August 8, 2011 – George W. Arnold, the National Coordinator for Smart Grid Interoperability at NIST, said in a recent paper published by the Institute of Electrical and Electronics Engineers (IEEE), that there are currently more than 20 technical standards development organizations working on smart grid. Adding to the confusion are the cross-border requirements to interoperate with Canada and Mexico, and the attempt to engage hundreds of technology companies and governments around the world, including Europe, Japan and China.
Despite all the potential security and privacy issues that could arise from smart grid rollouts, the US continues to wrestle with the notion of central accountability for securing the grid.
Members of Congress have introduced competing legislation, with some favoring DHS and others arguing authority should fall to the Federal Energy Regulatory Commission (FERC). Confusing matters further is an effort by the Department of Energy to form a so-called Advanced Metering Infrastructure Security Task Force with 11 utility companies.
Sindhu said regional level committees established by the North American Electric Reliability Corporation (NERC) have been focusing largely on compliance for the transmission of bulk electricity.
"But what is different here is that smart grid focuses on the distribution side of the grid," he said. "So whatever NERC mandates will still focus on bulk transmission, leaving local distribution without any legislation or regulation."
But the question of who has jurisdiction remains up for debate.
"FERC has no jurisdiction over distribution and NERC has no jurisdiction," said Hayden. " The only real jurisdiction over the distribution level is nominally the public utility commission [at the local level]."
So far, the efforts by both NIST and FERC have come into question. In a January 2011 report by the Government Accountability Office (GAO), the investigative arm of Congress, investigators criticized both NIST and FERC for dropping the ball on security.
While NIST had failed in its guidelines to address physical and cyber attack risks to the smart grid, the FERC continues to lack enforcement authority and "has not…coordinated with other regulators to monitor whether industry is following the voluntary smart grid standards it adopts," the GAO concluded.