When learning about the system, the first thing that stuck out to me was how primitive, from a technological standpoint, it was. There were no alarms that alerted the power company when the power went out, it relied on calls from end users; the ultimate advance in handling downed high voltage power lines were rubber gloves and boots; and meters were still being read by service men and women who traveled door to door.

Deregulation was really what began to kick off a technological revolution in the industry and the Internet became the vehicle that allowed the market to be open to independent power and services vendors. California created the Independent Systems Operator (CalISO), a wholesale power clearinghouse that HQ’s in a state-of-the-art control center no doubt built on an IP infrastructure, independent technology vendors began to flood the market with “cost-effective” meter reading devices that operated through cellular relays and the Internet, and companies like Enron and Duke Energy played on the wholesale market through Internet-based trading floors. Fast forward to 2000, I was out of the power industry but heavily immersed in the middleware business as a communications manager for a major supplier. In addition to providing EAI for ERP vendors like SAP, one of the company’s primary markets was energy. It supplied much of the middleware that integrated trading applications.

In ’97 and 2000, the world was abuzz with integration and Internet-enabled technologies that were fueling the IT revolution for sure; no one was talking about security though. I can distinctly remember PeopleSoft’s (now Oracle) VP of marketing talking about the importance of 8′s pure HTML design during the big launch, but I can’t once recall him mentioning security.

Fast forward to today. The Wall Street Journal, CNN, Network World, CNET and SC Magazine have all printed features about a recent report that points out that cyber spies have infiltrated the US power grid via the Internet, leaving behind software (malware and bots I guess) that can feed back information and even allow them to disable the system.

As a communications manager with a power company in ’97, I read through hundreds of pages of deregulation related materials, as a communications manager with a middleware company I was immersed in Internet-based EAI daily, I can say with some degree of confidence that no one saw the security threats coming.

It will be interesting to see where this story heads. Could this be what sparks the next Microsoft-sized technology innovation wave? If a bot, malware, worm or something along these lines leads directly back to a foreign government’s intelligence agency, will that be what really forces technology to develop based on security first? It’s one thing to hack a defense system and get some information about defensive strategy of weapons development, being able to shut down the power is an entirely different matter. Imagine, all of the sudden, the power supply to Manhattan, San Francisco, Chicago, LA and Dallas shutting down – all at the same time. Remember the Road Warrior sequel Mad Max Beyond Thunder Dome — who really rules Bartertown?

Posted By Joe Franscella