Normally, the last thing I'd advocate is another government agency. But in the case of the smart grid, it might not be a bad idea.
The Massachusetts Institute of Technology recently concluded that the mishmash of agencies overseeing the security of the smart grid is ill equipped to handle a cyberattack. According to a Reuters article, MIT recommended that a single federal agency deal with the threat of cyberattacks on the national grid. This agency would work with the industry and have the regulatory authority to enhance cybersecurity preparedness, response, and recovery. According to the article:
While acknowledging there is no absolute insurance against such attacks, the MIT researchers said a single U.S. agency would be better able to address the problem than the disparate federal, state, and local entities responsible for various aspects of safeguarding the power grid.
Problems with managing the grid were highlighted by a rare October snowstorm that swept across the Northeast. In some states, residents were without power for up to 11 days, because repair efforts weren't properly coordinated. Crews dispatched from outside the Northeast sat idle while they waited for the OK to get to work. Some crews answered to their employers, some to the state, and others to a union. No single organization coordinated the efforts, and the results were a nightmare.
Until recently, I had a hard time imagining why anyone would try to hack into a utility. The fact is that outages in one part of the country have a far-reaching effect. Planes in California are grounded because of outages in Atlanta. Hackers aren't targeting individuals. They are targeting systems. If weather can wreak such havoc, imagine what a coordinated attack would feel like.
Other MIT recommendations cited by Reuters include:
Utilities with advanced metering technology should start the transition to customer prices that reflect the time-varying costs of supplying power, to improve the grid's efficiency and make rates lower. The electric power industry should fund research and development in computational tools for bulk power systems, methods for wide-area transmission planning, procedures for responding to cyberattacks, and models of consumer response to real-time pricing. To improve decision-making, more detailed data about the bulk power system, results from “smart grid” demonstration projects, and other measures of utility cost and performance should be compiled and shared.
Cybersecurity fears reach far beyond the grid, of course — any system can get hacked. But utilities might be vulnerable because of the market they serve. Homeowners aren't worried about their utilities being hacked. But maybe they should be.