And as in the Lord of the Rings, few can look into a palantir and walk away unscathed. That's true for this recently released grid forecast from MIT, and especially for the sections on cyber security, which have served as the justification for many alarmist articles since, including:
- Electric Grid's Future: Increased Risk of Attack
- Smart Grid: There will be a Successful Attack
- US Power Grid is a Big, Soft Target for Cyberattack, MIT Study Shows
- Is Smart Grid Security a Losing Game?
It's funny but I just went through the security section of the MIT document and couldn't find anything faintly, and nothing that would strike the regular readers of this blog as in any way surprising.
The part that seemed to stir the press pot the most was in the conclusions and recommendations section - it began by stating that no one organization today makes and enforces grid security rules for the entire (US) grid, not FERC or NERC since they only have authority to regulate the bulk grid. Not other groups in DOE. Not DHS. Nor NIST, as its cyber security working groups as they can only recommend, not mandate, protective actions.
So this prompts the MIT report team to conclude:
This lack of a single operational entity with responsibility for grid cybersecurity preparedness as well as response and recovery creates a security vulnerability in a highly interconnected electric power system comprising generation, transmission, and distribution.And recommend:
The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cybersecurity preparedness, response, and recovery across the electric power sector, including bulk power and distribution systems.This sounds right on one level (single source of truth and control) and yet wrong on many others, particularly, as the authors themselves point out, that they are hard pressed to imagine which government organization is equipped or ever could be equipped to take on so monumental a task.
But seriously folks, the MIT report is well worth a look, not so much for its cyber security content, as for its informed prognostications on other aspects of the future grid. There's no need to worry about the Eye of Sauron, or anything else unusually alarming, in this quest for knowledge.
You'll find the full report and some supplementary materials HERE, and the security section begins on page 208.
Image credit: Wikia