Motivation through compensation: Paying utilities to upgrade cyber defenses
By: SGN Staff
By Andy Bochman
Now we're getting somewhere! The long-submerged topic of "who should pay" for electric utility cybersecurity improvements has just breached the surface and is now bobbing up and down in clear daylight.
A recent article in Bloomberg documents several large U.S. utilities' efforts to recover current and future cybersecurity investments the same way they get paid for other infrastructure programs: by getting clearance from their state utility commissions to approve these expenses in their rate cases.
Actually rate payers (aka electricity customers) will pay one way or another, as they should, for the essential service that makes our modern lifestyles possible. Possible methods of payment include:
- Absorbing the costs to their businesses and their lives associated with brownouts or blackouts or electricity quality issues stemming from successful attacks on control centers or systems
- Paying more every month to cover some, most or all (TBD) of their utilities' cyber-protection expenses
- Or, as Pepco CIO Doug Myers said, as cited in the Bloomberg article, allowing utilities to be reimbursed through federal grants