"A spoonful of sugar helps the medicine go down.."
Or at least, that's what Mary Poppins says. Personally, I have my doubts about her training as a medical professional – anyone who talks to their umbrella really shouldn't be prescribing drugs to minors if you ask me.
So, I was reading through the article in Infosecurity on Yvette Clark's comments about the near-certain attack on our grid. Well, I can agree with her there. I'd go further – I'd say that attacks on the grid are a lot more than near-certain, I'd bet the bank on it.
But.
But there's a big difference between an attack, and a successful attack and there’s an equally big difference between types of attack too. Therein lies the rub (or maybe it’s the spoonful of sugar to sweeten this particular bitter pill).
As can often be the case when discussing "cyber-attacks", there seems to be a lot of sweeping statements and not a lot of clear thinking. Yes, there certainly have been significant outages in the powergrid; no, they haven’t been caused by cyber-attacks. The power grid is indeed an important part of our infrastructure, but exactly what are we concerned about here? Fragility in the underlying structure? Ok. But teams of Chinese government hackers putting the lights out in Manhattan? Really? And this helps China how? Last time I checked, folks like China have plenty invested in our country – shutting down the power grid would hardly be good news for them.
OK, so maybe it's a "rogue" nation like Iran or a terrorist organization? That seems a little more plausible, but frankly at this point we're straying into territory more at home in a Tom Clancy novel. Has there been any credible evidence of a terrorist group with either the desire or the ability to shut down part of our power grid and, more importantly, to do so in a way that would materially impact our day-to-day lives? (No, I don't count missing "Dancing with the Stars" as materially impactful. Sorry.)
Yes, we need to make sure that our electricity grid is secure and yes, people need the lights to stay on. Of course there are threats to the grid, and frankly, as the grid becomes "smarter" and more interconnected, the nature of those threats will change. But let's be 100% clear about the type of threat we are securing against. I would strongly suggest that if our experience with the Internet is anything to go by, threats are much more likely to come from criminals looking to make money than from shadowy figures hoping to send us all back into the dark ages (literally).
To implement better security across our national network of power grids is going to cost everyone a lot of money. Let's not waste it on defending against phantom threats. Security spending is always a balance of cost and risk – my concern is that if we blow the cash on keeping out the boogeyman, we'll be very sorry when that electricity bill finally comes in the mail.