Ginter nonetheless acknowledges that the new standards are "much better than nothing" noting that, without regulation, many utilities would do little to secure their power station control systems. The NERC CIP standards, he adds, are designed to catch the stragglers -- companies that don't have any procedures in place.
Some firms are taking grid security into their own hands. San Francisco-based Pacific Gas and Electric Company, a subsidiary of PG&E Corp. (PCG - Get Report), recently hired a former Sears Holdings (SHLD) security executive to serve as the company's CIO. And The Southern Company (SO - Get Report), an Atlanta-based utility with more than 42,000 megawatts of generating capacity, has even hired hackers to identify vulnerabilities.
Uncovering the Disruptors
Opinions are divided on who could attack the power grid.Many experts think that the extensive research and technology resources needed would make an enemy nation the likeliest perpetrator. North Korea, for example, was suspected of being behind the major denial of-service attack on the U.S. government in 2009. Additionally, the Wall Street Journal, citing intelligence officials, has reported foreign "cyber-spies" from China, Russia and other countries infiltrating the U.S. energy grid. Weiss, however, thinks that smaller, less well-resourced groups, could also perpetrate an attack. "We can now go to the Internet and get these exploits without having to be a national lab or a nation state," he said. "You don't have to be an Iran or an Al Qaeda or anything else to do this." Perhaps highlighting the extent of the threat to critical U.S infrastructure, the Pentagon recently said that it would consider a military response to a major cyber-attack against the U.S. "The Pentagon wanted to make it clear that we reserve the right to respond with conventional munitions or any other conventional means," said Harry Raduege, a retired Lieutenant General in the U.S. Air Force, who is now chairman of the Deloitte Center for Cyber Innovation. Raduege, however, thinks that it is not just the U.S. power grid that's at risk. "There could be attacks on any of our critical infrastructure like telecoms, financial systems and, transportation and government services," he told TheStreet. "We have heard about weapons of mass destruction, but cyber terrorism could create a weapon of mass disruption." --Written by James Rogers in New York. >To follow the writer on Twitter, go to http://twitter.com/jamesjrogers.