US One Step Closer To Electric Grid Cyberguards

coondoggie writes "The US Department of Energy this week officially opened up the bidding for a National Electric Sector Cyber Security Organization that would protect the nation's electrical grid from cyber attacks. According to the DOE, the agency has set an aggressive goal to meet the nation's need for a reliable, efficient, and resilient electric power grid, as well as improved accessibility to a variety of energy sources for generation. In order to achieve this, an independent organization is needed (PDF) to provide executive leadership to facilitate research, development, and deployment priorities; identify and disseminate best cybersecurity practices; organize the collection, analysis, monitoring, and dissemination of infrastructure vulnerabilities and threats; and enhance cybersecurity of the electric grid, including control and IT systems."

Easy

Disconnect those systems from the internet and make sure the networks they connect to are not connected to the internet.

If they want to be able to monitor, then add sensors as needed and connect that system to the internet.

Dumbasses, all around.

InfraGard

[cosm]

This seems similar to the InfraGard initiative, but standard operating procedure dictates our government must form another organization to oversee the preexisting organization that is involved the current organizations et al. Recursive agencies cost us money, and while I do advocate heavier infrastucture protection, hopefully this isn't just another bean-counting expenditure, but instead an operation that actually contributes to our infrastructure security.

Re:I have a great way to protect against cyber-att

[Doc+Ruby]

No, we should have both a secure infrastructure and an infrastructure that benefits from connecting to the public Internet. And a public Internet that benefits from connecting to the secure infrastructure.

What you're saying is like saying we shouldn't run railroads across the Wild West because it's Wild. We needed both complete railroad networks, and a governable West. And we got both. And then we got everything else that could follow on a governable, railroad accessible West.

The American Way is to do some things because not because they're easy, but because they're hard. Because those hard things yield the greatest rewards. Including proving we can do anything worthwhile we want, even when the easy cop out beckons.

Outsourced Government Security Monopoly?

[Doc+Ruby]

Some systems are properly a monopoly. The nation shouldn't have two Army services. In general security for a given political area, like nationwide, statewide or countywide are best (or perhaps just least badly) run by a monopoly governed by officials elected by the people. Certainly at the national level that is the case.

Outsourcing that job to a private corporation to hold the national monopoly is asking for trouble. There will be no pool of private competitors competing for that contract, because the national market supports only one vendor: the one who wins that contract. That circular setup means the benefits of competition to produce the best candidate will not.

There is plenty of room for outsourcing regional security work to vendors actually competing at that scale, if indeed there are multiple vendors of security to large power grids. Let the regional front line vendors compete to keep their contracts. But the monopoly at the top that actually manages those regions into a comprehensive, integrated national infrastructure defense should be within the government. Which is the only monopoly that has a chance to behave properly.