In May 2, 2006, the NERC board of trustees adopted the Critical Infrastructure Protection Cyber Security Standard. This article provides some answers to questions in the form of security program...
A Voice for Smart-Grid Security
Who will oversee the industry’s cyber standards?
The smart grid is starting to grow up. People are talking less about what it is and more about how to put it in place. The president has made the smart grid a priority, and suddenly the industry is moving in a gear it never knew it had.
However, sometimes growth is accompanied by growing pains. With the smart grid comes the need for cyber security; yet it remains to be seen how the industry will adapt and move forward. A singular authoritative voice might be essential in a domain where the weakest link breaks the chain.
Nevertheless, utilities, manufacturers, system integrators and others continue to find a way to get the job done through leadership, perseverance, and creativity.
While the government and industry choose a single voice, the chorus will carry the day. The successor might even find all the parts written, leaving only the need to lead the show.
Setting the Stage
The need for cyber security has become increasingly apparent over the course of the past year. Mounting political pressures, threatening adversaries, and escalating public anxieties have placed further demands on already accelerated efforts and primed the theater for a smart-grid security authority. The contenders are a disparate lot—from experienced players to savvy newcomers to industry naturals. Regardless, the stakes are high as the coming years will determine who is responsible for ensuring the appropriate level of security is built into the smart grid.
Whoever acquires this responsibility will have no shortage of issues to answer. A recent spate of eyebrow-raising publicity has managed to amplify an already elevated commotion around the importance of security for the smart grid. So who will ascend to this position as an industry prepares to spend untold fortunes on its next generation?
Several federal organizations are active in this space. Legislative bodies have discussed the concept of overarching authority (see sidebar, Congress Seizes Cyber-Sec) . The White House just announced a cyber czar position on May 29, 2009. Yet as of this writing, much of the responsibility lies in the hands of the states—specifically with the individual utility commissions. Will the industry find a way to self-regulate? Will a choice be made by a federal agency? Congress? The White House? It remains to be seen who, how, and even whether, the decision will be made with significant, long-term consequences on the line.
Meanwhile, utilities are leading the process. An uncertain outcome provides no excuse for stasis. The work still must be done, and the utility community is driving work forward to secure the smart grid.
In the middle of March