MIT palantir reveals future views of grid and grid security
By: SGN Staff
By Andy Bochman
As in the Lord of the Rings, few can look into a palantir and walk away unscathed. That's true for this recently released grid forecast from MIT, and especially for the sections on cyber security, which have served as the justification for many alarmist articles since, including:
It's funny but I just went through the security section and couldn't find anything all that alarming, and nothing that would strike the regular readers of this blog as in any way surprising.
The part that seemed to stir the press pot the most was in the conclusions and recommendations section - it began by stating that no one organization today makes and enforces grid security rules for the entire (US) grid, not FERC or NERC since they only have authority to regulate the bulk grid. Not other groups in DOE. Not DHS. Nor NIST, as its cyber security working groups can only recommend, not mandate, protective actions.
So this prompts the MIT report team to conclude:
This lack of a single operational entity with responsibility for grid cybersecurity preparedness as well as response and recovery creates a security vulnerability in a highly interconnected electric power system comprising generation, transmission, and distribution.
The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cyber security preparedness, response, and recovery across the electric power sector, including bulk power and distribution systems.
This sounds right on one level (single source of truth and control) and yet wrong on many others, particularly, as the authors themselves point out, they are hard pressed to imagine which government organization is equipped or ever could be equipped to take on so monumental a task.
But seriously folks, the MIT report is well worth a look, not so much for its cyber security content, as for its informed prognostications on other aspects of the future grid. There's no need to worry about the Eye of Sauron, or anything else unusually alarming, in this quest for knowledge.
You'll find the full report and some supplementary materials HERE, and the security section begins on page 208.
Andy Bochman is author of the Smart Grid Security Blog and an Energy Security Lead for IBM's Rational division, where the focus is on securing the software that runs the smart grid. Andy is a contributor to industry and national security working groups on energy security and cyber security. He lives in Boston, is an active member of the MIT Energy Club, and is the founder of the Smart Grid Security and DOD Energy Blogs.
You might also be interested in ...