After 17 months of public reviews and workshops, the National Institute of Standards and Technology (NIST) has issued Guidelines for Smart Grid Cyber Security. According to the NIST, the report includes “security requirements, a framework for assessing risks, an evaluation of privacy issues at personal residences, and additional information for businesses and organizations to use as they craft strategies to protect the modernizing power grid from attacks, malicious code, cascading errors, and other threats.”

The three-volume set of guidelines was prepared to facilitate the development of industry-specific Smart Grid security strategies.

United States Commerce Secretary Gary Locke says, “As we modernize the nation’s electric infrastructure to make it smarter, more efficient, and more capable, we need to make it more secure from end to end. These new cyber security guidelines will help government and industry meet this important responsibility.”

United States Energy Secretary Steven Chu adds, “The development of common Smart Grid standards is a national priority, and these cyber security guidelines are an important step toward that goal. If we are to truly modernize our electrical grid, we must have electricity producers, distributors and consumers all speaking the same language and all working together to make our grid more secure. Cyber security is an integral part of the grid.”

The guidelines were prepared by the Cyber Security Working Group (CSWG) of the Smart Grid Interoperability Panel which was launched by NIST with funding from the Department of Energy. The new guidelines expand on the cyber security overview contained in the Group’s January 2010 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0.

George Arnold, NIST’s national coordinator for Smart Grid interoperability, explains that the advisory guidelines “are a starting point for the sustained national effort that will be required to build a safe, secure and reliable Smart Grid. They provide a technical foundation for utilities, hardware and software manufacturers, energy management service providers, and others to build upon. Each organization’s implementation of cyber security requirements should evolve as technology advances and new threats to grid security arise.”

In all, the report details 189 high-level security requirements applicable either to the entire Smart Grid or to particular parts of the grid and associated interface categories. The new report also includes a description of the risk assessment process used to identify the requirements; a discussion of technical cryptographic and key management issues; and recommendations for addressing privacy risks.

All three volumes of Guidelines for Smart Grid Cyber Security (NISTIR 7628) can be downloaded at: http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7628.

© smartmeters.com. No Reproduction without permission.