Who will oversee the industry’s cyber standards? Effective security calls for a single organization to set standards that will protect the smart grid. The industry is struggling to reach consensus...
Securing Tomorrow's Grid (Part II)
Public-private collaboration to protect our infrastructure.
plan for organizing and leveraging public and private capabilities and resources to develop advanced cyber security technologies that respect the unique design and operating constraints of energy delivery systems and can provide the end-to-end security needed for a modern and resilient electricity system. Achieving the Roadmap goals will require continued collaboration among government and industry partners to pursue activities that are aligned with the Roadmap’s vision and aimed at creating a resilient infrastructure. As new technologies or capabilities are introduced, this partnership must encourage a thorough and continuous examination of potential cyber vulnerabilities. The electric sector’s growing culture of security should support a graded risk management approach for implementing new technologies that appropriately balances the benefits of the capability with its potential risks.
2) Encourage industry to share and adopt best practices: The early implementation of smart grid technologies has begun to uncover good practices for cyber security that improve interoperability, reliability, resilience, efficiency, and security across all phases of the technology life cycle. Industry and government can work together to formally define best practices in designing, implementing, and using smart grid technologies, and widely share that information through workshops, public-private partnerships, and education programs. This will enable all stakeholders to access user-friendly, actionable best practice information as it becomes available.
3) Build a dynamic security posture to address evolving threats: Changing and evolving threat profiles require flexible and dynamic approaches and technologies to continually enhance both the physical and cyber security posture of the electricity infrastructure. As the threat landscape continually evolves, security posture must adapt and be able to rapidly respond to incidents and new threat information. The goal is to deliver a speedy response to new information without affecting the core functionality and reliable operation of the infrastructure.
Industry and government should work together to continually monitor the threat landscape and integrate or upgrade physical and cyber security safeguards as new technologies are introduced and adversary capabilities evolve. All electric utilities, other electric service providers, microgrids, consumer systems, area operating centers, and regional coordinators must be included in this ongoing threat assessment, which should include new methods and procedures to exchange or distribute threat information.
4) Build a coordinated regulatory framework: Today’s patchwork of standards and regulations exists to address various aspects of the nation’s electricity system. No single regulatory authority addresses all aspects of the nation’s electricity infrastructure; jurisdictional boundaries include distinctions between state and federal regulatory authority, ownership differences between public and private power utilities, and the international connections with Canada and Mexico. State and federal regulators need to work together to implement comprehensive, end-to-end regulations to address smart grid issues common to both interstate bulk power transmission and localized distribution systems.
5) Address customer energy usage data sharing and privacy concerns: Smart grid technologies will greatly expand the amount of consumer data that can be monitored, collected, aggregated, and analyzed, which has raised privacy concerns. As smart grid capabilities are deployed, the need to protect consumer data and educate customers on privacy risks and mitigations will remain a central focus of cybersecurity efforts. Volume 2 of