NIST Smart Grid and Cyber-Physical Systems Newsletter - November 2020

• Global City Teams Challenge News
• NIST Publications Offer Ways to Integrate Simulators with High Level Architecture to Test Internet of Things
• NIST Staff Briefs Army Task Force, FDNY on Cyber-Physical Security for Cyberspace Operations in Dense Urban Incidents
• NIST's Dave Wollman Explains Concept of Smart Grid Interoperability in NARUC Video

Global City Teams Challenge News

Now Online: A Glimpse of Future Urban Life – Smart Buildings Blueprint
 
The Global City Teams Challenge’s (GCTC’s) Smart Buildings Super Cluster has published Smart Buildings: A Foundation for Safe, Healthy & Resilient Cities, a report that details the design of smart buildings and their relationship to smart cities.
In the August 2020 report, a smart building is described as one that interoperates and integrates systems, technologies and infrastructures to optimize its performance and occupant experiences, serving the needs of its stakeholders in real time. Using data and artificial intelligence, such smart buildings could automatically adjust lighting, temperatures, and communications for user needs. They also could make maintenance more efficient, lower operating costs, and reduce greenhouse emissions.
The report characterized smart buildings as building blocks for smart cities, enabling manageable smart city development aligned to needs and priorities. Smart buildings also can enable smart city services and connect occupants to them, including emerging service concepts such as:

• Transactive energy allowing smart grid customers to market energy they generate;
• Cargo delivery by autonomous air and ground vehicles;
• Automated management of waste materials; and
• Automated water management and conservation.

Back to top

Released: Smart Cities Guidebook for Managing Ransomware Risks
 
The GCTC published A Starting Point for Smart Cities and Communities on Managing Ransomware Risk, May 2020. The guidebook notes that since 2018, the local governments in Atlanta, Baltimore, 22 Texas towns and multiple cities in Florida have experienced ransomware attacks.

Ransomware attacks are an even greater concern for smart cities and communities, which generate, collect, and analyze data for increased digitization and automation. The GCTC's guidebook provides considerations and references for smart cities management of ransomware risks, focusing on three key elements.

Planning and developing processes for responding to ransomware attacks: These processes should include continuity of operations, managing supply chain risks, cyber insurance, and recovery from attacks.

Developing technical controls for combating ransomware: Such controls must be based on the needs of the risk management process. The controls should be assessed for compatibility with a technologically diverse smart city and for effectiveness against the risk.

Education and Training: These should enable awareness among leadership, employees, and constituents, as well as, provide procedures for those operating Smart City systems.

Back to top

Published: Guidance to Help Smart Cities Identify Threats to Supply Chains
 
In 2019, some 56 percent of organizations suffered a data breach attributed to a vendor's lack of security, a 78 percent increase from 2018. That's according to a Ponemon Institute report cited in the GCTC Cybersecurity and Privacy Advisory Committee's Guidance for Smart Cities and Municipalities Cyber Supply Chain Risk Management, issued July 19, 2020. The Guidance is intended to help smart cities respond to this growing threat, by providing recommended measures that could help better ensure non-government suppliers safeguard networks and sensitive information. The security measures are based on legal, regulatory, and industry compliance guidelines designed to support traditional government activities.

Recommendations include smart city acquisition officials knowing whether vendors can technically limit information systems access to only authorized users. The Guidance also recommends determining if vendors have measures to secure sensitive information, like citizens' credit card data and vehicle registration beyond just taking cyber network security measures. Additionally, the Guidance recommends knowing a vendor's plans for incident response and risk mitigation management.

Back To Top

Utility SuperCuster Meets Virtually – "Smarter Cities with Smart Grid"
 
The GCTC Utility SuperCluster gathered virtually, on September 8, 2020, and was chaired by Pete Tseronis SuperCluster Chairperson, with presenters Paula Gold-Williams, CEO of CPS Energy, and Juan Torres of the National Renewable Energy Laboratory.

Tseronis noted that we are trending toward "smarter cities with smart grids." Moreover, as Gold-Williams explained, we are living through an evolution, maybe even a revolution, and that the question is how do we change to better serve? Gold-Williams said that the answer lies with industry, partnering with people and organizations, rather than guessing, and enabling change through pilots. Ultimately, successful change rests on six pillars: reliability, resilience, safety, security, affordability, and environmental responsibility.

Torres addressed smart grid trends, which are similar to those reported in NIST's Draft Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0. Torres explained that we are seeing devices on the grid that are increasing in numbers, variability of types, and variability of sizes, and that research and collective efforts are needed to address these trends.

Back To Top

NIST Publications Offer Ways to Integrate Simulators with High Level Architecture to Test Internet of Things
 

Smart grid, smart cities, smart transport and other smart systems are improving our lives. These are cyber-physical systems – or the Internet of Things (IoT) – each an interconnected system-of-systems. However, in developing them, it is not practical to assess CPS and IoT systems by building and testing a prototype, because they are too widely distributed and complex. Such evaluations greatly depend on "co-simulation" – using multiple collaborating simulations, each modeling a system within this system-of-systems. The challenge is linking them together to produce a common and useable output, as these simulations often are not designed to work together.

NIST researchers proposed an approach in two recent publications:   

• Integrating a Network Simulator with the High Level Architecture for the Co-Simulation of Cyber-Physical Systems, published in the 2020 Simulation Innovation Workshop proceedings; and
• The UCEF Approach to Tool Integration for HLA Co-Simulations, published in the 2020 IEEE Workshop on Design Automation for CPS and IoT (DESTION)

NIST developed the "Universal CPS Environment for Federation" (UCEF) software platform, allowing different simulators, or "federates," to be incorporated into a "federation." UCEF can generate a common code for this federation, enabling simulation via High Level Architecture, the IEEE standard for distributed simulation. The results allow developers to more easily develop test methods to assess a system-of-systems. NIST researchers reported two methods for integrating UCEF simulations via High Level Architecture: a Java library and a Representational State Transfer Application Programming Interface. NIST used the methods to integrate several smart grid simulators into UCEF.

Back To Top 

NIST Staff Briefs Army Task Force, FDNY on Cyber-Physical Security for Cyberspace Operations in Dense Urban Incidents
 

NIST's Ed Griffor presented on cyber-physical security in dense urban terrain to the U.S. Army's Task Force 46 and senior leaders in the New York City Fire Department. The presentation was part of a September 23, 2020 virtual meeting to improve interagency responses to chemical, biological, radiological, or nuclear attacks on the U.S. homeland. Griffor noted that critical infrastructure and incident responses are increasingly dependent on ever-widening cyber-physical systems, or Internet of Things. Griffor explained their cyber connectivity and functioning as related in NIST's Cyber-Physical Systems Framework. He also pointed out how to analyze the dependencies between cyber, physical, and human components to achieve trusted operations. Additionally, Griffor provided examples of the use of this analysis in incident responses, and the challenges to cyber-physical systems and their potential safeguards.   

Back To Top

NIST's Dave Wollman Explains Concept of Smart Grid Interoperability in NARUC Video

The National Association of Regulatory Utility Commissioners (NARUC) recently posted several new learning module videos on its website, including three videos featuring NIST’s Dave Wollman, on topics such as "What is Interoperability?" 

Interoperability from a practical perspective is achieved when things work well together, explained NIST's Dave Wollman, and it is more than two devices interacting in isolation. Everything must work well together – devices, systems, and people. Interoperability means actionable information moves to where it is needed. The points where two devices interact – or interface – enable that communication. And such interfaces must allow needed upgrades and modifications, without great effort.

Interoperability demands a holistic engineering approach, said Wollman. The resulting architecture and systems must enable coherent operations, and the ability to adjust and evolve. In separate videos, Wollman provided additional information on standards, profiles, and testing and certification, and examples of standards development and adoption, including Green Button.

Back to Top