Bad news from the front lines in the cyber-security war: Little meaningful progress has been made toward safeguarding the nation’s electric grid from malicious attacks. Initial cyber-security...
Securing Tomorrow's Grid (Part II)
Public-private collaboration to protect our infrastructure.
can be implemented in the future deployment life cycle.
Specifically, recipients must be able to illustrate the ability to accomplish these objectives: maintain capability for timely detection and response; mitigate the consequences of a cyber event; correct exploited vulnerabilities; and restore affected systems, networks, and equipment.
DOE asks recipients to map each objective across the project life cycle and show plans for how each objective will be addressed along the way. DOE encourages recipients to draw upon methods using NIST Interagency Report 7628: Guidelines for Smart Grid Cyber Security , ASAP-SG Security Profiles, and the suite of national and international standards and specifications. By doing so, recipients avoid the need to re-engineer security requirements from the ground up, while aligning themselves with industry best practices, and providing DOE and other stakeholders with a strong basis for project evaluation.
To help project leaders develop and implement their cyber security plans, DOE created a website— www.arrasmartgridcyber.net—that aids participants in sharing best practices. The DOE is producing a set of outreach webinars to engage project recipients. The first of these webinars was presented in February 2011, and DOE expects to perform several more throughout the duration of the project to guide projects as they mature. The webinars aim to provide tangible guidance in applying this framework to real-world projects to implement best-practice cyber security measures.
Securing the Future
Integrating information technology and digital communications systems is essential to building the smart grid and realizing its benefits. New technologies, components, capabilities, and stakeholders will deliver untold operational advances and help the electricity industry manage a variety of new risks—but only if industry designs security into new components and integrates them safely with legacy systems.
The increasing complexity, scale, and interconnectedness of the North American electricity system make its protection and resilience a shared public-private responsibility. This is a key principle of a new report, A Policy Framework for a 21st Century Grid: Enabling Our Secure Energy Future ,5 issued by the President’s National Science and Technology Council. It recognizes the need for sustained cooperation among the private sector, state and local governments, the federal government, consumer groups, and other stakeholders to realize smart grid benefits. The Policy Framework calls for continued investment in research, development, and demonstration; strong information sharing from smart grid deployments; better protection and empowerment of consumers; and a sound regulatory framework at the state and federal level. To ensure a secure grid, it endeavors to have the federal government facilitate the development of rigorous, open standards and guidelines for cybersecurity through public-private cooperation; and to work with stakeholders to promote a rigorous, performance-based cybersecurity culture, including active risk management, performance evaluations, and ongoing monitoring.
To improve smart grid security and address emerging needs and gaps, a multi-faceted approach will be needed that draws upon the specialized capabilities, knowledge, and economic resources of key stakeholders. The following steps can ensure these capabilities and resources are properly leveraged for this purpose.
1) Develop advanced technologies to create a resilient electricity infrastructure: The newly revised Roadmap to Achieve Energy Delivery Systems Cybersecurity provides a