Objective: To develop the measurement science needed to advance the development and standardization of cybersecurity, including privacy, policies, measures, procedures, and resiliency, in the smart electric grid.
What is the new technical idea? As a result of deployment of new smart grid technologies, the electric power industry is faced with new and changing cybersecurity threats, vulnerabilities, and the need for requirements applicable to the smart grid, both broadly and in specific areas such as applied cryptography, and cybersecurity for microgrids. The new technical idea is to adapt existing cybersecurity best practice methodologies and tools and to understand how to apply them in the electric sector, while identifying gaps and unique requirements for the grid that require new methodologies and tools. NIST will address these challenges through research conducted in the NIST Smart Grid Testbed facility, leading the Smart Grid Interoperability Panel (SGIP) Cybersecurity Committee (SGCC) to evaluate of cybersecurity policies and measures in industry standards, and develop relevant guidance documents for the smart grid cybersecurity community.
What is the research plan? The research plan is to conduct research that will enable the development of industry standards and guidance in order to successfully implement secure Smart Grid technologies, including through the following:
- Technology Transfer – Technical leadership of the SGCC: Providing cybersecurity expertise, technical leadership, and oversight required to manage the SGCC.
- Technology Transfer – Review identified standards and Smart Grid interoperability requirements against the high-level security requirements in NIST Interagency Report (IR) 7628, Guidelines for Smart Grid Cyber Security to identify any cybersecurity gaps and provide recommendations for further work to mitigate gaps.
- Technology Transfer – Collaboration with CEN-CENELEC-ETSI Smart Grid Coordination Group (SG-CG) Smart Grid Information Security (SG-IS): Collaborate with the European Union’s SG-CG SG-IS to develop a white paper on the relationship between the SG-IS Security Levels and NIST Interagency Report 7628 Rev. 1, Guidelines for Smart Grid Cybersecurity.
- Technology Transfer – Cybersecurity Frameworks Case Study: Work with utilities to develop a case study on how different voluntary cybersecurity guidance frameworks (e.g., Cybersecurity Capability Maturity Model, Framework for Improving Critical Infrastructure Cybersecurity, NISTIR 7628) are implemented. The case study will highlight different methodologies for implementing the frameworks, goals, results, benefits, and lessons learned. Contribute to the SGIP Open Field Message Bus (FMB) Project by identifying cybersecurity recommendations for the Distributed Intelligence Platform.
- Fundamental and Applied Research – Cybersecurity Smart Grid Testbed: Collaborate with ITL Software and Systems Division on cybersecurity related research in relation to the IEEE 1588 standard on time synchronization. Conduct research on smart grid applications of cryptography for constrained environments and delayed authentication. Conduct research on providing cybersecurity for legacy systems.
1 The National Institute of Standards and Technology(NIST) established the Smart Grid Interoperability Panel (SGIP) SGCC in supportof the Energy Independence and Security Act of 2007 to address thecross-cutting issue of cybersecurity. The primary goal of the SGCC is to develop a cybersecurity riskmanagement strategy for the Smart Grid to enable secure interoperability ofsolutions across different domains and components.