Who will oversee the industry’s cyber standards? Effective security calls for a single organization to set standards that will protect the smart grid. The industry is struggling to reach consensus...
Securing Tomorrow's Grid (Part II)
Public-private collaboration to protect our infrastructure.
Reinvestment Act (ARRA), DOE’s Office of Electricity Delivery and Energy Reliability (OE) is collaborating with NIST and industry organizations to continue developing a framework and roadmap for interoperability standards, while ensuring cyber security is a key consideration 3 (see sidebar, “NIST 7628: Framework for Progress”) . OE is also partnering with a consortium of leading utilities to support ASAP-SG in developing a set of vendor-neutral security profiles that provide baseline security controls for a given smart grid application. Four security profiles have been completed, offering guidelines for securing advanced metering infrastructure (AMI), third-party data access, distribution management systems and most recently, wide-area monitoring, protection, and control applications ( i.e., synchrophasors). Each profile defines a scoping boundary and provides a reference architecture including a set of use cases, a failure analysis, and a set of required controls specifically applied to devices and components according to their functional responsibilities.
Most recently, DOE announced a public-private investment of $16.5 million to form the National Electric Sector Cybersecurity Organization (NESCO) to help improve electric system reliability by supplying data analysis and forensics capabilities for cyber-related threats. Led by the Energy Sector Security Consortium Inc. (EnergySec), it also is creating a framework to share information, best practices, resources, and solutions among domestic and international electric sector participants. Funding also supports the development of NESCOR, the National Electric Sector Cybersecurity Organization Resource, which is led by EPRI and conducts assessment and analysis of cyber security requirements, results, and standards in addition to testing security technologies in labs and pilot projects in support of NESCO.
These (and others described in the sidebar “Collaborating on Cyber Security”) represent only a selected handful of the many ongoing collaborative efforts that combine industry leadership and public support to advance cyber security R&D specifically for future smart grid applications.
Cyber Security in ARRA Investments
In November 2009, Congress placed greater emphasis on a nationwide plan to modernize the electric power grid, enhance the security of U.S. energy infrastructure, and promote reliable electricity delivery. Through ARRA , Congress provided DOE with $4.5 billion to jumpstart grid modernization through smart grid programs previously authorized by the Energy Independence and Security Act of 2007 (EISA). DOE leveraged the ARRA funding to create a public-private investment opportunity worth a total of more than $10.3 billion ($4.5 billion of DOE funds leveraged with $5.8 billion of private sector funds). Most of this funding supports implementation of 131 grants and projects across the country. 4
Each project recipient committed to implement a cyber security plan that includes an evaluation of cyber risks and planned mitigations, cyber security criteria for device and vendor selection, and relevant standards or best practices the project will follow. The cyber security plans must address the following points:
• How cyber security risks will be mitigated;
• What criteria will be used for vendor and technology selection;
• The relevant cyber security standards that will be followed (or in the absence of standards, what industry best practices will be used); and
• How emerging smart grid cyber security standards that are currently being developed