RSA Panel: Don't Be Stupid About Protecting The Smart Grid
That was the takeaway Wednesday during a panel discussion at the RSA Conference on protecting the country's smart grid, the digitally enabled electrical grid under construction nationwide. Because the Internet plays an important role in controlling the smart grid, experts worry that it also provides an inroad for cyberterrorists to raise catastrophic havoc.
Within Congress, the debate is how much regulation is needed to ensure that companies build adequate security defenses. An audit released in January by Inspector General Gregory H. Friedman of the Energy Department found that a rush by the agency to spend federal stimulus money led to one-third of the receiving utility companies building strategies with "shortcomings" that left the nation's power grid vulnerable to cyberattacks, The Washington Post reported.
[Related: What's Hot At RSA 2012? 18 Products To Look For ]
In the Republican-controlled House, a task force formed by House Speaker John Boehner found that government should be a security overseer of systems that if damaged, destroyed or taken over by cyberterrorists could cause many people to die, massive evacuations or major disruptions in financial systems, panelist Kevin Gronberg, senior counsel at the U.S. House Committee on Homeland Security, said.
The task force also recommended that current regulators of critical systems be responsible for finding security gaps and using current standards, such as those set by the International Organization for Standardization or the North American Electric Reliability Corporation, to correct the shortcomings.
"It's a structure that we believe takes an extremely light touch, because government has a role, but we have to be measured and rational with our use of government funding and government authority," Gronberg said.
Whether that approach would fly in the Democratic-controlled Senate is an open question. Even within the Republican Party, there's been no consensus reached on the extent of government involvement.
"There's a battle for the soul of the Republican Party on this issue between the national security guys and the Libertarian [and presidential candidate] Ron Paul wing of the party," Stewart Baker, former assistant secretary for policy at the Department of Homeland Security, said.
While the intelligence community is clamoring for more authority, the U.S. Chamber of Commerce is lobbying for fewer government mandates. "We'll see how this turns out in the long run," Baker said.
Because such debates lead to strong lobbying efforts on all sides, a solution is not yet in sight, said panel moderator Phyllis Schneck, chief technology officer for the public sector at security vendor McAfee, owned by Intel. In the meantime, well-funded cyberterrorists without any legal barriers are sharing information and building criminal networks, she said.
"I would urge us not to forget the intellect, the funding and the agility that this adversary has," Schneck said. "There are ways to do very bad things and we have to take those risks very seriously."