Electricity Grid Cybersecurity Will Be Expensive – Who Will Pay, And How Much?
电网网络安全收费将会变得更贵,谁来支付这笔费用,要支付多少呢?
928字
2019-07-11 18:47
40阅读
火星译课图片

Recently, a neighbor asked one of us whether Russia, China, North Korea and Iran really are capable of hacking into the computers that control the U.S. electricity grid. The answer, based on available evidence, is “Yes.” The follow-up question was, “How expensive will it be to prevent, and who will end up paying for it?”

最近,一位邻居问我们中的一个人,俄罗斯、中国、朝鲜和伊朗是否真的有能力入侵控制美国电网的计算机。根据现有证据,答案是“是”。后续问题是,“预防费用有多高,最终谁会为此买单?”

The answers are: Likely tens of billions of dollars, and probably us, the electricity customers. This is a major – and, in our view, vital – investment in community and national security. But as scholars of grid cybersecurity, we understand it’s not very clear what consumers will be getting for their money, nor whether utility companies themselves should bear some share of the cost.

答案是这笔费用由我们跟所有电力用户承担至少支付数百亿美元。在我们看来,这是对社区和国家安全的重大投资,也是至关重要的投资。但是,作为电网网络安全的学者,我们了解到,消费者支付了这笔钱中能得到什么,以及公用事业公司本身是否应该承担一定的成本份额还不十分清楚。

Paying for reliability

支付的可靠性

In the U.S., the electricity grid is a ubiquitous system that’s highly reliable. Most consumers expect the lights to turn on when they flip the switch, and don’t think much more about it – except when paying the monthly bill.

在美国,电网是一个普遍存在的、高度可靠的系统。大多数消费者希望当他们使用灯具时无需多虑除非是在支付每月账单的时候。

Electric power companies’ high levels of performance depend on interconnected computer systems, which are vulnerable to cyberattacks. Hackers took down portions of Ukraine’s electricity grid in 2015 and 2016, cutting power to hundreds of thousands of people. U.S. officials regularly report that foreign agents are working to infiltrate critical infrastructure systems, like computers that control the power grid. An as-yet-unspecified “cyber event” affected the power grid in California and Wyoming in March 2019, according to the U.S. Department of Energy.

电力公司的高水平性能依赖于相互连接的计算机系统,这些系统容易受到网络攻击。黑客在2015年和2016年摧毁了乌克兰部分电网,将电力削减到数十万人。美国官员定期报告说,外国特工正在渗透关键的基础设施系统,比如控制电网的计算机。据美国能源部称,2019年3月,加利福尼亚州和怀俄明州的一个尚未明确的“网络事件”影响了电网。

While media coverage and neighborly conversations have increased public awareness of the risks to the grid, most people’s thinking hasn’t changed much. People regularly evaluate how much they pay for car insurance, whether they need to buy life insurance, what the risks are of a recommended medical procedure or whether they feel safe flying in a Boeing 737 Max 8 airliner. But they rarely consider whether they’re paying the right amount to ensure that the lights come on when they’re needed.

尽管媒体报道和邻里对话提高了公众对电网风险的认识,但大多数人的想法并没有改变太多。人们定期评估他们为汽车保险支付了多少钱,是否需要购买人寿保险,推荐的医疗程序有哪些风险,或者乘坐波音737 Max 8客机是否感觉安全。但他们很少考虑是否支付了适当的金额来确保灯在需要时亮起。

But what about protection?

但是如何保护电网呢?

It can be difficult even for experts to keep track of all the potential risks to the grid, an interconnected set of industrial control systems. There are big threats from very rare events, like massive solar flares. And there are relatively minor threats from nearly certain incidents, like trees falling on wires. In between are cybersecurity concerns – which themselves can range from one individual hacker playing around to a national government orchestrating intrusion attempts into the national grid.

专家们甚至很难追踪到电网的所有潜在风险,电网是一套相互连接的工业控制系统。如大规模的太阳耀斑,会带来巨大的威胁。而且,几乎某些事件造成的威胁相对较小,比如树木倒在电线上。网络安全问题介于两者之间——从一个在周围玩耍的黑客到一个在国家电网内策划入侵企图的国家政府。

electricity

Power lines lead away from the Vermont Yankee nuclear power plant in Vernon, Vermont, Aug. 27, 2013. Photo: REUTERS/Brian Snyder 

2013年8月27日,电力线从佛蒙特州弗农的佛蒙特洋基核电站引出。

Now consider how much we, as consumers of utility service, might be willing to pay to protect against those dangers. Making a system more secure and reliable costs money, but often the economic benefits are hard to quantify. How much was saved by preventing a citywide blackout? Was it worth millions – or billions – of dollars invested in protection? Even if that could be calculated, it’s not easy to communicate effectively to the public, who regularly face many difficult choices about where to spend their limited money.

现在考虑一下,作为公用事业服务的消费者,我们愿意支付多少钱来防范这些危险。使一个系统更安全和可靠需要资金,但通常经济效益难以量化。防止全市停电节省了多少钱?它是否价值数百万美元或数十亿美元用于保护?即使这是可以计算的,也不容易有效地与公众沟通,因为他们经常面临着许多困难的选择,比如在哪里花他们有限的钱。

现在考虑一下,作为公用事业服务的消费者,我们愿意支付多少钱来防范这些危险。使一个系统更安全和可靠需要资金,但通常经济效益难以量化。防止全市停电节省了多少钱?它是否价值数百万美元或数十亿美元用于保护?即使这是可以计算的,也不容易有效地与公众沟通,因为他们经常面临着许多困难的选择,比如在哪里花他们有限的钱。

成本回收

Collectively, utility companies in the U.S. are already planning to spend billions of dollars a year on grid cyber defenses. Those investments will include securing locations and equipment, improving the security of the utility supply chain, and continuous training and workforce development. This spending in turn brings up another complication: Most electricity utilities are highly regulated by the government, so they have to provide a certain level of service and spend money on required compliance activities. In return, those utilities are permitted to recover a certain return on their investment.

总的来说,美国的公用事业公司已经计划每年花费数十亿美元用于电网网络防御。这些投资将包括确保位置和设备的安全,提高公用事业供应链的安全性,以及持续的培训和劳动力开发。这项开支反过来又带来了另一个复杂的问题:大多数电力公司都受到政府的高度管制,因此他们必须提供一定程度的服务,并将资金用于所需的合规活动。这些公用事业公司可以获得一定的投资回报。

When utility companies’ costs rise, they typically ask for permission from regulators to raise the prices they charge customers. What those customers can ask for, and in our view what regulators should insist on, is clear information about what those charges will be paying for.

当公用事业公司的成本上升时,他们通常会要求监管机构允许他们提高向客户收取的价格。在我们看来,这些客户可以要求的,以及监管机构应该坚持的,是需要清楚地了解关于这些费用将支付的明确信息。

Right now there is ongoing research exploring what the best practices are for cyber defense of public utilities, but there is only limited useful information about what those measures should cost. Ultimately, consumers can reasonably expect to shoulder some of the cost – but should get as much information as possible about the benefits that will result from the rates they’re paying.

目前正在进行的研究正在探索什么是公共设施网络防御的最佳实践,但是关于这些措施的成本只有有限的有用信息。归根结底,消费者可以合理地期望承担部分成本,但应该尽可能多地了解他们他们支付这笔钱所给他们带来的好处。

Dominic Saebeler is an adjunct instructor of Business Administration at the University of Illinois at Springfield. Manimaran Govindarasu is a professor of Electrical and Computer Engineering, Iowa State University. It was written in collaboration with Wei Chen Lin of the Illinois Commerce Commission.

多米尼尔赛伯勒是伊利诺伊大学斯普林菲尔德分校的工商管理辅导员。马尼马兰戈文达拉苏是爱荷华州立大学的电子和计算机工程教授。该书是与伊利诺伊州商业委员会的魏晨林合作撰写的商务合同。

This article originally appeared in The Conversation. Read the article here. 

这篇文章最初出现在对话中,点击这里阅读文章

0 +1
举报
0 条评论
评论不能为空