The importance of the energy sector as the underlying engine of the U.S. economy has put a target on the backs of almost every utility in the country.
Industry, regulators and others are all well aware of the risks associated with outdated and vulnerable IT systems. But as a string of recent cyber rule violations has shown, the regulatory framework requires refinement to prevent a large-scale attack.
Recent reports of repeat offenders have further called the industry’s cybersecurity efforts into question. Some of the country’s largest utilities, including Duke Energy, PG&E and DTE Energy have recently been sanctioned by federal regulators for violating the North American Electric Reliability Corporation’s (NERC) critical infrastructure protection (CIP) rules.
“Self-regulation, rarely, if ever, is effective, and in this case, it clearly is not working.”
Tyson Slocum
Director, Public Citizen’s Energy Program
In February, North Carolina-based Duke Energy agreed to the largest cybersecurity-related penalty in NERC’s history, a $10 million fine. As a result, the current practice of keeping the names of violators confidential in order to encourage…
