back to article Utility security is so bad, US DoE offers rate cuts to improve it

The US Department of Energy has proposed regulations to financially reward cybersecurity modernization at power plants by offering rate deals for everything from buying new hardware to paying for outside help. In a notice of proposed rulemaking published earlier this week (which nullified a similar 2021 plan), the DoE said the …

  1. Mike 137 Silver badge

    A rather limited scope?

    "it could essentially include anything that could "materially improve cybersecurity," be that a product, service or info-sharing program"

    but

    "any technology mandated by the Critical Infrastructure Protection Reliability Standards (which covers a lot of typical IT hardware) or other state, local or federal law are exempt from the program"

    So, given the state of play in which technological solutions dominate, it's hard to see what is eligible.

  2. Jou (Mxyzptlk) Silver badge

    Great! Ignore security until the government pays for it.

    That is really the wrong way around. It invites to make things insecure in first place, since the government will pay for the security.

    It should be: Rigorous oversight when letting them fix the blunders with their own money + pay for the oversight on top.

    1. Yet Another Anonymous coward Silver badge

      Re: Great! Ignore security until the government pays for it.

      The government sets the prices they can charge.

      If the prices you can charge the customer is fixed then all you can do is cut costs.

      There is no "their money" to pay for cybersecurity - unless you think they should write to all the shareholders (which are pretty much all government pension funds anyway) asking them to each chip in a few bucks

  3. martinusher Silver badge

    We do security by obscurity in the US

    Billing systems apart I have absolutely no idea if our (American) utilities have any kind of accessible control for their operations. My guess is that much of the legacy equipment -- the actual power transfer infrastructure -- still uses POTS and low frequency radio. Locally we've started installing weather monitoring stations along power lines to try and forestall wildfires being started by vegetation contacting power lines but that information isn't much use to an adversary.

    If we were to do wholesale investment in our power infrastructure in the west of the US then we should replace the countless wood power poles, many dating back decades, with ones less likely to snap in a wind storm. We have a penchant for sticking high voltage transmission lines on wood poles, some of them dating back almost a century, and then tacking more and more stuff on those poles (and then acting all surprised when they snap).

    1. Jou (Mxyzptlk) Silver badge

      Re: We do security by obscurity in the US

      Your description reminds me on this positive view on the US grid...

      "That groove took about 98 years to wear in. It is not a defect. These hooks hold the electrical lines above the ground. It was a PG&Es decision to let those things hang until they broke."

    2. G.Y.

      POTS Re: We do security by obscurity in the US

      POTS is way more secure than a lot of internet stuff, esp. if you take care to dial back (preferably from another 'phone)

  4. Kev99 Silver badge

    Before the internet existed, the electric companies had a built in communications system. They ran telecomm over their own power lines. The n some goof thought it would be better to make wall street happy but running all their data over the "free" internet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like