Cyber security: Power grid grows more vulnerable to attack, report finds
'Smart grid' features and Internet-based connections to the US power grid are proliferating, increasing pathways for would-be cyber attackers, says a study from MIT. What to do?
(Page 2 of 2)
In May, the White House offered its plan to put the grid in DHS hands. In July, a Senate bill proposed putting oversight authority with FERC and DOE. Action could come in the Senate as soon as January.Skip to next paragraph
Subscribe Today to the Monitor
None of these portend a single body with national regulatory oversight of cybersecurity standards – and not just for bulk power that is transmitted long distances over high-voltage lines, but also for local distribution systems, the MIT report notes.
"The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cybersecurity preparedness, response, and recovery across the electric power sector, including bulk power and distribution systems," the study recommended.
The report regards cyberattacks as inevitable. Therefore, the US needs another specialized entity to conduct forensic investigations – something akin to the National Transportation Safety Board (NTSB) that, in the transportation world, swoops in to analyze the causes of accidents and recommends action, the study says.
Other experts endorse the findings.
"The report correctly concludes that the complexity and diversity of communications will make prevention an impossible task," writes Michael Assante, former chief security officer for NERC, in an e-mail. "It will be very important that the industry is able to learn from mistakes and near misses in order to best manage operational risk to the system. I fully support the concept of establishing a NTSB-like function with industry involvement that spans the entire system from Generation to Distribution."
James Lewis, a senior fellow and cybersecurity analyst at the Center for Strategic and International Studies, a think tank in Washington, agrees that a single agency is needed to make the grid cybersafe.
"We need one place that has the authority and expertise and pays attention to cybersecurity or we'll wake up one day and the lights won't go on," he writes in an e-mail interview. "The Administration and some on the Hill want that place to be DHS, but there is a lot of skepticism that can only be overcome by actual accomplishment. Right now, no one makes sure the grid is secure and it is our biggest vulnerability to attack."