NIST seeks input on Smart Grid Cybersecurity Guidelines

NISTIR 7628 Revision 1 updates NIST guidelines for smart grid cybersecurity, integrating smart meter expansion, privacy regulations, reference architecture, and security requirements to help utilities, vendors, and regulators improve compliance, risk management, and data protection.

The National Institute of Standards and Technology NIST is requesting public comments on the first revision to its guidelines for secure implementation of "smart grid" technology.

The draft document, NIST Interagency Report IR 7628 Revision 1: Guidelines for Smart Grid Cybersecurity, is the first update to NISTIR 7628 since its initial publication in September 2010. During the past three years, use of smart grid technology has expanded dramatically, particularly the number of smart meters on homes, and technology and laws have progressed as well. These changes, along with questions about smart grid security across the sector, prompted NIST to update its document.

"Millions of smart meters are in use around the country now, and as the smart grid is implemented we have gained more knowledge that required minor tweaks to the existing document," says NIST computer scientist Tanya Brewer. "There also have been legislative changes in states such as California and Colorado concerning customer energy usage data, and we have made revisions to the volume on privacy addressing privacy and security risks based on the changing regulatory framework."

NISTIR 7628 remains a three-volume document geared mainly toward cybersecurity specialists. Volume 1 contains mostly technical material for maintaining the security of the grid and its industrial control systems operations, including a reference architecture and high-level security requirements. Vol. 2 addresses privacy issues, containing a discussion of potential privacy issues in smart grid compared to other networked systems. Vol. 3 contains analyses and references that support the document's contents.

Brewer says most of the changes are minor additions to existing sections of NISTIR 7628, though there is a newly added section in Vol. 2 regarding privacy. While cybersecurity practitioners will most likely be its primary audience, Brewer says public utility commissioners, vendors and researchers exploring smart meter security also will find the changes of interest.

Related News

• Electricity Forum News

• Grid Technologies News