The National Institute of Standards and Technology (NIST) this month announced the release of Guidelines for Smart Grid Cyber Security, a voluminous set of documents written to help organizations form their own cyber-security strategies for threat detection, prevention and data recovery on the smart grid.
U.S. Commerce Secretary Gary Locke said in a statement that the smart grid needs to be secured end to end as the nation’s electric infrastructure is modernized. His comments were echoed by U.S. Energy Secretary Steven Chu, who said that the development of common smart grid standards is a national priority, and that the guidelines are an important first step.
The cyber-security standards for smart grid were developed so that electricity producers, distributors and consumers will be speaking the same language, officials said.
Digital technology in the smart grid measures and distributes the delivery of electricity to consumers and has the potential to reduce energy use and costs for consumers as it’s deployed in more areas of the country. But security experts say the new network will offer new avenues for criminals to infiltrate, corrupt and steal data.
The guidelines released in September make for hefty reading — a three-volume set comprising more than 500 pages. The guidelines came from the Cyber Security Working Group, a 450-member group of the smart grid interoperability panel, with participants from academia and public and private sectors. The guidelines expand upon those put out in January in the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0.
George Arnold, NIST’s national coordinator for smart grid interoperability, said that the guidelines provide a foundation for utilities, hardware and software manufacturers and others to build upon. The guidelines stress creating multiple levels, or layers, of security.
The guidelines delineate 137 points of data exchange or other interactions within or between smart grid and related systems, which are assigned into one or more of 22 categories. The guidelines include recommendations for addressing privacy risks, handling management issues when it comes to systems and devices, and 189 high-level security requirements applicable to the smart grid network.