[BETA] Fortnightly

The advent of smart grid technology has raised new and challenging issues concerning data privacy. Of course, data privacy isn’t a new concern for the energy industry, as utilities have always collected customer data, some of which is common to any business, such as contact and credit information, and some of which is unique to the energy industry, such as usage and demand data.

NERC’s critical infrastructure protection (CIP) standards set a minimum level of security performance—and only for high-voltage transmission systems, not the distribution grid. A compliance-checklist approach to security might lack the adaptability needed to combat evolving threats like the Stuxnet worm. A multi-layered, risk-based approach will provide better protection for the emerging smart grid.

Smart grid technologies bring a host of cyber security considerations that need to be addressed throughout the T&D domain—and even into the customer’s home. In this exclusive report, Department of Energy authors team up with industry experts to examine how to deal with the changes and challenges of securing the smart grid.

Four years ago, Congress made its wishes known: it tabbed the National Institute of Standards and Technology to develop a set of standards for the smart grid, and then instructed FERC, the Federal Energy Regulatory Commission “adopt” those standards, but only after finding a ”sufficient consensus,” and only “as may be necessary” to assure “functionality and interoperability.” Yet what is known is not necessarily clear. Who decides if consensus prevails? What does “interoperability” mean? Should FERC’s “necessary” finding extend to retail smart grid applications, arguably outside its purview? And the biggest dispute — must standards be mandatory? — finds PJM at odds with much of the utility industry.