From his Q &A with Deborah Kalb:
Q: In the book, you describe the U.S. as a country unprepared for a cyberattack on its power grid. Why do you think this degree of unpreparedness exists today, and what are your suggestions for what the government can do to prepare?--Marshal Zeringue
A: For all its many virtues, democracy can be an inhibiting factor when it comes to government responding quickly and forcefully to a looming danger. The electric power industry sometimes appears more concerned about maintaining its deregulated status and preserving its privacy than it is with protecting itself against cyber attacks. As things now stand, the federal government can only enforce regulations that the industry itself has approved by a two-thirds majority.
The very fact that the power industry is made up of 3,200 companies, all of which are interconnected but many of which are poorly protected, provides would-be cyber attacks with multiple points of accessibility. Like any chain, the power industry is only as strong as its weakest link when it comes to keeping out hackers.
Add to that the fact that many key components of the industry, such as large power transformers, are (on average) 38-40 years old, very expensive ($10 million and up), huge and difficult to transport and mostly produced overseas, and you get some sense of why the industry is vulnerable.
The government cannot simply order changes and the Chamber of Commerce, in particular, has been obstructive in...[read on]