The Commerce Department’s National Institute of Standards and Technology (NIST) has issued the second draft of its Smart Grid Cyber Security Strategy and Requirements, which now identifies more than 120 interfaces that will link diverse devices, systems, and organizations engaged in two-way flows of electricity and information and classifies these connections according to the risks posed by a potential security breach.
The new draft report expands on an earlier version, which was released by Commerce Secretary Gary Locke last September and underwent 60 days of public review. It incorporates responses to the more than 350 individual comments received.
The updated draft also includes new or more detailed technical inputs stemming from continuing assessments of what will be required to ensure the security and reliability of the entire modernized power system and to protect the integrity and confidentiality of information exchanged during energy-related transactions on the smart grid.
Compared to the initial version, the draft cyber security report contains significantly expanded sections on privacy, vulnerability categories, analyses of the potential security issues, and the overall approach to achieving Smart Grid cyber security. It also will undergo public review, ending on April 2, 2010. After reviewing the comments received and completing ongoing analyses of requirements and relevant standards, the working group will finalize the Smart Grid cyber security strategy. NIST expects to issue a completed report by early summer.
The draft report is a companion document to the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 (NIST SP 1108), which NIST issued on Jan. 19, 2010.