Comment Assume it isn't secure (Score 3, Insightful) 117
The worst thing they can do is to secure it and then depend upon the security working. Thus the system should be designed so that if it is hacked every other Monday that it can survive. There have been a number of recent (last 20 years) events that have shown that single points of failure can have devastating effects. So make sure that if terrible things happen that a lesser grid can be maintained manually.
A great example of this would be a local grocery store chain's SAP system failed shortly before Christmas(some years ago). They were so dependant upon it that their ability to order stuff and manage inventory was pretty much non existent. So the store ended up looking like some kind of soviet grocery store where the only goods on the shelves were pretty much those that are managed by the distributors themselves; things like milk.
This grocery store hopefully has learned from this and now has some kind of manual backup plan where a store manager can actually phone in his orders and crudely manage the store's needs in the case of another serious computer outage.
The same with the grid. Ideally they set some sort of minimal functionality emergency plan whereby humans can crudely manage the system as opposed to a system that either works perfectly by computer or doesn't work at all.
But I worry far less about hackers and far more about system design failures and Carrington events.
A great example of this would be a local grocery store chain's SAP system failed shortly before Christmas(some years ago). They were so dependant upon it that their ability to order stuff and manage inventory was pretty much non existent. So the store ended up looking like some kind of soviet grocery store where the only goods on the shelves were pretty much those that are managed by the distributors themselves; things like milk.
This grocery store hopefully has learned from this and now has some kind of manual backup plan where a store manager can actually phone in his orders and crudely manage the store's needs in the case of another serious computer outage.
The same with the grid. Ideally they set some sort of minimal functionality emergency plan whereby humans can crudely manage the system as opposed to a system that either works perfectly by computer or doesn't work at all.
But I worry far less about hackers and far more about system design failures and Carrington events.