Smart grid cyber security strategy draft under review

Tuesday, April 13, 2010 @ 06:04 PM gHale

The second draft of the Smart Grid Cyber Security Strategy and Requirements now identifies more than 120 interfaces that will link diverse devices, systems and organizations engaged in two-way flows of electricity and information and classifies these connections according to the level of damage that could result from a security breach.

The Commerce Department’s National Institute of Standards and Technology (NIST) is now reviewing the comments from the second draft and is preparing to release the final report in early summer.

The new draft report expands upon an earlier preliminary version, released by Commerce Secretary Gary Locke last September and underwent 60 days of public review. It incorporates responses to the more than 350 individual comments received. The draft came from the NIST-led Cyber Security Working Group, which has more than 350 members.[private]

The updated draft also includes new or more detailed technical inputs stemming from the working group’s continuing assessment of what must occur to ensure the security and reliability of the modernized power system and to protect the integrity and confidentiality of information exchanged during energy-related transactions on the Smart Grid.

The 300-page second draft of the Smart Grid cyber security document ended public review April 2. After reviewing the comments received and completing ongoing analyses of requirements and relevant standards, the working group will finalize the Smart Grid cyber security strategy and release it by early summer.

Compared with the initial version, the second draft contains expanded sections on privacy, vulnerability categories, analyses of the potential security issues, and the overall approach to achieving Smart Grid cyber security.

The new draft classifies Smart Grid interfaces according to the level of impact — or scale and scope of damage — that could result from a compromise in security. The goal is to establish security requirements for multiple logical interface categories of the Smart Grid. In all, the new draft identifies more than 120 interfaces that pertain to high-priority Smart Grid applications, including electric transportation, electric storage, advanced metering infrastructure, distribution grid management, energy management in homes and businesses, and grid management.

Under the Energy Independence and Security Act (EISA) of 2007, NIST will “coordinate the development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems.” EISA also established “modernization of the nation’s electricity transmission and distribution system” as a U.S. policy goal, and it emphasized the importance of maintaining the reliability and security of the electricity infrastructure.

To download the second draft, go to[/private]

Leave a Reply

You must be logged in to post a comment.