Report: Utilities focused on regulatory compliance instead of cybersecurity
A recent report by the Government Accountability Office (GAO) found that utilities companies’ attention has been diverted from effective cybersecurity in order to focus on compliance with federal and state regulators.
“The existing federal and state regulatory environment creates a culture within the utility industry of focusing on compliance with cybersecurity requirements, instead of a culture focused on achieving comprehensive and effective cybersecurity,” the July 17 GAO report said.
It also found that experts “expressed concern that there was a lack of clarity about the division of responsibility between federal and state regulators, particularly regarding cybersecurity.”
“While jurisdictional responsibility has historically been determined by whether a technology is located on the transmission or distribution system, experts raised concerns that smart grid technology may blur these lines,” the report continued.
The report echoes the concerns of congressional Republicans, who have fiercely opposed a controversial cybersecurity bill aimed at increasing the regulatory regime utilities companies are under. Arizona Republican Sen. John McCain attacked Democratic Sen. Majority Leader Harry Reid’s zeal on Monday for prioritizing the passage of the bill — called the Cybersecurity Act of 2012 — over a full defense budget.
Reid has favored this bill, aiming to push it through the Senate before the August recess. The vote is expected to come as early as Thursday. McCain assured his colleagues on Monday that, despite their best efforts to produce a compromise with Republicans on the bill, it has no chance of passing through the House.