The editors of the Washington Post articulate the threat and risks of a cyberattack on the power grid well enough but they fall far short in proposing no solution. I’ll remedy the deficit.
Resiliency comes from high levels of maintenance, strict adherence to standards, decentralization, and redundancy. Private operators won’t implement and provide those on their own. They add costs, provide them with few benefits, and, frankly, the operators bear few risks. It’s their customers who bear the risks. I suggest applying two words to change that calculus: strict liability.
The reflex of the federal bureaucracy and those who see it as the solution to every problem is a top-down solution. As should be obvious from the experience with computing and networks over the last 30 years, a bottom-up solution will be more effective.
Throw in data breaches (e.g. Equifax) and I’m in. Now how to get this through the Congress.
If it’s not obvious, I agree. IMO strict liability is necessary to provide a spur for companies to take security seriously. As the amount of private and sensitive data on all of us held by private companies increases, it’s become obvious that stronger incentives are needed.
Uhhh no. This looks a lot like the space launch liability problem. If you make an operator TOO responsible for the costs of things going wrong, your operational costs eventually become insane because you just can’t ever have too much safety and too much insurance.
Set a limit on the maximum loss that can be inflicted on an operator, and let the feds, or maybe some greater consortium of operators, foot the bill for higher costs. Maybe adjust the maximum loss figure up or down every few years, depending on circumstances — more “regulation” to distress Republicans, but that’s life.
CNBC reporting prior breaches, and independent consultants previously advising management of security deficiency. In my business we’d be open to shareholder lawsuits and SEC investigation.
Yes, strict liability.