Utility Security Is So Bad, US DoE Offers Rate Cuts To Improve It (theregister.com) 18
The US Department of Energy has proposed regulations to financially reward cybersecurity modernization at power plants by offering rate deals for everything from buying new hardware to paying for outside help. The Register reports: In a notice of proposed rulemaking published earlier this week (which nullified a similar 2021 plan), the DoE said the time was right "to establish rules for incentive-based rate treatments" for utilities making investments in cybersecurity technology. The DoE said these included products and services, and information like plans, policies, procedures and other info related to cybersecurity tech. [...] In addition to stimulating voluntary security improvements, the proposed policy also encourages utilities to join cyber threat information sharing programs, and mandates regular reports for the duration of incentives.
The DoE's proposal includes a long list of things it said would be eligible for incentive-based rate treatments. While it's too long to include here, the DoE's language about what it will allow means it could essentially include anything that could "materially improve cybersecurity," be that a product, service or info-sharing program. The DoE said that hardware incentives would have a five-year depreciation period, while activities would cease to be incentivized once they become mandatory. As for how the rewards would be applied, the proposal specifies two methods: A return on equity (RoE) of 200 base points (2 percent) that would be applied to transmission rates, and a cost-recovery deferral that would allow them to amortize equipment purchased and treated as a regulatory asset.
The DoE's proposal includes a long list of things it said would be eligible for incentive-based rate treatments. While it's too long to include here, the DoE's language about what it will allow means it could essentially include anything that could "materially improve cybersecurity," be that a product, service or info-sharing program. The DoE said that hardware incentives would have a five-year depreciation period, while activities would cease to be incentivized once they become mandatory. As for how the rewards would be applied, the proposal specifies two methods: A return on equity (RoE) of 200 base points (2 percent) that would be applied to transmission rates, and a cost-recovery deferral that would allow them to amortize equipment purchased and treated as a regulatory asset.
The Only Rule You Need (Score:3, Insightful)
You will properly secure your facilities or the CEO and a few others will go to prison for criminal negligence.
Re: (Score:2)
Of course, because the accounting theater of Sarbanes-Oxley works so well.
Re: (Score:2)
Exactly. No penalty, no reason to do the suggested action.
Same for "losing" our data to hackers. No penalty, no reason to spend money on doing it right.
How about some NEGATIVE incentives? (Score:5, Insightful)
Pass some laws saying that utilities have to meet a minimum standard if they want to be utilities, and then penalize anyone who doesn't meet it. I'm tired of our government paying corporations to do the things they should be doing anyway. Corporations are supposed to serve the public interest. That's literally the justification given for granting them a charter to exist. If they can't do that, they should fuck off and let someone who can, do.
Re: (Score:3)
It kinda works like this now: Public utilities get privatized, because more plus good (for whatever reason). The privatized companies run into issues (because of course they do, they need to make money, so they do the minimal effort required) and need to be bailed out.
Net result: They cost the tax payer more than if they would just be government owned, and they offer inferior service.
Re:How about some NEGATIVE incentives? (Score:5, Insightful)
Very much so. Privatization is one of the irrational fetishes of those that pray to the god of the "free market", which, they believe, can fix anything and everything. Of course, as human history nicely shows, this is a completely irrational belief and in actual reality a truly free market is not even stable, but typically devolves into monopolies.
Re: How about some NEGATIVE incentives? (Score:2)
Typically itâ(TM)s the other way around though. Itâ(TM)s regulation that increases the cost of doing business and requires companies to cut costs. Then the government complains and gives even more regulation. In the mean time, regulation is used against consumer rights âoebecause the government told us to do itâ is now a valid legal defense.
Leave companies alone, make them liable for their problems instead of interfering the minute they run into trouble or remove the facade and have the
Re: How about some NEGATIVE incentives? (Score:4, Insightful)
Leave companies alone, make them liable for their problems
Which is it?
or remove the facade and have the government run the companies, like the Soviet Union.
Customers of public utilities in the US generally report greater satisfaction (And pay less for equivalent service) than customers of private ones. There have of course been some big misses, but the majority of those are tied to deregulation and not the opposite.
Re: (Score:3)
That second thing, yes.
As someone who gets electricity from a public utility board, who get it from the federal government, public ownership is THE way to go. Sure, it's not perfect, but my prices are lower and my service is better than anybody stuck with for-profit electricity.
And even better the utility board is in the process of building out their fiber internet service now. Soon I'll be able to say fuck off to Comcrap, and enjoy socialist broadband for a quarter of the price and 5x the speed.
Re: (Score:3)
I wonder... (Score:1)
Are they going to have a Groupon?
Make sure the money goes to cybersecurity (Score:2)
There need to explicit contact provisions that will make it extremely painful for any utility to take the money and use the money for anything else instead. No taking the money and doing nothing for millions of dollars in easy profit. No stock buy-backs. No extra executive pay and bonuses. Not even paying other legitimate expenses.
The penalties need to be strict enough that the CFO wakes up screaming in the middle of the night because he dreamt that some clever vice president found a way to divert the funds
well the PHB got his bonus for not upgrading tech (Score:2)
well the PHB got his bonus for not upgrading tech due to the cost cutting bonus.
Now modernization is needed but we need to up our power rates to cover the cost of the hardware and software.
Idiocy (Score:2)
So, the taxpayers need to subsidize the outfits that are already ripping them off? Pass a law, obey the law or go to jail.
Re: (Score:2)
*By "American" I mean of the United States of America. There are 35 countries in America.
How we got here (Score:2)
No internet connection required, but must have a human being at each plant. Utility cost for plant monitoring = N.
The next step, connect each plant to the internet. Create a plant monitoring facility where all plants operated by the utility may be monitored by a single individual at a time. Utility cost for plant monitoring = N/number of plants.
Where we are now. Contract the monitoring of all of the plants owned by many