1

By Andy Bochman

Your letter references the voluntary program that the Cybersecurity Act of 2012 would have created to “empower the private sector to collaborate with the government and develop dynamic and adaptable voluntary cybersecurity practices.” We want to be clear that we do not oppose such a regime, provided it does not seek to supplant the existing regulatory structures and public-private coordination already taking place in the electric and nuclear power sectors, even in the absence of new cybersecurity legislation.

So with extreme caveats, the industry groups would have (and do) embrace the basic thrust of the recent bill. Let's do one more ... this one is from near the closing ... and it corroborates what I've been hearing utility execs plea for lately:

Given the differences of opinion evident in the Senate debate, it may be difficult for Congress to agree on a government-wide framework for cybersecurity that accounts for all 18 critical infrastructure sectors ... In the meantime, in the absence of consensus, we would encourage Congress to act on legislation improving information-sharing capabilities among government and industry.

Got the idea? Now get the whole thing ... HERE. I hope others find this as significant a development as I do, and let's see where this conversation takes us.

Andy Bochman is author of the Smart Grid Security Blog and an Energy Security Lead for IBM's Rational division, where the focus is on securing the software that runs the smart grid. Andy is a contributor to industry and national security working groups on energy security and cyber security. He lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.  

You might also be interested in ...

DOE to utilities: Create cybersecurity governance NOW

White House considers executive order after failed cyber security legislation