General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsCan Utility corporations be Trusted with their own Security?
If you're gonna regulate anyone, utilities kind of come to mind.
...
Theres another point where security experts seem to have broad agreement, and it doesnt bode well for U.S. cybersecurity preparedness: That the new bill that Obama advocates on behalf of in his op-ed, the Cybersecurity Act of 2012, has been neutered to the point of ineffectuality.
Lieberman originally introduced the bill in February but the Senate has been slow to act on it, with Republicans critical of provisions that would give the Department of Homeland Security the power to require that so-called critical infrastructure operators namely utilities companies to put certain cybersecurity measures in place.
Now that power has been stripped from a new version of the bill introduced by Lieberman and his cosponors on Thursday.
Even if Congress passes cyber security legislation, it wont stop this threat, Carr said. Thats the real story. No one including the President has the political will to force privately owned companies to spend whats needed to protect our critical infrastructure, even if that spending drives down profits for a short time. The current legislation is entirely on a voluntary basis, which is utterly useless.
...
http://idealab.talkingpointsmemo.com/2012/07/president-obamas-warning-on-cyber-attacks-divides-experts.php?ref=fpnewsfeed
dballance
(5,756 posts)I think many people would be pleasantly surprised at the lengths our Cybersecurity team went to to protect our computer networks. It was always a constant pain in the ass to comply with all their rules but they could dead-stop any new system or code from going into production if it didn't meet the standards. All this was done because the people at the top, our CIO, CEO, and board realized it was actually necessary so they authorized the expenditures.
I think they actually realized allowing some nefarious group to take over our network and possibly shut down power that might be supplying power to hospitals, police and fire stations would not only be bad for customers but really bad for the bottom line.
It is also important to note that there were at least two networks there. The one called Energy Management System or EMS that actually controlled the Grid was physically separate from the network that supported more typical corporate functions like customer service, and accounting. There was yet another physically separate network that provided our web presence and all the functions customers could get to.
I'm not going to say no one will ever figure out a way to get into the EMS system and maybe create havoc but I know we did everything we could to prevent it with the full support and encouragement of Senior management.