NIST seeks input on Smart Grid Cybersecurity Guidelines

The draft document, NIST Interagency Report IR 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010. During the past three years, use of smart grid technology has expanded dramatically, particularly the number of smart energy meters on homes, and technology and laws have progressed as well. These changes prompted NIST to update its document.

"Millions of smart meters are in use around the country now, and as the smart grid is implemented we have gained more knowledge that required minor tweaks to the existing document," says NIST computer scientist Tanya Brewer. "There also have been legislative changes in states such as California and Colorado concerning customer energy usage data, and we have made revisions to the volume on privacy based on the changing regulatory framework."

NISTIR 7628 remains a three-volume document geared mainly toward cybersecurity specialists. Volume 1 contains mostly technical material for maintaining the security of the grid, including a reference architecture and high-level security requirements. Vol. 2 addresses privacy issues, containing a discussion of potential privacy issues in smart grid compared to other networked systems. Vol. 3 contains analyses and references that support the document's contents.

Brewer says most of the changes are minor additions to existing sections of NISTIR 7628, though there is a newly added section in Vol. 2 regarding privacy. While cybersecurity practitioners will most likely be its primary audience, Brewer says public utility commissioners, vendors and researchers also will find the changes of interest.