I have worked in critical infrastructure and am familiar with SCADA systems. US power infrastructure is relatively distributed and privatized, rendering cybersecurity collaboration and compliance efforts difficult. There are no shortcuts to security. Redundancy is costly, and is no guarantee against attack. If threat actors have already infested systems to await a day of reckoning, there is not too much one could do about that. Our only hope is to create and deploy systems that are robust by construction, but that too ends up being costly, so companies end up following the path of least impedance. If anyone wants to make a dent on this problem, it would be through cheaper access to secure designs, such that even the poorest of companies can get some basic assurance. For instance, GE and Siemens are the largest controller providers for the power grid. How about an open source industrial controller to rival their capabilities?
I love this idea. I think working in power infrastructure (or network infrastructure) in future, following the principles you describe would be really meaningful! I hope to one day make a dent in that!! :) haha :)
In the meantime, maybe government regulation could enforce creation of some amount of secure capacity. And DARPA should really be behind R&D for resilient stock.
