Cybersecurity Problems Found in Electrical Infrastructure

Saturday, April 07, 2012

Joel Harding


How shocking! Once again the private sector, in this case the Bonneville Power Administration, which supplies wholesale electric power to regional utilities in the Pacific Northwest, was found to be non-compliant in a number of areas, according to an article at

To me this smacks of a for-profit utility finding it more expedient to maximize profits before maximizing security for a critical infrastructure.  “We the People”, our security, once again, takes a back seat to doing the right thing.

The Department of Energy’s Office of Inspector General was performing an audit and found significant problems with the system.  Of course Bonneville Power Administration responded that the report contained “erroneous assertions”.

This points out a number of problems. DOE is in charge of locating and fixing critical infrastructure problems within the energy sector.  Do they, in turn, report to DHS if it has to do with critical infrastructure?

Does DHS oversee DOE’s cybersecurity problems, their critical infrastructure problems or…?

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Industrial Control Systems
SCADA Cyber Security Security Audits Infrastructure DHS National Security DOE ICS Industrial Control Systems
Post Rating I Like this!
Kent Norton Would it be possible to keep the socialist comments to your own blog? Clearly, in your opinion, the Public Sector is oh so much more secure than the evil, greedy private sector company. Get real.
Joel Harding Socialist? Oh shame... me, the All-American kid, decorated combat veteran, etc...

What I didn't know, when I wrote the article, is that Bonneville is actually a federal agency (believe it or not), they're not a for-profit corporation. My bad.

Sorry, Kent, the "evil, greedy private sector" companies will never budge if there is to be a profit made by not complying unless... *gasp* they are the exception. Where you work might qualify as the exception, but we can cite a lot more in non-compliance for every exception.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.