Every Friday, I present a topic or question for our merry band of thinkers, leaders, and pirates to discuss in an open thread. Here is this week’s conversation starter:
President Biden is rolling out a massive $2 trillion “infrastructure plan.” The plan includes at least $100 billion for a variety of infrastructure priorities, including modernizing the electric power grid and protecting it from cyber threats.
Question: Should the US government fund, or help fund, making critical infrastructure more cyber resilient — even though more than 70% of this infrastructure is privately owned?
Virtually all of the "privately-owned" power grid assets in the US are owned by regulated utility and generation companies. Among other regulations, these companies are subject to oversight by NERC (the North American Electric Reliability Corporation), which is responsible for ensuring energy industry compliance with Critical Infrastructure Protection (CIP) standards
The proper role of the federal government would be to ensure that CIP standards adequately addressed cyber threats, including providing technical and research support to NERC as required.
The cost of whatever additional measures the utility and generation companies needed to take to meet cyber-augmented CIP standards would be borne by those companies and passed to their customers (us). This is a far more efficient way to fund cyber hardening than if the federal government directly funded it, and raised our taxes to do so.
Why? Because the cost would be borne directly and proportionately by those who benefit. The federal government may collect additional taxes in the name of solving specific problems, but then spends the money for other political priorities.
A simple example is the Highway Trust Fund, an entity originally set up to collect federal motor fuel taxes and fund the maintenance and expansion of nation's highway infrastructure. It worked well for a while, but ultimately the federal government began looting the HTF to use for welfare and other political priorities. The result is that the nation's highway infrastructure has been severely neglected for over four decades, with the "new" answer being more taxes to fund a $2 trillion infrastructure program.
In a situation like this the government reasonably has a role creating uniform standards and requirements that are a framework for success. Requirements should be effects-based: what the utilities must achieve in cyber-security, not how. Meanwhile the standards should form the testing criteria against which the utilities' compliance is tested.
There are critical nodes that are of national security significance that should be protected and yes, even if they are in part or in whole owned by private sector entities, they play a crucial role in daily operations and the safety of the citizenry. Therefore, their protection is also the responsibility of the government.
Very glad to see this Bill as our infrastructure is a mess right now and not just the grid but also bridges, dams and roads. This is something we desperately need to improve travel, logistics and security within the US.
What the federal government should is adopt a more secure system/standard for communications such as ATM or switched virtual circuits. The world has demonstrated that it’s impossible to secure Internet Protocol communications.
This bill pushes forward a left wing agenda. It contains some needed federal infrastructure repairs and mostly pet projects that the markets have avoided because there has been no public desire. The government needs to focus on their Constitutional duties which doesn’t include trans surgeries for the military while we fall behind China in hypersonic. Most of this is wasteful.
I absolutely agree that there is far too much government in everything, and asking them to update our power grid is like handing the keys for hen house over to the fox. There's nothing as permanent as a "temporary" government anything! However, with that said, our power grid is in desperate disrepair. For example, as evidence in California, they had blackouts during the fire season last year because of the terrible state of their power lines, which has occurred under decades of Democrat-control mismanagement. Unfortunately, Californians are the ones left to suffer the consequences, not the politicians, most notably the governor. Although California is likely the worst-case scenario in the country, many studies have indicated power grids throughout the country are old, failing and need hardening against a possible EMP attack. It's obvious the cited rules and regulations are not addressing the problem, nor holding the private ownership(s) to account with hefty fines and maybe prison time, so what other options are available? We, as a nation, can ill afford a massive power grid failure in one or several states, let alone the entire country! As abhorrent the idea is of having the federal government take over yet another facet of our lives, perhaps it's the only viable solution at this point???
Agree that Feds should provide the criteria & enforcement to secure our electric grid but no way do they need to take over private ownership. SSA is good example of politicians unable to keep their hands of money that belongs to others.
Friday Sync-Up: Securing Cyber Infrastructure
Virtually all of the "privately-owned" power grid assets in the US are owned by regulated utility and generation companies. Among other regulations, these companies are subject to oversight by NERC (the North American Electric Reliability Corporation), which is responsible for ensuring energy industry compliance with Critical Infrastructure Protection (CIP) standards
The proper role of the federal government would be to ensure that CIP standards adequately addressed cyber threats, including providing technical and research support to NERC as required.
The cost of whatever additional measures the utility and generation companies needed to take to meet cyber-augmented CIP standards would be borne by those companies and passed to their customers (us). This is a far more efficient way to fund cyber hardening than if the federal government directly funded it, and raised our taxes to do so.
Why? Because the cost would be borne directly and proportionately by those who benefit. The federal government may collect additional taxes in the name of solving specific problems, but then spends the money for other political priorities.
A simple example is the Highway Trust Fund, an entity originally set up to collect federal motor fuel taxes and fund the maintenance and expansion of nation's highway infrastructure. It worked well for a while, but ultimately the federal government began looting the HTF to use for welfare and other political priorities. The result is that the nation's highway infrastructure has been severely neglected for over four decades, with the "new" answer being more taxes to fund a $2 trillion infrastructure program.
In a situation like this the government reasonably has a role creating uniform standards and requirements that are a framework for success. Requirements should be effects-based: what the utilities must achieve in cyber-security, not how. Meanwhile the standards should form the testing criteria against which the utilities' compliance is tested.
There are critical nodes that are of national security significance that should be protected and yes, even if they are in part or in whole owned by private sector entities, they play a crucial role in daily operations and the safety of the citizenry. Therefore, their protection is also the responsibility of the government.
Very glad to see this Bill as our infrastructure is a mess right now and not just the grid but also bridges, dams and roads. This is something we desperately need to improve travel, logistics and security within the US.
What the federal government should is adopt a more secure system/standard for communications such as ATM or switched virtual circuits. The world has demonstrated that it’s impossible to secure Internet Protocol communications.
That the founders "envisioned"
The Federal govt is involved in far more things than the original founders ever invisible. Stay out of private business, reduce red tape.
This bill pushes forward a left wing agenda. It contains some needed federal infrastructure repairs and mostly pet projects that the markets have avoided because there has been no public desire. The government needs to focus on their Constitutional duties which doesn’t include trans surgeries for the military while we fall behind China in hypersonic. Most of this is wasteful.
I absolutely agree that there is far too much government in everything, and asking them to update our power grid is like handing the keys for hen house over to the fox. There's nothing as permanent as a "temporary" government anything! However, with that said, our power grid is in desperate disrepair. For example, as evidence in California, they had blackouts during the fire season last year because of the terrible state of their power lines, which has occurred under decades of Democrat-control mismanagement. Unfortunately, Californians are the ones left to suffer the consequences, not the politicians, most notably the governor. Although California is likely the worst-case scenario in the country, many studies have indicated power grids throughout the country are old, failing and need hardening against a possible EMP attack. It's obvious the cited rules and regulations are not addressing the problem, nor holding the private ownership(s) to account with hefty fines and maybe prison time, so what other options are available? We, as a nation, can ill afford a massive power grid failure in one or several states, let alone the entire country! As abhorrent the idea is of having the federal government take over yet another facet of our lives, perhaps it's the only viable solution at this point???
Agree that Feds should provide the criteria & enforcement to secure our electric grid but no way do they need to take over private ownership. SSA is good example of politicians unable to keep their hands of money that belongs to others.