State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
Securing Tomorrow's Grid (Part II)
Public-private collaboration to protect our infrastructure.
NIST Interagency Report 7628: Guidelines for Smart Grid Cyber Security identifies many of the smart grid challenges with data sharing and privacy issues and provides a starting point to address them.
Existing data protection laws and regulations offer some privacy protection, but the smart grid introduces a new use of private information that current policy might not adequately address. New guidelines and regulations are needed to inform the privacy practices and policies of smart grid stakeholders and give consumers confidence that their data is being properly used and protected. Federal, state, and local regulators must work with industry to develop policy frameworks for sharing data in a manner that is secure, protects privacy, and addresses other information sensitivities.
6) Develop secure interoperability standards: Numerous utilities, third-party services, and other stakeholders will be deploying large numbers of intelligent devices and systems, with the expectation that they will easily and reliably integrate and operate together across the grid. By designing and building to interoperability standards, vendors can ensure their systems and components will integrate with those from other vendors. Industry organizations continue to work with numerous government organizations to develop interoperability, wireless, and other standards that will ensure higher security and reliability of smart grid components. Industry and government should continue working to refine and develop standards that enable responsiveness to rapidly evolving threats and technologies.
7) Promote open information sharing between industry and government: The limited exchange of threat, vulnerability, and incident information can prevent the sector from building the business case necessary to increase private investment in cyber security. Stakeholders also need credible, actionable, and timely information to prepare for potential threats and rapidly mitigate power systems vulnerabilities before they are exploited. Government and industry should work together to build a secure forum for information exchange that brings the right people to the table and clarifies roles and responsibilities. The forum should enable information sharing to and from government, but also among owners and operators. This will give each stakeholder the confidence and a clear mechanism to share information that could be critical to others. The government must also work with industry to establish a legal framework for effective information sharing that addresses the regulatory, privacy, or pricing sensitivity issues that create legal barriers or disincentives for vulnerability and incident disclosure.
Smart grid technologies promise to deliver a grid that is more reliable and resilient, and able to more readily withstand and recover from malicious and natural acts. As government, industry, and academia work to develop advanced technologies and new cyber controls, they have the opportunity to get security right by building an infrastructure that thoroughly addresses cyber needs in every component. Continued commitment by the private and public sector will be needed to mitigate immediate issues in the short term and address the long-term needs of a smarter grid.
1. U.S. Department of Energy, “ interactive energy Roadmap .”
2. Roadmap to Achieve Energy Delivery System Cybersecurity, U.S. Department of Energy, 2011.
3. National Institute of Standards and Technology, “Smart Grid,” last updated Feb. 16, 2011.
4. See smartgrid.gov for