Obama Stimulus Grants Left Power Grid Vulnerable to Cyber Attacks

A new report details how in The Department of Energy’s haste to hand out taxpayer money in the form of stimulus to upgrade the power grid, to what is known as a Smart grid, some firm’s plans were approved even though they lacked certain safeguards from cyber attacks, according to an inspector general’s report.

“Officials approved cyber security plans for Smart Grid projects even though some of the plans contained shortcomings that could result in poorly implemented controls,” states the report. “We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training.”

According to the report, 36 percent of the grant applications submitted were lacking one or more elements in their cybersecurity plans. Three out of the five cybersecurity plans reviewed were incomplete, and often didn’t address weaknesses previously identified by the Energy Department.

“We acknowledge that the security plans will evolve as systems are developed and implemented. However, this practice may be problematic in that any existing gaps in a recipient’s security environment could allow system compromise before controls are implemented,” the report states.

“Likewise, approved elements that were not well-defined in the plan could leave the system susceptible to compromise even after the cyber security plan had been fully implemented.”

The IG recommended the Energy Department ensure those that receive grants have complete cybersecurity plans that contain thorough descriptions of potential risks and mitigation strategies.

The Energy Department generally concurred with the report’s recommendations, but noted “that there are currently no federal or state standards or regulations that mandate cyber security processes or practices for electric distribution systems.”

The Senate is expected to take up legislation this week that would establish federal cybersecurity regulations for electric grid providers and other industrial sectors deemed part of the nation’s critical infrastructure.

That Energy Department statement bears repeating “there are currently no federal or state standards or regulations that mandate cyber security processes or practices for electric distribution systems.”

Since there is no federal or state standards or regulations that mandate cyber security processes or practices for electric distribution systems, maybe just maybe the Obama administration should hold off on giving millions of our tax dollars to private companies to build a smart grid that’s vulnerable to cyber attacks?

Advertisements

5 Comments

  1. So you think the government should create standards for a technology that hasn’t been developed yet? You right-wingers have a serious logic deficiency. 🙂

  2. right winger!? sorry you got the wrong guy. but do you honestly believe that the government should use our tax dollars to build a “smart grid” that doesn’t even a set standard for security!? now that sounds like a serious logic deficiency to me…

    • You can’t effectively create standards out of thin air. They should be developed in tandem with the technology.

  3. maybe you should reread the article:

    “Three out of the five cybersecurity plans reviewed were incomplete, and often didn’t address weaknesses previously identified by the Energy Department.”

    how hard is it to set security standards for weaknesses that were already identified?

  4. oh and btw smart grids are not new technology http://en.wikipedia.org/wiki/Smart_grid


Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s