Worked on this problem 10 years ago, power distribution companies were sleepy enterprise environments with workforces who were just not equipped to respond to internet technologies, let alone threats. Even the lightweight requirements of NERC/CIP were treated as alien. The best security was in the smart meter infrastructure, which was designed around redundancy and combating fraud, but certainly not national security.<p>I don't think this is something we fix, it's something we evolve and move on from. My impression was the only real future relative to a grid security crisis is in storage and renewables, with more localized generation. The alternative is basically nationalization.
This is one of those things that I hear the security community talking about a lot, but it has very little mainstream traction.<p>This actually surprises me because I would intuit that people would be drawn to hysterics about massive grid failures. Look at what happened in New York City.<p>And there are many smaller things that get even less consideration. Like the Tesla Powerwall Hack [0]<p>Either some big incident is going to happen that makes us shape up real quick, or we’re going to have a little foresight and proactively upgrade the security of our critical infrastructure.<p>[0] <a href="https://news.ycombinator.com/item?id=21610981" rel="nofollow">https://news.ycombinator.com/item?id=21610981</a>
It is poor decision making putting power systems on the internet.<p>All power companies have end to end land access and already have scada etc physical links between all switchyards and can run their own microwave links where necessary so no need for ANY infrustructure to be accecible from the internet.<p>Its lazy cheap decision making.
Somewhat related, but the book Countdown to Zero Day is about both the Stuxnet worm and the potential for digital attacks on infrastructure. Very good read and intro to the topic. <a href="https://www.amazon.com/dp/B00KEPLC08/" rel="nofollow">https://www.amazon.com/dp/B00KEPLC08/</a>
Sadly it looks like they have won so comprehensively.... they have stopped boasting...<p><a href="https://cybersquirrel1.com/" rel="nofollow">https://cybersquirrel1.com/</a><p>The cybersquirrels have won.