| Smart Grid Update e-newsletter |
SGIP Inaugural Meeting to Feature Draft "NIST Smart Grid Framework 3.0"
A preliminary draft of NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0 will be available online, beginning Friday, November 1. In the coming weeks, NIST will be gathering ideas and input from the smart grid community:
Another NIST document, the just-released Preliminary Cybersecurity Framework, will be the focus of a plenary panel at the SGIP meeting on Wednesday, November 6. The panel, moderated by NIST's Vicky Pillitteri, will discuss Executive Order 13536, "Improving Critical Infrastructure Cybersecurity." (See related article below.)
SGIP's Inaugural Annual Meeting, "Progress Through Collaboration," is open to the entire smart grid community. Smart grid stakeholders from all domains of the power energy ecosystem will be coming together and discussing the orchestration of the standards that critically impact, enhance, and accelerate the deployment of a smarter grid. The conference will encompass international industry perspectives on smart grid interoperability standards and related industry topics, such as cybersecurity, transactive energy, microgrids, the internet of things, and much more.
Keynote speakers will include:
Pre-conference tutorials and working group sessions will be held on Monday, November 4 and the morning of Tuesday, November 5.
NIST Seeks Public Input on Updated "NISTIR 7628: Smart Grid Cybersecurity Guidelines"
The National Institute of Standards and Technology (NIST) is requesting public comments on the first revision to its guidelines for secure implementation of smart grid technology. The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010. Members of the SGIP's Cybersecurity Working Group (CSWG, 2010-2012) and Smart Grid Cybersecurity Committee (SGCC, 2013- present) were largely responsible for helping draft this update.
During the past three years, use of smart grid technology has expanded dramatically, particularly the number of smart energy meters on homes, and technology and laws have progressed as well. These changes prompted NIST to update its document.
"Millions of smart meters are in use around the country now, and as the smart grid is implemented we have gained more knowledge that required minor tweaks to the existing document," says Tanya Brewer of NIST's Computer Security Division. "There also have been legislative changes in states such as California and Colorado concerning customer energy usage data, and we have made revisions to the volume on privacy based on the changing regulatory framework."
NISTIR 7628 remains a three-volume document geared mainly toward cybersecurity specialists. Vol. 1 contains mostly technical material for maintaining the security of the grid, including a reference architecture and high-level security requirements. Vol. 2 addresses privacy issues, containing a discussion of potential privacy issues in smart grid compared to other networked systems. Vol. 3 contains analyses and references that support the document's contents.
Brewer, who is the lead editor of the document, says most of the changes are minor additions to existing sections of NISTIR 7628, though there is a newly added section in Vol. 2 regarding privacy. While cybersecurity practitioners will most likely be its primary audience, Brewer says public utility commissioners, vendors, and researchers also will find the changes of interest.
The draft version of NISTIR 7628 Revision 1 can be found online. Comments will be accepted until December 24, and can be submitted using an Excel template available at the site. A Federal Register notice announcing the request for comments is available online.
NIST Releases "Preliminary Cybersecurity Framework," Plans Public Discussions in Response to Executive Order on "Improving Critical Infrastructure Cybersecurity"
On October 22, NIST released its Preliminary Cybersecurity Framework to help critical infrastructure owners and operators reduce cybersecurity risks in industries such as power generation, transportation, and telecommunications. Through a Federal Register Notice on October 29, NIST opened a 45-day public comment period, which will end on December 13. The final version of the Cybersecurity Framework is expected to be released in February 2014, as called for in Executive Order 13636, "Improving Critical Infrastructure Cybersecurity."
Throughout 2013, NIST's Information Technology Laboratory (ITL) has been working with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. Through a request for information and a series of workshops held throughout 2013, NIST has engaged with more than 3,000 individuals and organizations—including many from the smart grid community—on standards, best practices, and guidelines that can provide businesses, their suppliers, their customers, and government agencies with a shared set of expected protections for critical information and IT infrastructure.
"Thanks to a tremendous amount of industry input, the voluntary framework provides a flexible, dynamic approach to matching business needs with improving cybersecurity," said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher. "We encourage organizations to begin reviewing and testing the Preliminary Framework to better inform the version we plan to release in February."
To date, four public workshops have been held across the country, and a fifth workshop is planned for November 14-15, 2013 in Raleigh, NC. At this workshop, NIST will continue discussions on the implementation and future governance of the Cybersecurity Framework. The target audience for the workshop is those who have operational, managerial, and policy experience and responsibilities for cybersecurity, technology, and/or standards development for critical infrastructure companies. Registration information for the November 14-15 workshop is available online.
In addition, as mentioned in the first article in this newsletter, smart grid stakeholders attending the SGIP Inaugural Meeting will have the opportunity to attend a plenary panel discussion about the Cybersecurity Framework on Wednesday, November 6.
Articles from the NIST Smart Grid Team
Two articles authored by members of the NIST smart grid team were published in the October issue of electroindustry, the monthly magazine from the National Electrical Manufacturers Association (NEMA):
The October issue, which highlights the key role of standards in the electrical industry, is available online (http://www.nema.org/Communications/EI/Pages/Archive.aspx).
NIST and SGIP Highlighted in New Reports from DOE and FERC
Two reports, released this month by the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC), highlight recent smart grid progress, with specific mention of the positive role played by the National Institute of Standards and Technology and the Smart Grid Interoperability Panel.
SmartAmerica Challenge: Cyber-Physical Systems to be Focus of White House Workshop on December 12
The SmartAmerica Challenge is bringing together organizations with cyber-physical systems (CPS) technology, programs, and test beds to demonstrate the potential to improve safety, sustainability, efficiency, mobility, and overall quality of life. The purpose is to elevate awareness of the exciting opportunities possible through CPS and demonstrate what can be done today with cutting-edge communication technology.
A full-day SmartAmerica Workshop is planned for December 12 in Washington, DC, hosted by the White House and NIST. At this landmark event, participants from diverse sectors will come together, identify possible test bed collaborations, and work on practical approaches to making them a reality.
This is an open event, but space is very limited. To participate, applicants are required to submit a white paper detailing their CPS test bed functions, capabilities, and protocols and their willingness to participate. More details about the workshop—and how to participate—are available online.