tag:blogger.com,1999:blog-422477430134849438.post8811132619469398306..comments2017-09-03T06:52:32.497-07:00Comments on Netragard's SNOsoft Research Team: Utility Companies and Food for ThoughtAdriel Desautelshttp://www.blogger.com/profile/16119732948300414743noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-422477430134849438.post-556853715166416232008-12-18T09:24:00.000-08:002008-12-18T09:24:00.000-08:00While a malicious attack is likely to have a much ...While a malicious attack is likely to have a much higher impact to critical infrastructure, it is my perception from anecdotal news that operator error is still a lot more common and still has a fairly high impact. Unless I'm wrong on that, it still makes sense to focus the greater amount of effort on systems to make simple mistakes less common and reduce their impact, rather than directing limited funding to preventing actual attacks. Many of the measures that utilities might take to reduce the impact of operator error would probably also reduce the impact of a malicious attack. Perhaps wider adoption of better risk assessment methodologies than what I currently see happening would answer this question better. The difficulty I see here is that risk assessment is not sufficiently emphasized in the current NERC CIPs and the utilities have their hands quite full trying to cover their regulatory risk.Anonymousnoreply@blogger.com