The Christian Science Monitor is running a story I wrote this week on the security of the electric grid. In the piece, I take a look at whether the electric industry is soft-pedaling cyber risk. From the piece:
“For all the huffing and puffing in Washington D.C. policy circles about the hack of Sony Pictures being an act of “cyber war,” for security experts who have been working within the power sector, however, the dire warnings are not news. They would not have been news last year, or the year before. In fact, (NSA Chief Mike) Rogers’ dim assessment of the US power sector’s readiness to face and withstand a cyberattack has been shared and articulated within the power industry for seven years.
“Why is it that the US power grid in 2014 is not better prepared to keep nation-state hackers at bay, or to withstand a critical cyberattack? Some of the power industry’s top experts on cybersecurity say that the fault may lie with the industry itself, which has downplayed the risk of cyberattacks on the power grid.”
One of the key ideas is that cyber risk management among private grid owners has followed a similar path as for other private sector firms. The focus, in other words, is on “risk management.” However, in the case of the electric grid, the consequences of failure are such that even remote or unlikely “risks” (like a cyber attack) may justify large and costly investments to prevent.
You can read more via “If cyberwar erupts, America’s electric grid is a prime target” – CSMonitor.com.