It was time to make some changes. After all, cyber attackers don’t follow any rules, so it is good to advance guidelines every once in a while.
That is exactly what the National Institute of Standards and Technology (NIST) is doing as they are requesting public comments on the first revision to its guidelines for secure implementation of smart grid technology.
The draft document, NIST Interagency Report (IR) 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010.
Members of the SGIP’s Cybersecurity Working Group (CSWG, 2010-2012) and Smart Grid Cybersecurity Committee (SGCC, 2013- present) were largely responsible for helping draft this update.
During the past three years, use of smart grid technology has expanded dramatically, particularly in the number of smart energy meters on homes, and technology and laws have progressed as well. These changes prompted NIST to update its document.
“Millions of smart meters are in use around the country now, and as the smart grid is implemented we have gained more knowledge that required minor tweaks to the existing document,” said Tanya Brewer of NIST’s Computer Security Division. “There also have been legislative changes in states such as California and Colorado concerning customer energy usage data, and we have made revisions to the volume on privacy based on the changing regulatory framework.”
NISTIR 7628 remains a three-volume document geared mainly toward cyber security specialists. Vol. 1 contains mostly technical material for maintaining the security of the grid, including a reference architecture and high-level security requirements. Vol. 2 addresses privacy issues, containing a discussion of potential privacy issues in smart grid compared to other networked systems. Vol. 3 contains analyses and references that support the document’s contents.
Brewer, who is the lead editor of the document, said most of the changes are minor additions to existing sections of NISTIR 7628, though there is a newly added section in Vol. 2 regarding privacy. While cyber security practitioners will most likely be its primary audience, Brewer said public utility commissioners, vendors, and researchers also will find the changes of interest.
Click here to view the draft version of NISTIR 7628 Revision 1. NIST will accept comments until December 24, and you can submit them in an Excel template available at the site.