Objective: To advance the development and standardization of cybersecurity, including privacy, policies, measures, procedures, and resiliency in the electric smart grid by 2016.
What is the new technical idea? As a result of deployment of new smart grid technologies, the electric power industry is faced with new and changing threats, vulnerabilities, and requirements for the smart grid in general and in specific areas such as privacy, smart grid architecture, and Advanced Metering Infrastructure (AMI). Efforts to address similar issues have been underway in other sectors, such as banking, federal systems, defense networks, and industrial control systems. The new technical idea is to adapt existing cybersecurity best practice methodologies and tools and to understand how to apply them in the electric sector, while identifying gaps and unique requirements for the grid that require new methodologies and tools. The SGIP Smart Grid Cybersecurity Committee (SGCC)1 will address these challenges through collaborations with federal agencies, academia, and industry, through the evaluation of cybersecurity policies and measures in industry standards, and through the development of guidance documents.
What is the research plan? To conduct research that will enable the development of industry standards and guidance in order to successfully implement secure Smart Grid technologies.
- Technical leadership of the SGCC: Providing cybersecurity expertise, technical leadership, and oversight required to manage the SGCC.
- Review identified standards and Smart Grid interoperability requirements against the high-level security requirements in NIST Interagency Report (IR) 7628 Revision 1, Guidelines for Smart Grid Cyber Security to identify any cybersecurity gaps and provide recommendations for further work to mitigate gaps.
- Lead in the area of AMI cybersecurity: Collaborate with SGIP, Electric Power Research Institute (EPRI), American National Standards Institute (ANSI), and others to develop cybersecurity requirements for inclusion in ANSI C12.19, Utility Industry End Device Data Tables. Collaborate with Brazil's National Institute of Metrology, Quality and Technology (Inmetro) on their AMI security requirements project.
- Secure Content Automation Protocol (SCAP) extension to cover Smart Grid systems: Research the Department of Energy (DOE)/EPRI Lemnos project for Secure Content Automation Protocol (SCAP) applicability which would provide a standardized, measurable, automated method of continuous monitoring for smart grid components, increasing efficiency and accuracy, reducing costs of secure implementations, and improving capability and interoperability in implementations.
- Cybersecurity Smart Grid Test Lab: Coordinate with EL on the development of a Cybersecurity Smart Grid Test Lab. Collaborate with ITL Software and Systems Division on cybersecurity related tests in relation to the IEEE 1588 standard on time synchronization.
- Participate in the National Cybersecurity Center of Excellence Electricity Sector use case. Leverage the use case for further testing and measurement within the Cybersecurity Smart Grid Test Lab.
- Further development and refinement of specific smart grid areas – security architecture, privacy, and cloud services.
- Supply Chain Awareness Guide: Collaborate with DOE, Federal Energy Regulatory Commission (FERC), Department of Homeland Security (DHS), and SGCC members to develop a smart grid supply chain awareness guide directed at electricity sector executives.
1 The National Institute of Standards and Technology(NIST) established the Smart Grid Interoperability Panel (SGIP) SGCC in supportof the Energy Independence and Security Act of 2007 to address thecross-cutting issue of cybersecurity. The primary goal of the SGCC is to develop a cybersecurity riskmanagement strategy for the Smart Grid to enable secure interoperability ofsolutions across different domains and components.