By Andy Bochman

Two weeks ago I wrote a post that ridiculed as alarmist a few quotes, including one ostensibly made by Lewis, which appeared on another well-known financial media site.

And just recently Lewis testified before a Senate subcommittee about what he likes, and what he finds wanting, in the draft bill that's looking increasingly likely to make it through Congress sometime soon.

You should note that unlike last year's Grid Act which passed the House (HR 5026 Grid Reliability and Infrastructure Defense Act), the focus of the current bill, and therefore of Lewis' testimony, is not energy sector specific. Here's one of his opening sections in which I find nothing not to like:

Reducing risk and vulnerability in cyberspace is a fundamental challenge. In considering this problem, we have learned through painful experience that market forces will not secure cyberspace and that existing authorities are inadequate for national security and public safety. The list of private sector companies, including technology leaders, whose defense have failed is long and would be longer if all breaches were disclosed. Continuing to use voluntary, market driven approach to this new national security concern is irresponsible and guarantees a successful attack against our nation.

Our sector, of course, has the NERC CIPs. Much derided in some circles, though in my mind a huge improvement over the kind of security we'd likely see from pure "market forces," the NERC CIPS are anything but voluntary. And when versions 4 and/or 5 go into effect, they'll cover many more systems and require more security controls for most.

The 2012 Cybersecurity Act aims to give DHS the lead in securing critical infrastructure and it's unclear to me how it might supplement or complement current the NERC CIPs. More on that later.