day, and in spite of the hundreds of known vulnerabilities (not to mention the unknown number of 0days), that a U.S. Congressman on the House Energy and Commerce committee still thinks that by some statistical miracle there have been no successful breaches of the Grid yet.
I don’t know if our report will succeed in penetrating that illusion yet or not (we still have a few weeks left to go), but if nothing else I hope it will inform the work of the The Committee on Energy and Commerce and the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology that changes to the division of authority between NERC and FERC must be forthcoming, and, more importantly, that cyber-related incidents must be publicly reported and investigated, and asset owners and operators must be held financially and legally accountable.
[...] NERC v FERC: A Symbol of All That’s Wrong With Securing the Power Grid – Jeffrey Carr, IntelFusion [...]
Jeff, I’m really looking forward to seeing this report and agree with you about the need for more public reporting of cyber incidents.