The National Institute of
Standards and Technology (NIST) has issued the second draft of its Smart
Grid Cyber Security Strategy and Requirements, which now identifies
more than 120 interfaces that will link diverse devices, systems and
organizations engaged in two-way flows of electricity and information
and classifies these connections according to the level of damage that
could result from a security breach.
Prepared by the NIST-led Cyber Security Working Group,
the new draft report expands upon an earlier preliminary version, which
was released last September and underwent 60 days of public review. It
incorporates responses to the more than 350 individual comments
received.
The updated draft also includes new or more detailed
technical inputs stemming from the working group’s continuing assessment
of what will be required to ensure the security and reliability of the
entire modernized power system and protect the integrity and
confidentiality of information exchanged during energy-related
transactions on the Smart Grid.
The 300-page second draft of the Smart Grid cyber
security document also will undergo public review, ending on April 2,
2010. After reviewing the comments received and completing ongoing
analyses of requirements and relevant standards, the working group will
finalize the Smart Grid cyber security strategy. NIST expects to issue a
completed report by early summer.
Compared with the initial version, the draft cyber
security report issued today contains significantly expanded sections on
privacy, vulnerability categories, analyses of the potential security
issues, and the overall approach to achieving Smart Grid cyber security.
The 120 interfaces identified in the report pertain to high-priority
Smart Grid applications, including electric transportation, electric
storage, advanced metering infrastructure, distribution grid management,
energy management in homes and businesses and grid management.
Smart Grid Cyber Security Strategy and Requirements
(Draft NISTIR 7628) is a companion document to the NIST Framework and
Roadmap for Smart Grid Interoperability Standards, Release 1.0 (NIST SP
1108), which NIST issued on Jan. 19, 2010. The framework and roadmap
report describes a high-level conceptual reference model for the Smart
Grid, identifies 75 existing standards that are applicable (or likely to
be applicable) to the ongoing development of an interoperable Smart
Grid, and specifies a set of high-priority standards-related gaps and
issues (in addition to cyber security).
Continuing work by the cyber security working group is
carried out cooperatively under the umbrella of the Smart Grid
Interoperability Panel (SGIP). NIST launched the panel in mid-November
as a collaborative means for private and public sector stakeholders to
provide input to the process. For more information, see the NIST Feb. 3
release “NIST
Issues Expanded Draft of Smart Grid Cyber Security Strategy For Public
Review and Comment.” [www.nist.gov/public_affairs/releases/smartgrid_020310.html]
To download the second draft, go to www.nist.gov/smartgrid/.
To learn more about the SGIP, go to http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid.SGIP
Media Contact: Mark Bello, mark.bello@nist.gov, (301)
975-3776
