Expanded smart grid cyber security strategy and requirements released


Gaithersburg, MD, U.S.A. — (METERING.COM) — February 4, 2010 – The United States National Institute of Standards and Technology (NIST) has issued the second draft of its “Smart Grid Cyber Security Strategy and Requirements” identifying more than 120 interfaces that will link diverse devices, systems, and organizations engaged in two-way flows of electricity and information.

This new draft, which incorporates responses to more than 350 comments submitted on the first draft, also classifies these connections according to the risks posed by a potential security breach.

The report says the overall cyber security strategy for the smart grid examines both domain-specific and common requirements when developing a mitigation strategy to ensure interoperability of solutions across different parts of the infrastructure. The primary goal of the cyber security strategy should be on prevention. However, it also requires that a response and recovery strategy be developed in the event of a cyber attack on the electric system.

The implementation of a cyber security strategy requires the definition and implementation of an overall cyber security risk assessment process for the smart grid. This is followed by selecting and tailoring (as necessary) the security requirements. The final step, which will be initiated in the spring, is to develop a conformity assessment program for security requirements. This program will be coordinated with the activities defined by the testing and certification standing committee of the Smart Grid Interoperability Panel.

The first part of the document presents an overall functional logical architecture of the smart grid, including all the major domains: service providers, customer, transmission, distribution, bulk generation, markets and operations that are part of the NIST conceptual model. This is followed by discussions on high level security requirements and on privacy and the smart grid, with a focus on what data may be collected or created that can reveal information about individuals or activities within specific premises (both residential and commercial), how these different types of information may be exploited, and policies and practices to identify and mitigate risks.

A list of 67 standards that have been identified so far as relevant to cyber security in the smart grid follows, and the final section identifies various research and development themes for smart grid cyber security. Cyber security is one of the key technical areas where the state of the art falls short of meeting the envisioned functional, reliability, and scalability requirements of the smart grid, the report says, adding that in order to develop and refine the modeling and systems necessary for much of this proposed research, there would also be a need for developing new grid simulation capabilities.

This new report is subject to public review, which will close on April 2. After reviewing the comments received and completing ongoing analyses of requirements and relevant standards, the working group will finalize the smart grid cyber security strategy, with the final report expected by early summer.

The report was developed by the more than 360-member Smart Grid Interoperability Panel-Cyber Security Working Group chaired by NIST senior cyber security strategist, Annabelle Lee.