The Advanced Metering Infrastructure Security (AMI-SEC) Task Force has released the AMI System Security Requirements, a first-of-its-kind for the utility industry that will help utilities procure and implement secure components and systems using a common set of security requirements.
The utility industry recognizes that AMI changes the face of traditional utility security by extending two-way communications all the way to the customer premise. This groundbreaking requirements document will provide needed guidance to utilities in addressing the security challenges of this new and rapidly expanding domain.
“As our nation’s utilities quickly work to implement innovative Smart Grid technologies, it is critical that we work together to ensure cyber security is built in from the beginning,” said Hank Kenchington, deputy assistant secretary for R&D in the Department of Energy’s Office of Electricity Delivery and Energy Reliability. “Building not only a Smart Grid but a secure grid is a priority for the Department of Energy.” DOE has the responsibility to coordinate the federal government’s activities in Smart Grid technologies and is working with the National Institute of Standards, the Federal Energy Regulatory Corporation and private sector stakeholders to develop a framework for smart grid interoperability standards including cyber security.
Building on collaborative efforts to standardize other aspects of AMI, 11 leading utilities joined together with the Department of Energy to standardize a set of security requirements.
“This newly developed set of requirements and guidelines is the first and only set tailored for utilities and vendors to help make procurement decisions and choices for security components in their AMI systems,” said Paul De Martini, vice president of advanced technology for Southern California Edison.
The AMI-SEC Task Force developed the requirements by consulting commonly accepted practices in both industry and government. Member utilities of the task force unanimously voted to approve the AMI System Security Requirements document in December 2008.
“The AMI System Security Requirements represents a landmark for the entire utility industry and sets the bar for the security of Smart Grid systems, especially Advanced Metering Infrastructure,” said Wayne Longcore, director of enterprise architecture and standards for Consumers Energy, a major Michigan electric and natural gas utility.
Task members conducted and compiled research for this project between May and December 2008. The AMI System Security Requirements document may be found online at http://osgug.ucaiug.org/utilisec/amisec.
The AMI-SEC Task Force, a part of the Utility Communications Architecture International Users Group (UCAIug), was established to define common requirements and produce standardized specifications for securing AMI system elements.
This living document was made possible through substantial funding by a group of North America’s largest utilities in a public-private collaborative with the Department of Energy. The project leveraged dedicated domain expert resources from Consumers Energy, Southern California Edison, EnerNex Corp., Inguardians Inc., Idaho National Laboratory, Oak Ridge National Laboratory and the Software Engineering Institute at Carnegie Mellon University.
The utility-driven AMI-SEC Task Force is made up of utility engineers, security domain experts, standards body representatives and industry-leading vendors. The UCAIug enables utility integration through the deployment of open standards and provides a forum for utility stakeholders to work together as members of a common organization.
Utilities contributing to this effort include American Electric Power, Austin Energy, BC Hydro, Consumers Energy, Dominion, Duke Energy, Kansas City Power & Light, Oncor, Pacific Gas & Electric, San Diego Gas & Electric and Southern California Edison.