Did I write about this already? It does not look like it. Shame, as I have been doing a bunch of FISMA writing and this article has been floating in my head for a while now. Better late than never, as they might say in NERC.
US Representative James Langevin, chair of the House Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, said he had “little confidence” that the North American Electric Reliability Corporation (NERC) has fully addressed a vulnerability code-named Aurora, in which electric utilities generators and other equipment comes to a grinding halt.
“I still do not get the sense that we are addressing cybersecurity with the seriousness that it deserves,” Langevin said, according to this report from IDG News Service. “I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security of this import. If NERC doesn’t start getting serious about national security, it may be time to find a new electric reliability organization.”
Yeah, go Langevin. While I can appreciate the concerns of some who say keep the whole thing offline forever, the reality is that the network is here to stay and there are real cost benefits to remote access, control and reporting. The trick is providing a secure solution, rather than throwing out the baby with the bathwater.