EnerNex has announced a smart grid-related cyber security document offering prescriptive, actionable guidance for utilities and vendors implementing synchrophasor technology. This is the latest deliverable in a series aimed at integrating cyber security best practices prior to product development, mass deployment and adoption of technologies for smart grid systems.
The Wide-Area Monitoring, Protection and Control (Synchrophasors) Security Profile (WAMPAC) is a product of the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) effort and addresses the security of functions involved in the use of synchrophasor data and applications for wide-area monitoring, protection, and control of electric power systems.
In January of this year, the Government Accountability Office (GAO) issued a report that found critical shortfalls in the proposed plans for modernizing the United States’ electricity grid. The report found six critical challenges to securing Smart Grid systems. The WAMPAC security profile addresses “the lack of security features being built into certain smart grid systems being deployed into the market;” ASAP-SG is an effort to get security integrated into solutions before mass production of smart grid solutions and gives “utilities [that] are focusing on regulatory compliance instead of comprehensive security” a means to tactically address security at the application level. The GAO report calls on the National Institute of Standards and Technology (NIST) to fully address gaps in its cyber security guidelines and fill in key missing elements. Synchrophasor security is one of the key elements identified to address by NIST as a result of the GAO’s findings.
As no utility guidance exists for WAMPAC, the security controls in this document are inspired by and intended to cover the application of technical requirements found in NIST Interagency Report (IR) 7628: Guidelines for Smart Grid Cyber Security to synchrophasor systems and technology.
While NIST IR 7628 serves as an industry-wide reference that a utility may use as a starting point to identify intersystem-level security requirements, this document provides the next level of detail by specifically addressing the use of synchrophasor technology and defining intrasystem-level security controls.
Bobby Brown, Director of Communication and Information Systems Security for EnerNex and project manager of ASAP-SG, stated: “Accelerating the development of key application security controls and guidance is vital to securing our nation’s electric grid. This effort has given the electric industry the greatly needed security kick-start necessary for deploying WAMPAC.”
EnerNex, along with the utilities of the Open Smart Grid Subcommittee of the UCA International Users Group in collaboration with the US Department of Energy (DOE), the Electric Power Research Institute (EPRI), and other interested parties, joined to form ASAP-SG which is aimed at accelerating the development of security requirements and standards for the electric utility industry. The project was created to be a utility-driven, public-private collaborative effort to develop recommendations and best practices for architecting, designing, acquiring, integrating, and operating smart grid systems. DOE is helping to support ASAP-SG by matching contributions from utilities dollar-for-dollar.
There is opportunity for all North American electric utilities to take advantage of DOE funding and the concerted effort of industry stakeholders to produce proper, timely, and cost-effective security best practices for Smart Grid. EnerNex, DOE and EPRI are looking for additional participants to ensure the widest range of requirements are addressed.