In this month’s (September/October 2011) EnergyBiz magazine, the President
and CEO of MEAG Power stated: “There’s been an awful lot written about
cyber security and the threat of it. There are a lot of people who want to
spend a huge amount of money on something that we have not necessarily
identified. There have been some hackings into some certain systems around
the country, but show me an event where we’ve lost systems due to cyber
terrorism. I’m not aware of one.” Lonnie Carter, the President and CEO of
SanteeCooper, stated: “There’s not a utility in this country that does not
do everything possible to keep its systems reliable, and that would not act
on any threat that it understood and had a way to mitigate or eliminate it.
Explain the threat to us and we will work on it. Congress is going to have
to decide who in our government is responsible for identifying and
communicating those threats to us.”
It should be evident from these two respected CEOs of public power
utilities they don’t understand nor believe that cyber is a threat to their
systems. I don’t believe they are alone. I also believe the NERC CIP
compliance exercise has made the perceived cyber threat less tangible by
making it a compliance exercise. Is there a better reason for Congress to
mandate real security?
Joe Weiss