Second draft of Smart Grid security architecture released for public comment

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

The second draft of a Smart Grid security architecture expands on the earlier version released in September, with expanded sections on privacy, vulnerability categories, potential security issues, and an overall approach to Smart Grid cyber security.

A revised draft of a Smart Grid security architecture has been released for public comment, outlining how security requirements will be incorporated into the design of the nation’s next generation power distribution system.

“Smart Grid technologies will introduce millions of new intelligent components to the electric grid that communicate in a much more advanced ways (two-way, with open protocols) than in the past,” the interagency report released by the National Institute of Standards and Technology says. “Because of this, two areas that are critically important to get correct are Cyber Security and Privacy.”

NIST IR 7628, “Smart Grid Cyber Security Strategy and Requirements"

Smart Grid Interoperability Framework

CyberEye: A call for critical thinking about securing our power grid

NIST completes first release of Smart Grid framework

The second draft of NIST IR 7628, “Smart Grid Cyber Security Strategy and Requirements,” updates the overall Smart Grid security strategy and includes expanded sections on privacy, bottom-up analysis, and vulnerability class analysis sections. There also are new chapters on research and development themes and standards assessment as well as an overall functional logical Smart Grid architecture. NIST released the initial version of the report in September, and it quickly garnered more than 350 comments that the agency has addressed.

Comments on the current draft should be sent to cswgdraft2comments@nist.gov by April 2. A template for making comments is available online at NISTIR7628_comments_template_Feb-02-2010.doc.

The security plan is a critical part of the Smart Grid interoperability effort being spearheaded by the National Institute of Standards and Technology. It is being developed in conjunction with the Smart Grid Interoperability framework. NIST published the initial release of that in January. The 305-page security document, which includes a comprehensive set of security requirements, remains a work in progress and NIST expects to issue a completed report by early summer.

Development of cyber security strategy and requirements began with the establishment of a Cyber Security Coordination Task Group led by NIST and now contains more than 350 participants from the private sector (including vendors and service providers), academia, regulatory organizations, and federal agencies.

The Energy Independence and Security Act of 2007 established the Smart Grid program. The law also mandated that security be built into the system that would use intelligent networking and automation to better control the flow and delivery of electricity to consumers. This would require a two-way flow of electricity and information between the power plant and the end user, and to points in between. Security requirements are being developed using a high-level risk assessment process and are recognized as critical in all of the priority action plans discussed in the “Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0,” (NIST Special Publication 1108).

NIST will develop Smart Grid security requirements for specific domains, business and mission functions and interfaces, as well as for the overall grid. But they are being developed at a high level and will not be spelled out for specific systems or components because of the impossible complexity of that job. The security requirements and architecture will address not only deliberate attacks, but errors, failures and natural disasters that also could destabilize the grid.

The security architecture being developed will identify interfaces between functional domains of the new grid, and categorize them according to the criticality of their data accuracy and availability. The constraints, issues and impacts of breaches at these interfaces will be considered for each category, and security requirements will be developed. The current report identifies more than 120 interfaces that will link diverse devices, systems, and organizations that will be engaged in two-way flows of electricity and information and classifies these connections according to the risks posed by a potential security breach.

Key updates in the current draft of IR 7628 include:

  • Functional Architecture Development. The functional logical architecture represents the initial set of use cases and requirements from workshops and the initial NIST Smart Grid Interoperability Roadmap. This functional logical architecture focuses on a short-term view of one to five years.
  • Bottom-up Assessment. This includes additional cybersecurity problems, a new section on design considerations, and moved and revised some subsections previously in "Non-Specific Cyber Security Issues" to the new "Design Considerations" section.
  • Privacy. The focus of the Privacy sub-group has been on what data might be collected or created that could include personal information, how this information might be exploited, and policies and practices to identify and mitigate risks.
  • Standards. The new Standards sub-group added a chapter on standards and characteristics that apply to cybersecurity for the Smart Grid. The DHS catalogue was used as an initial source to develop these tables.
  • Research and Development. The R & D sub-group is another new sub-group that added a chapter on “Research and Development Themes for Cyber Security in the Smart Grid.” The chapter identifies five issues requiring immediate research and development: device level, novel mechanisms, systems level, networking issues, and other security issues in the Smart Grid context.
  • Vulnerability Class Analysis. An introduction was added to each of the major categories with clarifying descriptions for the section, and a brief discussion of the intent of the section.

“This is very important, transformational work for the electric industry,” the report states, “and it is critically important for all stakeholders to be actively engaged to ensure we get interoperability standards that achieve the most potential from Smart Grid technologies without negatively impacting the reliability of the proven technologies we depend on today.”

NEXT STORY: Cognitive radios would give future warfighters upper hand

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.